What GDPR, CCPA and a heightened focus on data regulation worldwide means for businesses
2018 was a landmark year for data privacy. Some of the biggest companies in the world fell victim to data breaches, compromising the personal information of millions of people worldwide. Whether through sophisticated cyberattacks, software glitches or the simple mishandling of customer data, the likes of T-Mobile, Quora and Google were among the big names forced to admit they suffered breaches.
Some were repeat victims (or offenders, depending on how you look at it) of data breaches. Facebook suffered several major breaches and incidents that affected more than 100 million of its users in 2018.
It is therefore little wonder that US consumers are increasingly concerned about how their personally identifiable information (PII) is handled. One report by SAS shows that almost three-quarters (73 percent) of consumers said their concern over the privacy of their personal data has increased in the past few years, while another report puts the figure even higher, with almost 88 percent of US consumers harboring concerns when it comes to the privacy of their PII data online in 2019.
GDPR: a blueprint for the US and the CCPA?
2018 was not only a milestone year in terms of the frequency and scale of cyberattacks; the Global Data Protection Regulation (GDPR) was introduced by the European Union (EU) in May 2018 to not only help regulate against such occurrences, but to put the power back into consumers’ hands when it comes to data privacy.
Now in 2019 the US is set to follow suit. This has started at individual state level with the California Consumer Privacy Act (CCPA), which will take effect in 2020. The act is designed to provide Californian residents with access to any personal information that is being collected about them, and to find out whether their PII is sold or disclosed and to whom – as well as the power to deny the sale if they wish.
Elsewhere Vermont has become the first state to enact a law regulating data brokers who buy and sell personal information.
The move to ensure consumer data privacy rights are also being taken up at federal level with the US Senate holding its first committee meeting in September to examine how lawmakers can protect consumer privacy. Further, in early November the Consumer Data Privacy Act was proposed, a bill that emulates GDPR that would penalize CEOs in addition to the companies.
The incoming regulations reflect increasing demand from US consumers for greater data privacy rights. According to SAS:
- 83 percent would like the right to tell an organization not to share or sell their personal information
- 80 percent also want to know where and to whom their data is being sold
- 73 percent said they would like the right to ask an organization how their data is being used
- 64 percent would like the right to have their data deleted or erased
GDPR compliance – ignoring it is risky business
Crucially, another recent global survey shows that more than two-thirds of consumers would walk away from an organization if it suffered a data breach where their financial and sensitive information was stolen. Ninety-three percent of those questioned say they would place the blame at the door of the business and would think about acting against them, with retailers, banks and social media sites considered the most ‘at-risk’ offenders when it comes to data breaches and failure to uphold GDPR compliance.
The loss of business and the severity of fines now imposed on organizations following a data leak, alongside the long-lasting financial and reputational damage, mean it is crucial that any company that collects or leverages user data on its website takes every possible precaution to prevent a data breach and ensure they take GDPR compliance seriously.
For example, if you use marketing tags, chat boxes or freeform fields to collect data from visitors to your website, it is your responsibility to protect that data from misuse or theft. Even so early into 2019, Singapore Airlines (SIA) has admitted a software glitch on its website was behind a data breach that affected 285 members of its frequent flyer program, compromising their personal information including passport and flight details.
The good news is that marketing security (MarSec) solutions enable you to manage your customers’ data on your website and help prevent the data leakage and help safeguard your GDPR compliance efforts. It means that any data collected from your customers can’t be exploited by hackers and cybercriminals.
It doesn’t matter where you are in the world – governments and lawmakers are tightening the net when it comes to data privacy. Speak to Ensighten about how MarSec can help you navigate the new privacy laws and avoid any last-minute scramble to achieve compliance.
Founded in 2009, Ensighten is the global cybersecurity leader providing client-side protection against data loss, ad injection, and intrusion while enhancing website performance.