SecureState Blog

Read SecureState's award winning blog.

Data Privacy Day, January 28, is an internationally recognized day whose purpose is to raise awareness of data privacy and promote data privacy education. It currently is held in the U.S., Canada, and 27 European countries.

In light of this effort, let’s examine the topic of data privacy: why it’s important, what consumers aren’t doing right, and what businesses must start doing better.

Last week another seven new breaches were made public (1). A recent study places lost personal records at over 806 million between 2005 and 2010 (2), and another 32.3 million since then (1). What does this mean for consumers? What does this mean for businesses? The much over-quoted, then Sun co-founder and CEO Scott McNealy opines: “You have zero privacy anyway. Get over it.”

Consumers are desensitized to breaches, as evidenced by the meager response rate of consumers applying for free credit monitoring services after a company breaches their personal information. If you analyze the data that was breached, sometimes you have to ask, “Why are they even collecting all of that data?” The types of data collected often are articulated in corporate privacy policies, but few consumers bother to read Privacy Policies to better understand what companies collect. If consumers don’t demand better safeguarding of their personal information, businesses have little incentive to invest resources in protecting it!

As businesses decide how to leverage their information assets, including the terabytes of consumer data, the privacy trend is growing increasingly unfavorable! Google, for example, is combining some 60 Privacy Policies. Google probably was counting on no one reading their new Privacy Policy. Also recall the April Fool’s Day prank by Game-Station which added an “immortal soul clause” to their privacy policy – a clause thousands of customers unwittingly agreed to! Why can’t those lengthy, arcane privacy policies be written in succinct, plain English?

A paradigm shift is needed. Businesses must do three things:

  • Collect less personal information
  • Do a better job securing that information
  • Better explain, in plain English, what they collect and what they do with the data collected 

But consumers are not devoid of responsibility. Consumers need to read privacy policies and make cognitive decisions as to which companies they wish to do business with. If we don’t all take an active role in privacy, Saturday will be an oxymoron and just wishful thinking. Maybe Scott McNealy was right. Happy Data Privacy Day 2012!

Sources

  • Privacyrightsclearinghouse.com
  • The Leaking Vault 2011, Six Years of Data Breaches, <span > Suzanne Widup, August 2011