As cybersecurity incidents increase each year, even the most techno-savvy security experts are not sleeping easy over personal data protection problems.
With so many data breaches in which millions of customer accounts, credit card information, and Social Security numbers have been compromised, it is understandable when consumers get angry at the violation of their privacy.
In response to consumer outcry, more than 60 jurisdictions around the world have proposed or enacted privacy and data protection laws. According to Bart Willemsen, an analyst at Gartner Inc, a global research and advisory firm, people are demanding for personal data protection and lawmakers are trying to respond to those concerns.
Part of the problem with consumer data privacy is that most companies are not forthright about their data handling policies. According to a study by the Direct Marketing Association, 86 percent of survey respondents said organizations should be more transparent with users about how they interact with customer information.
And though there is no shortage of security solutions aimed at reassuring consumers, and many organizations have made efforts to establish a culture of cybersecurity, data privacy and security is still a major challenge.
In 2019, IBM estimated the cost of data breaches at $3.92 million per incident. In addition, data breaches cause irreparable harm to brands and consumer confidence.
While there is some comfort in the fines levied against the offenders such as the UK’s Information Commissioner Office’s (ICO) £183.39 million (approximately US$ 230 million) fine to British Airways in July 2019 after a data breach that occurred in 2018 exposing more than 500,000 customers’ data, and Equifax’s $700 million fine as part of a settlement over its 2017 data breach, consumers still feel companies are not taking data privacy seriously.
[For an overview of what some countries and U.S. states are doing to regulate consumer data privacy protections, check out our articles about GDPR, about a U.S. Federal effort, about California’s data privacy legislation, and about other efforts in states like New York, Massachusetts, and Washington.]
And in spite of the fines, no form of compensation can undo the harm done to people who have to live with the long-term effects of cybercriminals selling their data to the highest bidder. Data breaches have the ability to haunt victims for years as it was evident with the 2015 Ashley Madison data breach victims where hackers came back with threats of exposing their information unless they were paid in Bitcoin.
To reduce incidences of data breaches, consumers want organizations to take more proactive rather than reactive actions to protect their data. Encryption is one technique for reducing access to breached data that all organizations handling sensitive data should be using, but some still aren’t. Encrypted data is extremely hard to decode and most cybercriminals are unable to decrypt such data or find decrypting it too expensive. Fortunately, data encryption is not hard as most modern systems support it, meaning that for most companies, they just need to make the effort to switch their data storage over to being encrypted.
Going forward, it is not going to be business as usual for organizations that violate personal data protection laws as consumers and regulators intend to hold companies responsible for breaches that expose user data to cybercriminals.