2019 was dubbed the “worst year on record” for data breaches by Risk Based Security in their Q3 report. By year end, we had endured a total of 15.1 billion exposed records of personal information, up 284% from 2018.
It seemed no organization was safe: Facebook, Capital One, Adobe, and the American Medical Collection Association all suffered data breaches. Most targeted consumers’ personally identifiable information. To make matters worse, many appeared to be the result of inadequate security measures—e.g. storing users’ passwords in plain text on unprotected servers—and could have been prevented with proactive strategies.
Hackers with intent to steal information and sell it to the highest bidder pose a constant threat to personal security. According to the 2019 NortonLifeLock Cyber Safety Insights Report (NLCSIR), among 10 surveyed countries, almost 350 million consumers in the last year alone have been the victim of a cyber crime and nearly 46 million consumers were victims of identity theft. As people scramble to comprehend the consequences of their most private information being constantly targeted and becoming public, they also struggle to figure out what they can do to protect it.
The same NortonLifeLock survey indicated that 66% of people admitted to being very worried their identity would be stolen and a whopping 83% of people agreed they wish they had more information on what to do if their identity was stolen.
That’s a lot of uncertainty around what to do next in the time of crisis. What’s most interesting, however, is when it comes to who we believe is most responsible for our data privacy protection—the government, corporations, or us as individuals—we can’t make up our minds.
While the survey shows that more people globally think the government (42%) should be most responsible for protecting consumers’ personal information than the companies collecting it (34%) or the individuals providing it (24%)—in looking more closely at the data, it’s clear sentiments are split and vary substantially by country.
The government’s role
Within the last few years, governments around the globe have taken record action to protect the privacy of its citizens. In the United States, the Federal Trade Commission (FTC) uses various measures to protect consumers’ privacy and personal information. They mainly do this by bringing enforcement actions to stop law violations and requiring offending companies to work towards remedying their unlawful actions, which can include implementation of government-administered privacy and security programs.
In July 2019, the FTC fined Facebook nearly $5 billion for deceiving users about their ability to control the privacy of their personal information, violating a 2012 privacy consent decree. This was the largest fine in history a company has had to pay for violating consumers’ privacy and one of the highest penalties ever imposed by the US government.
Despite this and other highly publicized cases, less than half of consumers (44%) believe their government is doing enough to protect their privacy. What’s more, of all the countries surveyed, the United States was the only country in which the individual consumer (34%) outranked the government (29%) as most responsible for protecting personal information. Perhaps it’s because much of what the government seems to be doing is reactionary.
Unlike the US, the European Union has taken very proactive steps to protect consumers’ private information with the introduction of GDPR regulations in 2018. One of the aims of GDPR is to put the power back in the hands of the consumer, allowing them to actively select when and what personal information they’d like to share.
But despite the EU’s efforts with GDPR, around half of European citizens still believe their government is lagging behind other countries when it comes to data privacy laws.
Corporate handling of personal information
Unlike those that have been fined by the government for failing to adhere to regulations, some companies have chosen to make their stance on privacy a core aspect of their brand.
Within the last year or so, Apple has incorporated privacy as a central feature of its product offerings. With its own dedicated page, Apple describes the measures to which the company goes to protect its users privacy, yet some critique the tech giant for touting data privacy while also enabling bad behavior by 3rd party developers on its platforms. Additionally, Apple has notoriously been in a public battle with the FBI over refusing to unlock iPhones belonging to terrorism suspects, sparking a national debate over what information should be available to law enforcement.
Mozilla has taken a different approach by featuring privacy protection as a central aspect of all of its products and even introducing a password manager and a site that allows you to check if you’ve been part of an online data breach.
But companies like Apple and Mozilla are only part of the story. Out of all the company types the Cyber Safety Insights Report asked consumers about, social media providers garnered the least trust when it came to protecting consumers’ personal information (43% globally do not trust social media providers at all).
Keeping personal data safe from breaches is one thing, but there are other concerns to consider around how that data is being used by the corporations collecting it. 40% of adults say their sensitive personal information being sold to third parties and used in decision-making processes without their consent is among their top 2 concerns about data privacy. With the integration of targeted advertising into nearly every online activity, it’s hard not to be wary of your digital footprint coming back to haunt you.
What’s more, for 12% and 9%, respectively, among their top 2 concerns is their personal information or others’ will be used to inappropriately influence how they vote in an election. In the wake of the Cambridge Analytica scandal, the fear around how one’s personal online experience might be molded by corporations (or at least with tools created by corporations) to change behavior is all too palpable.
What can the individual do?
Opting in to use online services is always accompanied by a certain level of risk. Today, it’s nearly impossible to use an online service without sharing one’s personal information or data. So it’s not surprising that 64% of people globally stated that they accept certain risks to their online privacy to make their lives more convenient, while 79% of people agreed consumers have lost all control over how their personal information is collected and used by companies. That’s nearly two thirds of the population who feel they lack agency when it comes to how their personal information is being stored or used!
But the fight for personal security isn’t over. Despite 67% expressing they are more alarmed than ever about their privacy, 84% of consumers have taken at least one step to protect their online activity and personal information, and 65% are proactively looking for better ways to secure their information.
What does securing your privacy mean beyond basics like using strong passwords, limiting sharing on social media, and being wary of free wi-fi? Other steps you can take include using a VPN, utilizing a password manager, and taking advantage of website specific cookie settings.
Securing yourself online takes a lot of time and energy, but becoming an expert in how your information is used can have massive benefits down the road.
There’s no clear consensus on which entity—the government, corporations, or the individual—is most responsible for protecting users’ personal information because ideally these three groups should be working together. Individuals must hold corporations and governments accountable for how their information is used while learning to protect their data to the best of their ability. Successful corporations will understand that personal information handling and customer loyalty go hand in hand. It’s the government’s duty to protect citizens’ privacy and personal information. With governments, corporations, and individuals all working in unison, perhaps a more secure future lies ahead.
NLCSIR was conducted online by The Harris Poll on behalf of NortonLifeLock among 10,063 adults aged 18+ from November 5 to December 2, 2019 in Australia, France, Germany, India, Italy, Japan, Netherlands, New Zealand, the UK, and the US. For more information on the findings, visit the NortonLifeLock Cyber Safety Insights Report.