On a Monday, there is a data leak affecting half a billion Facebook accounts, by Tuesday a bot has scraped 500 million LinkedIn accounts. On Wednesday, Stanford University announces a hack that exposed thousands of social security numbers and financial details. Then Thursday, the world’s largest aviation IT company announces 90 percent of passenger data may have been accessed in a cyber-attack. And so on. The cycle is endless.
The sheer number of reports of data leaks, hacks, and scams on affected accounts has now grown so gargantuan that consumers and users are left numb. It might as well be the soaring national debt total —the higher the number, the less we care.
But breaches of private data matter. And consumers should be rightly ticked off.
Because for every company screw-up, hacker exploit, and insecure government database, there are thousands of firms and organizations doing it right, keeping users’ data secure, encrypted, and away from prying eyes.
And although states like California, Virginia, and Vermont have passed privacy and data laws, many of these provisions too closely resemble the European Union’s troubled General Data Protection Regulation (GDPR) in making it more difficult for legitimate businesses to secure data, not less.
When large data breaches occur, consumers who have been legitimately harmed should have their claims heard in court.
But the current patchwork of regulations across the U.S., including in the tech-centric state of California, place too much of a burden on those who are follow the law and do right by their customers, and risk creating different rules in different jurisdictions. To avoid this, a national framework on data and consumer privacy will need to take shape.
While we should always be vigilant about potentials for leaks and hacks, a chief concern of a smart and common-sense data privacy bill should be in championing innovation.
For every new health data company, logistics firm, or consumer wearable, proper data collection and retention are a core value. The more that rules are uniform, clear, and do not create barriers to entry, the more innovation we will see when it comes to data protection.
We should incentivize firms to adopt interoperability and open data standards to ensure data is portable and easy-to-access for users. Major social media networks now allow this prevision, and it has been the standard for website data for several years.
If that becomes the standard, consumers will be able to choose the brands and services that best cater to their needs and interests, rather than just companies left standing in the wake of overregulation.
At the same time, if we are to have a national privacy bill, we should enshrine the principle of technology neutrality, where government avoids decreeing winners and losers. That means that regulating or endorsing various formats of data, algorithms, or technology should be determined by firms and consumers, not government agencies without the knowledge necessary to make good decisions. The EU’s recent attempt to designate the “common phone charger” as the micro-USB connection, at a time when USB-C connections are becoming the industry standard, is an easy example.
This also extends to innovation practices such as targeted advertising, geo-targeting, or personalization, which are key to the consumer experience.
Added to that, we should be wary of all attempts to outlaw encryption for both commercial and personal use.
In recent weeks, FBI Director Christopher Wray has once again called on Congress to ban the use of encryption, an overreach that would put billions of dollars’ worth of data at risk overnight, and leave us vulnerable to foreign hackers.
He is joined in these efforts by Sens. Lindsey Graham (R-SC), Tom Cotton (R-AR), and Marsha Blackburn (R-TN), who introduced a bill that would forever ban this important cryptographic invention, warning it is used by “terrorists and other bad actors to conceal illicit behavior.”
The reason encryption remains a powerful tool in the arsenal of companies and agencies that handle our data and communications is because it works. We must defend it at any cost.
While there is plenty to be concerned about when it comes to online breaches and hacks, consumers should be able to benefit from an innovative marketplace of products and services, unencumbered by regulations that all-too-often restrict progress.
This balance is possible and necessary, both if we want to have a more secure online experience, and if we want to continue to have the best technology at our disposal to improve our lives.