Cyber Defense Magazine
By Zack Schuler, founder, and CEO of NINJIO
How many times have you shared a piece of personal information online over the past year? If you’re adding up all your Facebook and Instagram posts, think bigger – recall every time you typed in a credit card number, provided your email address, or answered a security question. Now think of all the websites you’ve visited: How did you browse? What did you buy? Which links did you click? Consider every time you unlocked your phone or tablet just by staring at it.
If you actually tried to take an inventory of all the information you share online (intentionally or otherwise) in a year, it would be a monumental task. According to Nielsen, the average American now spends more than four hours per day online across various Internet-connected devices. As you go about your business online, you’re generating a huge amount of data – from your vast browsing and search history to all the identifying information you provide to how you navigate from one section of a website to another.
All this information is becoming increasingly valuable to companies that are capable of acquiring, analyzing, and of course, monetizing more of it than ever before. But as we’ve learned again and again over the past several years, companies don’t always have consumers’ best interests in mind when they collect, use, and sell their data. And even when they do, they sometimes suffer data breaches that expose millions of customers’ sensitive personal information to hackers and other malicious actors.
The status quo surrounding data privacy and security has needed to change for a long time, which is why governments and international bodies are taking action. From the EU General Data Protection Regulation (GDPR) to the California Consumer Privacy Act (CCPA), it’s clear that laws and regulations on consumer data will only become stricter in the coming years.
But companies should welcome this shift – consumers have dwindling patience for opaque, careless, and even exploitative data practices and companies that use their data productively and responsibly are the ones that will earn their loyalty.
How GDPR and CCPA reflect consumers’ priorities
GDPR and CCPA both contain provisions that give consumers more control over the acquisition, use, and storage of their data. For example, they require companies to disclose what information has been collected and how it’s being used – reports that must be provided free of charge. They also empower consumers to instruct companies to delete personal data and refrain from sharing it with third parties.
According to several years of survey data from the Pew Research Center, Deloitte, and PwC, consumers consistently say they’ve lost control over their personal data. And when Akamai recently asked American consumers what they thought about new rules in Europe that “force companies to provide consumers with greater privacy, security, and control of their personal data,” 66 percent of them said, “more governments should pass such laws.” Gov. Jerry Brown signed CCPA into law just months before the survey was conducted.
Companies should remember that new data privacy and security regulations aren’t just a way for meddling bureaucrats and lawmakers to make their lives more difficult. They’re consistent with consumers’ expectations and demands, and they’re necessary to ensure that sensitive personal data are being handled responsibly.
Change the conversation about customer data
As consumers become more concerned about their personal information, it’s crucial to reframe the conversation about how, and perhaps more importantly, why you’re collecting their data.
A 2018 survey released by the Data & Marketing Association and Acxiom revealed that 58 percent of consumers are “open to engaging in data exchanges with businesses if the benefits received in return for their personal information are clear.” Despite the increasing awareness of data misuse, consumers recognize that many of their favorite services – from personalized media content (think Spotify and Netflix) to more user-friendly apps and digital products – rely on the large-scale collection and analysis of consumer data.
With GDPR already in force and CCPA going into effect on January 2020, now is an ideal time to have an open discussion with your customers about your efforts to comply with the regulations, your data privacy, and security policies, and how their information is being used to improve the products and services you provide.
CCPA doesn’t just give consumers the right to know which types of personal information are being gathered – it also requires companies to disclose the commercial purpose of their data collection. But for responsible data managers, this shouldn’t be a threat – it should be a welcome opportunity to demonstrate that they handle their customers’ sensitive personal information responsibly and use it to make their lives better.
Go beyond mere compliance
A recent PwC survey found that 82 percent of consumers say “government should regulate companies’ use of data,” while 80 percent “agree government regulation of new technologies is crucial for consumer protection.” However, 72 percent “believe businesses, not the government, are best equipped to protect them.” Consumers recognize that a new regulatory framework isn’t a panacea – companies will have to overhaul their data management strategies on their own.
Any company that collects data on California consumers is bound by CCPA, even if it isn’t based in the state (which is also how GDPR functions with companies outside Europe that collect data on EU citizens). This is why these regulations are permanently altering the digital security and privacy landscape for everyone – a huge number of companies are already required to observe them, which means new legal norms and consumer expectations are being established.
Instead of reactively developing data privacy and security standards that keep your company in compliance, you should be actively anticipating future laws and regulations. This means establishing rigorous and transparent data policies, thoroughly vetting the third parties you work with, developing comprehensive compliance and cybersecurity employee training programs, creating channels for customers to submit requests for information about their data, and preparing for future consumer demands and changes in the regulatory environment.
Companies that truly value their customers’ security and privacy don’t need lawmakers and regulators to tell them what to do – protecting the integrity of their customers’ data is already their top priority.
About the Author
Zack Schuler is the founder and CEO of NINJIO, an IT security awareness company that empowers individuals and organizations to become defenders against cyber threats. He is driven by the idea of a “security awareness mindset,” in which online safety becomes part of who someone is. This mentality is what gives people the ability and confidence to protect themselves, their families, and their organizations. Prior to launching NINJIO, Zack was the founder and CEO of the IT services company Cal Net Technology Group. Over the course of fifteen years, what started as a solo-preneur venture from the trunk of his car turned into a multi-million dollar business. Cal Net was acquired by Olympic Valley Capital in 2013.
In addition to his entrepreneurial pursuits, Zack is a member of the Forbes Technology Council and is on the board of governors for Opportunity International, an organization that provides microfinance loans, savings, insurance, and training to over 14.3 million people who are working their way out of poverty in the developing world.