According to Pew Research Center, 69% of adults in the U.S. are not confident that the companies using their data are doing so safely. The majority of Americans do not believe corporations are good stewards of their collected data. This is not all that surprising; the Securities and Exchange Commission has warned businesses of all sizes that hacks are likely, and large, newsworthy hacks occur regularly. Often with good reason, modern consumers simply have little faith in the protection of their online personal information.
Breaches Are Common
The first big lesson on the importance of privacy laws came in 2013, when retail chain Target was hacked via its payment processor, the vendor that handled all the ATM and credit card payment for the company. Then, during the 2016 presidential election, Cambridge Analytica and Facebook were thrust into the spotlight when it was discovered that almost 90 million user profiles had been transferred and used for political purposes. Later, Marriott International, a major player in the hotel industry, announced a “mega breach” of 500 million customers’ data in 2019. These recent instances are just a handful of the many breaches occurring daily. The lack of trust in data privacy is rampant; one Deloitte study found that 8 out of 10 respondents felt they had completely lost control of their personal information.
At the same time, personal data is leveraged legally by companies every day. As highlighted in the Los Angeles Times, one report identified 10 different Android-platform apps that were selling user data to advertisers and interested parties. The data included users’ sexual preferences, religions, address information, locations and political beliefs. The report also provides in-depth tracing of compromised data to at least 135 other parties beyond the 10 apps legally selling the user information.
Complete removal of collected data is almost impossible, according for Forbes. Companies have hit the goldmine with data-driven analysis and decision-making for marketing and business strategy, which means there is no institutional drive to move away from online data collection. in fact, more effort is going into increasing data capture than refinement and privacy protection, per the Los Angeles Times.
Both because of rampant hacks and legal but questionable use of data on the part of American organizations, federal and state legislative bodies are constantly being urged to act on privacy concerns. Many want the government to create legislation that regulates how data can be utilized by the companies that collect it.
California Makes a Change
Where protections are put into place, they are game changing. As detailed in a recent Pew Research Center report and the Harvard Business Review, the recent passage of the California Consumer Personal Act — or CCPA — requires companies to:
- Detail what data they are collecting
- Explain how the data is being used
- Give consumers power to opt out and see their records
- Remove consumers from their database upon request
Most importantly, the California legislation creates a powerful punitive pressure on companies that shirk their new responsibilities. Aimed squarely at the biggest players in business and data collection, the CCPA also includes specific protections for data on minors under age 13.
Fines and legal costs as a result of violations of the CCPA can and will likely be expensive, which helps reinforce its implementation. Civil actions can trigger fines of $100 to $750 per individual affected per incident, and additional fines can be levied for repeat problems.
What Does This Mean Going Forward?
California may have led the way, but it is only a matter of time before other states follow. Further, large companies like Uber and Microsoft are changing their policies as a result of the CCPA because they operate across the nation. With these two factors at play, it’s likely many companies will end up re-focusing on data privacy.
Understanding the Changing Nature of Privacy Matters Now More Than Ever
Data privacy is likely to remain at the forefront of legal concerns for businesses for as long as the internet continues to be used. Businesses and consumers alike must remain vigilant and knowledgeable about the costs of data loss and misuse.
Companies will need to be proactive in protecting data while still profiting from it. At the same time, consumers will look to experts who can advocate for them and protect their legal rights. For students pursuing the Master of Laws degree online, there has never been a better time to learn about the complexities and ramifications of data privacy actions in the real world.