By Jake Welling
Have you heard someone say that it doesn’t matter how much of their data is collected because they have nothing to hide?
You may have said this very same thing at one point in your life. In recent years, data privacy has become an important topic on a government, company, and individual level. New laws, such as GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act), have been enacted to protect customer privacy. Why is data privacy so important?
In this article, I will explore the importance of data privacy, the obligation that companies have to keep our data private, and what we as consumers can do to protect our data.
The Importance of Data Privacy
Most online services collect massive amounts of data about us. The data that is collected helps companies advertise, make important decisions, and provide better user experience.1
For example, when a person’s data is mixed with the data of millions of other users, companies can make predictions about what they think those consumers will like. This could be product recommendations on Amazon, tailored jobs on LinkedIn, or suggested accounts to follow on Instagram.
On one hand, this can be very helpful and add great value to our lives. But some companies end up overstepping their bounds, gathering more information than they should, and misusing consumer data. We will discuss what companies and consumers can do to make sure this doesn’t happen.
Data privacy is concerned with “ensuring the data any given corporation processes, stores, or transmits is ingested compliantly and with consent from the holder of that sensitive data.”2 Our data should be stored and processed correctly by corporations and used only with our consent.
The way that our data is protected is called data security. Data security is “securing or protecting personal data from any unauthorized third-party access or exploitation.” While differences between data privacy and data security exist, they are very interconnected.2 For example, information that is lost in a data breach (security), could be the information that we allowed the company to collect about us (privacy).
In the case of a data breach, our information can be exposed and used against us. This data could include emails, credit card information, birth dates, and more. With the information stolen from a data breach, hackers can also access other sites that we use.
Data breaches that contain personal information can be costly. In the 2021 Cost of Data Breach Report by IBM, the average cost of personally identifiable information in a breach is $180.3 This is money that the company loses, and the stolen personal information may become available to the public.
Fortunately, laws including GDPR and CCPA protect the information of the consumer and provide guidelines for data collection, consumer rights, and security responsibilities of companies.
These laws assist us in controlling our data, but ultimately it is up to the companies and consumers to control how consumer data is stored, processed, and protected.
Company Responsibility
Companies should do their best to protect consumer data. They can do this by ensuring customer consent, collecting only the necessary data, and anonymizing data.
Asking for Customer Consent
To comply with GDPR, companies generally need a privacy policy that tells their customers about the information they are collecting, and why they are collecting it. Since some companies collect so much data, privacy policies can be very long and difficult to read. This is often problematic because it keeps most people from reading the policies.
Peter Leonard explains the consequences of neglecting to read privacy policies. He says, “Even when I am presented with terms explaining particular data uses, life is too short for me to read and evaluate the terms. The result: I do not knowingly and reflectively give consent to particular uses.”4
To help customers understand what they are sharing, companies have the responsibility to create simple, easy-to-understand privacy policies for everyone.
Collecting Essential Information
Another essential principle from GDPR is data minimization. Companies should only collect the data necessary for the processes that are performed at the company. Companies can evaluate whether the data they collected is necessary and adequate. 5 They can do this by doing an internal review or hiring an external company.
If data is unnecessary, companies should remove it from their systems. This practice will keep consumer data safe and ensure companies aren’t collecting too much information.
Anonymizing Data
Companies can also protect data through anonymization, which removes the ability to recognize whose data it is. When companies want to transfer data or use it for analysis, they should remove personally identifiable information from the data. This will keep those without authorization from knowing that the data is about the individual.1
When a company keeps information anonymous, it actually costs them less in the long run. If the company is involved in a data breach, it will lose significantly less money per record compromised if the data is anonymized, as shown in Figure 1.1.
Anonymization benefits both the company and the customer, especially in the event of a data breach.
Consumer Responsibility
Now that we have reviewed what companies can do to protect our data, here are some things we as individuals can do to take control of our data privacy:
Exercising the Right to Access
If a company follows GDPR, we can ask them for all the personal data that is kept about us. Generally, if the company is large, they will have an automated process where the data can be requested on their website. If they don’t, we can request the data by email or phone.6
The type of information that is stored may be different for each company. In one study, researchers requested their personal data from a variety of companies. The information that was provided included social security information, payment history, messages, calls, geographical coordinates, phone numbers, and much more.6 Much of this information is important to us and impacts our daily lives.
Requesting data can be very enlightening because it shows all the types of data that have been collected by a company. For example, when I downloaded my data from Google, I was surprised to discover just how much of my location data was collected. I was glad to see that, after I changed my privacy settings, the location data was no longer recorded.
Reviewing Privacy Settings
Many companies, especially those with social media presence, give us the option to view our privacy settings and change how much data we want to share with them. This is usually accomplished in the app’s settings or on their website. This can help us feel more comfortable with how much data we are sharing with a company and keep the company from collecting data that we feel is unnecessary.7
Securing Accounts
We can also protect data that has already been collected. To do this, we should invest in anti-virus and malware software and back up our data.7 We can use password managers and multi-factor authentication to ensure that no one gains access to our information.
Final Thoughts
Think of all the items you have in your home. There are many things you probably work to keep safe: sensitive documents, expensive gadgets, or family heirlooms. You probably also have important conversations that you keep private.
Our level of security should be the same when we are online. Our digital information is important, and we should work to protect it. If we don’t protect our online accounts, we can lose control of our personal information. This information will begin to be owned by another company and can even be used against us for cyberattacks.
Employing the suggestions made in this article, companies and customers can work together to keep our data safe and private.
Notes
- Abrar, M., Zuhaira, B., & Anjum, A. (2021). Privacy-preserving data collection for 1: M dataset. Multimedia Tools and Applications, 80(20), 31335-31356. doi:http://dx.doi.org/10.1007/s11042-021-10562-3
- (2020). Difference between data privacy and data security. GeeksforGeeks. https://www.geeksforgeeks.org/difference-between-data-privacy-and-data- security/
- How much does a data breach cost? (2021). Armonk, New York: IBM.
- Leonard, P. (2020). Beyond data privacy: Data “ownership” and regulation of data-driven business. Scitech Lawyer, 16(2), 11-15. http://erl.lib.byu.edu/login/?url=https://www.proquest.com/scholarly- journals/beyond-data-privacy-ownership-regulation- driven/docview/2369757588/se-2?accountid=4488
- GDPR EU. (2021). GDPR—user-friendly guide to general data protection regulation. https://www.gdpreu.org.
- Sørum, H. & Presthus, W. (2021). Dude, where’s my data? The GDPR in practice, from a consumer’s point of v Information Technology & People, 34(3), 912-929. doi:http://dx.doi.org/10.1108/ITP-08-2019-0433
- Vaidyanathan, A. (2021). What is data privacy and why is it important? Business World. http://erl.lib.byu.edu/login/? url=https://www.proquest.com/magazines/what-is-data-privacy-why– important/docview/2572471781/se-2?accountid=4488.
Very organized and well-written article! It encouraged me to pay more attention to the personal data that is collected.