The Future of Big Data Privacy Issues: US and Wordwide
Security and privacy are always on our minds, whether we realize it or not. It’s why we lock our cars, close our blinds at night, and put valuables in safety deposit boxes.
In the 21st century, almost no part of our lives is separated from technology. When you go to the doctor’s office and fill out a form, the staff then inputs your information into their computer system. When you apply for a credit card online, you directly input your sensitive information into the worldwide web. Whether it is in your home or at a doctor’s office, we leave a trail of personal data all over. If it gets into the wrong hands, this data can be a violation of your privacy and potentially devastating to you.
Data Security and Privacy
You wouldn’t give a stranger your social security number, but what if you use it online to apply for a credit card? How is your social security number protected? Who has access to it? How is it stored? Where is it stored?
This is when data security and privacy come into play. Data security protects data from becoming compromised by external attackers and malicious insiders, whereas data privacy governs how the data is collected, shared, and used.
Big Data Privacy Issues
Have you ever been on social media and see an advertisement for something you were thinking of buying online the other day? Or maybe you collect sneakers and constantly receive marketing materials from sneaker companies you never signed up for? That’s because your internet history, interests, political views, shopping habits, and so much more are being collected and sold.
First coined in 2005, the term “big data” describes huge quantities of information that governments, private companies, and public service providers are trying to access and use1. Why? Because then they can make data-driven decisions that help business-related outcomes. Data professionals collect data from a variety of different sources. Some common sources include 2 :
- Internet clickstream data
- Web server logs
- Cloud applications
- Mobile applications
- Social media content
- Text from customer emails and survey responses
- Mobile phone records
- Machine data captured by sensors connected to the internet of things (IoT)
Violation of Privacy
Big data privacy issues have become hot topics as more and more information becomes public about how organizations collect data and what they use it for.
In 2018, Facebook received major backlash after reports in the New York Times and The Observer claimed that political ad consultancy Cambridge Analytica improperly obtained data on tens of millions of Facebook users who downloaded an unrelated psychology app, and data on those users’ friends, without their consent3.
After a year-long investigation conducted by the Federal Trade Commission, Facebook was ordered to pay a record-breaking $5 billion fine as part of a settlement, by far the largest penalty ever imposed on a company for violation of consumers’ privacy rights. The social networking giant was also required to expand its privacy protections across Facebook itself, as well as on Instagram and WhatsApp; and, adopt a corporate system of checks and balances to remain compliant, according to the FTC order. Facebook must also maintain a data protection plan, including protections of information such as users’ phone numbers4.
In 2019, Google agreed to pay a $170 million fine and make changes to protect children’s privacy on YouTube, as regulators said the video site had knowingly and illegally harvested personal information from children and used it to profit by targeting them with ads5.
Google and Facebook are certainly not the only companies hit with complaints of violation of privacy. As a result, legislation has been passed across the country and worldwide to protect consumers from big data privacy issues and force companies to implement data protection plans.
Legislation in the United States
We are witnessing a global phenomenon— data protection plans are becoming a priority for individuals, organizations, and governments alike to prevent further violations of privacy.
California Consumer Privacy Act
In 2018, California passed the California Consumer Privacy Act of 2018 (CCPA), which started as a ballot initiative in response to growing public concern over big data privacy issues. The CCPA incorporates the core principles of the data protection plan and data privacy requirements in the General Data Protection Regulation (GDPR) (more about that later in the article.)
This California law governs the collection, sale, and disclosure of certain types of personal information of California residents. The CCPA applies to the activity of businesses, service providers that serve businesses, and third parties (which can be individuals or organizations). One of the key terms of the law is that companies must respond promptly to inquiries of California consumers regarding certain types of personal data collected about them and whether it is being sold or disclosed. The law allows for no discrimination against consumers who exercise their rights; consumers must be given the same quality of service even if they object to a particular activity, such as the sale of their data. Specified types of service providers may use consumer data only at the direction of the business they serve and must delete a consumer’s personal information from their records upon request 6.
More than 60 jurisdictions worldwide have enacted or proposed privacy and data protection laws following the introduction of the GDPR in 2018. This international legislation may be applicable to US-based businesses, depending upon the businesses’ operating models and consumer bases. Countries that have current regulatory activity around privacy include Argentina, Australia, Brazil, Egypt, India, Indonesia, Japan, Kenya, Mexico, Nigeria, Panama, Singapore, and Thailand7.
European Union General Data Protection Regulation
The General Data Protection Regulation (GDPR) is the toughest privacy and security law globally and has served as a model for new legislation focusing on big data privacy issues. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The regulation was put into effect on May 25, 2018. The GDPR will levy harsh fines against those who violate its privacy and security standards, with penalties reaching into the tens of millions of euros8
Brazilian General Data Protection Law: Lei Geral de Protecao de Dados (LGPD)
On August 15, 2018, Brazil published its most comprehensive and far-reaching data protection regulation in the country, known as the Brazilian General Data Protection Law or Lei Geral de Proteção de Dados (LGPD). The Brazilian privacy law maintains many similarities with the EU General Data Protection Act (GDPR). And similar to the GDPR, the LGPD extends to organizations that collect, use and store personal data in Brazil or about Brazilian data subjects.
Like the GDPR, the Brazilian privacy law imposes requirements upon organizations seeking to comply with the law. Organizations that have implemented a framework to support GDPR will find that similar steps can be taken for the LGDP including, but not limited to9:
- Understanding of what types of personal data is collected and used by the organization
- Recording data processing activities and maintaining a legal basis for the collection and use of personal data
- Fulfilling data subject rights within a reasonable timeframe
- Conducting assessments to understand the risks associated with personal data processing activities
- Implementing safeguards to protect against unauthorized access, use, and sharing of personal data
German Privacy Act
The German Privacy Act (BDSG) was enacted following the European Union General Data Protection Regulation to complement, specify and modify the GDPR for Germany. It provides rules for specific topics such as data processing in the context of employment, the designation of a data protection officer (DPO), scoring and credit checks, and profiling10
Protect Yourself with a Data Protection Plan
As an independent contractor, freelancer, or small business owner, it is just as vital for you to follow all applicable laws when handling private data, just as it is for tech giants like Facebook and Google. If you have employees, you should stress the same level of importance and create a data protection plan. Your plan should look at data privacy as a holistic risk management issue for the entire company and not as something confined to technical experts. You must understand what private data you possess (if any), what it is used for, who has access to it and where it’s stored.
Review and update your practices regularly stay on top of new developments with data security and privacy. As this article showed, states and countries are constantly trying to pass new legislation to combat big data privacy issues. And saying, “I didn’t know that was a violation of privacy,” will not save you from penalties, and it certainly won’t keep you from being sued.
Cyber Insurance Coverage
If your company collects any kind of data, personal or not, you need cyber insurance coverage. You can indeed implement safeguards to protect your data, but hackers might still be able to sneak in. The one thing you can control is whether or not your business is prepared for cyber risks. Entrepreneurs and self-employed workers can benefit significantly from cyber insurance. There are two main types of cyber insurance — data breach insurance and cyber liability insurance.
Data breaches involve the exposure of personal information and can happen in a number of ways. Maybe a hacker breaks into your network, or perhaps an employee accidentally opens an email with a virus that exposes confidential information. Unfortunately, that’s the world we live in. Data breach insurance may help cover costs, such as notifying all
customers, patients, or employees who have been affected by a breach. The coverage can also help with hiring a public relations firm to handle the situation and offering credit monitoring services to data breach victims.
Cyber liability insurance helps cover your business after a cyberattack or internet-related threat. It is used as a response to a data security incident and may help cover legal services, lost income, and lawsuits that emerge because of the cyberattack or other security issues.
Safeguard Discount Plan
A safeguard discount plan is like having an additional level of security and a team of experts on speed dial. A safeguard discount plan through Woligo connects you with professional providers who may provide advice and/or treatment for your predicament.
- ID Sanctuary: With ID Sanctuary, identity protection is at your fingertips. If you are the victim of identity theft, our team immediately gets to work to guide you through the identity restoration process.
- Legal Services: It’s convenient to say “let me call my lawyer” when you have a legal question.
- Financial Services: Live coaching and online resources to help you keep your finances in check.
- Global Travel Assistance: When you’re traveling more than 100 miles away from home and become ill or injured, you can connect with a global network of doctors involved in the worldwide travel protection plan. If you lose your passport while overseas, you’ll have immediate help.
- Roadside Assistance: If your car’s battery dies, you run out of gas, or are locked out of your vehicle, you can just make a call and professionals will quickly be deployed to get you on your way again.
And because of the discounts you get for being a member, you don’t have to empty your wallets, either. You simply have access to the help you need, whenever you need it. It is only $10.95 a month for individuals for extra peace of mind.
There are just some things you wouldn’t want to end up in the hands of a stranger. You can learn from the big data privacy issues and make sure you have a solid data protection plan in place. That includes cyber insurance coverage and a safeguard discount plan for an extra layer of security.
- Gartner Predicts for the Future of Privacy 2020
- What is GDPR, the EU’s new data protection law? - GDPR.eu
- Brazilian Privacy Law | Collibra