Right to privacy has always been a tricky concept to define legally, with many of the repercussions falling under the purview of other laws, such as theft, trespass, and defamation. What’s left is emotional distress, which is a fairly nebulous concept.
The same is true of data privacy, with the added complication that it is based online and thus harder to regulate. The advances in Big Data over recent years mean that people’s personal information is being generated, collected, harvested and processed at an unprecedented rate, and this is only set to increase. Research released by YouGov in April, meanwhile, found that 72% of British adults were concerned about their private information online, citing fears of hackers and unauthorised access to their data.
When asking whether consumers should be concerned about data privacy, it is important to first of all establish what these concerns are. The Guardian refers to the YouGov survey as occurring in a ‘post-Snowden world’, conflating people’s fears with Edward Snowden’s revelation of mass collection of private data by the security services. Concerns over the erosion of liberty are, of course, valid, but whether it is the primary cause of concern for 72% of British adults is highly debatable.
People also dislike their personal space being violated. Clearly, this sense of outrage is unlikely to be present when details have been willingly shared, as they often are. However, when the information disseminates to people who you don’t believe you’ve given permission to have it, that sense of violation creeps back in. On the flip side of the coin, as data gets bigger and more aggregated, it often becomes more anonymous. It is, for the most part, someone you don’t know looking at numbers on a screen which can’t be related back to you.
There are also examples of firms doing too good a job with their data analytics and bringing the veil of anonymity crashing down. Target is one infamous example. The US retailer would send coupons to women it believed to be pregnant based on their browsing and buying habits. One day they were called by the irate father of a young girl who had been sent such coupons, claiming that she wasn’t pregnant. It was later revealed that she was pregnant but it was being kept secret, and the coupons had exposed her.
Most people’s fears around the large amounts of their personal information on the internet centre around the likelihood of theft. As the amount of personal data increases, so too do the number of opportunities for it to be stolen. It is vital that companies do everything in their power to prevent people’s personal information from being exposed. And this is still not happening. A recent report from McAfee found that nearly 90% of SMEs in the US do not use data protection for company and customer information, and less than half secured company email to prevent phishing scams.
Poor security does not simply impact the customer though, but the company as well. According to PwC, the average cost of a firm’s worst security breach is rising significantly. For small businesses, the worst breaches cost between £65,000 and £115,000 on average, while for large firms, the damage is between £600,000 and £1.15m.
The question is, what can regulators really do to prevent cyber crime? If your house keeps getting broken into, do you get better locks put in, or do you set limits on who is allowed with 10 feet of your house? It is right that customers’ private details are properly secured, and that any sharing is completely transparent, and this will help prevent theft, but regulators’ ability to enforce such rules is questionable, and they shouldn’t have to. As the internet becomes even more deeply ingrained in people’s lives and knowledge around data improves, any firm that does not have such processes in place will lose customer trust, and the penalties more severe than any a regulator could inflict.