Privacy in the Digital Age: The Necessary Actions

In Part One, Privacy in the Digital Age: The Issues, we discussed several cases involving the amount of data that is available and the lack of privacy laws. Today we’ll look further into what we need to do as consumers, governments and companies to address these problems. We need to be proactive instead of reactive if we want to keep our data safe.

What we can do as Consumers and Users:

1) Before you jump on the bandwagon with the newest tech trend, READ THE TERMS AND CONDITIONS. READ THE PRIVACY POLICY. Check what an app is asking permission to access before downloading. Don’t just trust them. For example, not everything needs access to your microphone and camera. Then decide if the data that will be collected on you is worth what you get from the tech.

2) Know your rights before you hand over information. Do you have to give your cell PIN to police? Must you turn over data from Alexa? Figure it out before you do.

3) Protect your own data. Read our previous post – Protect Your Identity Like a Trade Secret. Then, educate yourself about phishing. And find out how to protect your email accounts.

4) Be an advocate. Check out organizations like the Electronic Frontier Foundation (EFF). Join petitions like #OwnYourData. Research to decide what side you are on and write to your government representatives. If you believe in the use of DNA databases to find familial links to criminals, upload your data to GEDmatch. Do something!

According to Brad Smith, a Microsoft President, we are at a crisis point with the lack of privacy and should treat it that way. He believes that the issue needs to be handled from both the government side, with more laws like GDPR and the legislation in California, and with industry itself. What are some actions government and industry should take?

What Government must do:

“It’s clear the public is nearly as skeptical of government claims around privacy and security as they are of the same claims coming from social media companies. Since we’ve seen governments and social media firms mishandle private data, often egregiously, this shouldn’t be surprising. Additionally, many politicians and law enforcement officials wish to use surveillance tools and backdoors that most consumers associate with authoritarian regimes, not democracies. If we can’t trust governments to protect sensitive personal data, it’s difficult to imagine how they will be able to regulate the private sector effectively.“

Kevin Bocek, Vice President of Security Strategy and Threat Intelligence at Venafi

1) Update the laws. If companies are not going to protect us, we need strong legal repercussions for mishandling of data. We need more legislation protecting consumer rights and setting data protection requirements. To bring that survey up again “As many as 80 percent say social media companies that store personal data should be subject to stricter regulations.” Listen to your constituents and take action.

2) Be more transparent and protect the data you already have. Make data security a priority. Because if we don’t trust the government with our data, how do we trust them to regulate others? The survey also states that, “Among other findings only 30 percent believe governments can be trusted to protect their personal data.” Show us we’re wrong and help protect the people who elected you.

What Companies must do:

1) Be transparent. This goes for you too. We need informed consent. Make it easier for consumers to see what they are agreeing to when they sign terms and conditions. And let us know what you are doing with our data.

2) As always, educate yourself. There’s a plethora of information on how companies can improve their data privacy and security such as this article from Security Magazine.

3) Any company that deals with consumer data needs to consider privacy as they develop products and services. It simply cannot be an afterthought. Make sure you are using encryption on PII. Have a plan for responding to legal requests. Make privacy and security an important step in R&D. Educate any employee with access to sensitive data about phishing, ransomware and privacy in general.

If you prove you can protect our data, then maybe we don’t need more legislation, but you must take responsibility.

In short, we rely on Law Enforcement to protect us and keep us safe. Obviously, we want them to have the tools they need to find and prosecute criminals. We know companies are creating technology that makes our lives easier and sometimes it needs our data to do so. But we also want to know that our data is being used responsibly. I want to know that legal requests are sent through proper channels before my data is handed over to authorities. I also want to know that my social security number or credit card information is encrypted where it’s stored. And I want to know that my information isn’t being sold by a company or used to negotiate for higher sales.

Above all, we need consumers, companies and governments to take this matter seriously. We need movement and open discussions. It’s time to take action. The issue of data privacy has been sidelined for too long.