TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Privacy Perspectives | Who’s responsible for the data breach epidemic? Related reading: A new approach to combating data breaches

rss_feed

""

""

Another day, another data breach. Only today, it’s not just a data breach. It may be a lawsuit, or the reason hundreds of investors dump stocks and jump ship.

We’ve reached a breaking point in regards to consumer privacy and data security. Data breaches have become a fact of business; and, as consumers, we’ve resigned to the idea that our information will be stolen soon, if it hasn’t already been compromised. Today, we’re beginning to see the fingers pointed.

In the beginning, companies may have gotten away with a statement: “We were unaware of a vulnerability, and have corrected the problem.” Or, “This breach was caused by negligence on the part of an employee who has since been removed from the company.” All was well. Over time, however, the companies that foot the bill for breach-related fraud have begun connecting the dots.

Today’s data breaches present very real and measurable impacts on the success of the companies where data originates. And so the blame now bounces from stakeholder to stakeholder, moving resources away from protective measures and directly toward reputation management. 

So whose fault are data breaches anyway?

Fifteen years ago when the digital world was new, a data breach would’ve involved a lost or stolen device – a very large computer or storage disc – as it made its way from one point to another. Today, data flows freely between computers, data centers and nodes, creating countless information highways.

What’s more, the traffic controls on those highways have not changed much over time. Encryption remains the standard in protecting data, no matter what format and for what purpose it’s used. In most cases, this has served us well; however, there are obvious vulnerabilities that hackers freely exploit.

We learn almost daily about a new case of compromised information. In one notable case it’s been an embarrassing list of website users looking to outsource their romantic desires; other cases have included every detail necessary to file a tax return in your name or to take over your bank account and drain the balance.

During the coming years we can expect countless products designed to leverage our personal behaviors and information in new ways. Surely, there will be plenty of technologies meant to better our daily routines. Already, we wear bracelets that tell us to exercise, adjust thermostats that anticipate when we’re cold or hot, and subscribe to services that know which TV shows or movies we would enjoy.

But in order for these entrepreneurs and technologies to be successful, we as business leaders need to make some adjustments to the way we think about and use sensitive data. We cannot rely on regulators to be the sole advocates for consumer privacy. Technologists must take the driver’s seat in protecting consumer interests.

If you’re looking for someone to take the hit for the dozens of data breaches discovered each month, you probably won’t find a single hacker or company to blame. Our current situation evolved from years of innovation without ever stopping to consider all potential side effects.

In 2010, Privacy by Design principles were recognized at the International Conference of Data Protection and Privacy Commissioners as an “essential component of fundamental privacy protection.”

It’s not enough that we ask ourselves after creating a technology, “How can we prevent this from causing harm?” That’s how vulnerabilities are sustained. It’s at the idea stage when we need to consider how a new product, process or business model impacts people – before pen is ever put to paper or the first “here’s an idea” email is sent.

As the acclaimed Internet of Things grows bigger and stronger, the U.S. Federal Trade Commission is calling for adoption of data minimization standards among technologists to prevent a massive outbreak of detailed information about our daily lives.

If you’re in the business of anything these days, you are probably collecting, trafficking and/or storing information about your customers. That means you, as a stakeholder in data sharing, have the responsibility to ask yourself if your business practices are creating any unnecessary risks to consumer privacy and weigh the benefits with the consequences of a potential data breach. 

You may not be responsible for the data breaches we hear about every week; but you and I are responsible for ending them.

photo credit: Question everything via photopin (license)

1 Comment

If you want to comment on this post, you need to login.

  • comment Allen Brandt • Jul 6, 2016
    When I saw the headline for this article, I was thinking it might go in a different direction: that we (consumers) are largely responsible for the data breach epidemic.
    
    Consumers choose convenience over security every time. Look at the new EMV-enabled credit cards. In Europe, they are chip and pin, while the US is chip and signature. Why: because card issuers are on record saying that they are afraid consumers would forget their PIN and not be able to complete transactions, even though the PIN offers an additional level of protection for both the merchant and the card holder.
    
    At least a third of smartphone users don't have any password, PIN or lock mechanism on the device that they have with them all the time and contains an amazing amount of personal data. And how many people use 2-factor authentication when it's available? I'd bet less than half. This is a recipe for disaster.
    
    Perhaps companies need to offer a special benefit to users who enable protection technologies or take something away from those who don't, but until the vast majority of people are willing to trade a bit of inconvenience for far better security, I feel that there is no end in sight.