As more and more life changing technology advancements arise, the continued blurring of lines have made American and tech culture synonymous. The cloud, e-commerce, GPS connectivity, remote access, smartphones, and everything in between have changed how we interact with each other and our world for the better (arguably) forever. All companies in every industry collect data in 2022, but how do they “use it”? Consumers expect a product or service in exchange for their personal data, while businesses learned to build trust to exploit opportunity. Surely every business would hold privacy over profit, right? Well, jump in your DeLorean, we’re going back to the future.
Historically, finding privacy balance for companies has been key to longevity but not always a priority. Data privacy and protecting consumers is everything, along with even bothering to create (go figure) and even knowing what your policy protects is better. This isn’t the most mind-blowing concept, but you’d be surprised at how often companies and their common sense took a back seat to the Almighty Dollar.
ChoicePoint Data Breach (2004-2005)
The first stop in our remade DeLorean is the ChoicePoint Data Breach in early 2005. The data aggregator firm, known for combining information from public and private databases, takes this data and then sells it to private sector firms and government agencies. However, in February 2005, a group of L.A. County fraudsters and their 50 fake businesses were able to dupe ChoicePoint into selling personal consumer information that compromised the lives of 163,000 people. California SB-1386 is a law that requires the disclosure of any data breach to be publicly reported by the company at fault. Security Freeze law discussions and a tarnished image arose along with a $15M penalty for ChoicePoint, which would set a precedent for privacy.
Early in 2005, ChoicePoint reported it had handed over consumers' names, addresses, Social Security numbers, and credit reports to fraudsters working out of Los Angeles County.
The $10 million civil penalty portion is the highest fine in FTC history, but paltry compared to the $50 million fine McAfee was ordered to pay the Securities and Exchange Commission earlier this month for allegedly overstating earnings statements.
An identity-theft ring gained access to 145,000 consumer records held by ChoicePoint, which later notified consumers as required under California law SB-1386.
Smartphones and Location Data (2007-2008)
Just two summers later, a 2007 Tele Atlas survey began to present a new frontier on mobile connectivity. It reported that 84% of consumers wanted GPS capability on their mobile device. The movement for getting a fix on mobile users was fueled by the FCC’s 1996 Enhanced 911 Initiative, forcing carriers to provide emergency call location data. Today, location information is key to deliver mobile services, ads, and marketing for many industries. What started out as a sincere way to help civilians in danger, began to morph into pseudo-surveillance, which may provide timely suggestions in certain environments but also intrude on others.
Even without a GPS-enabled device, people can still tap into location-based services.
If 2007 was the year of smartphones, then 2008 promises to be the year of mobile location. Consumers and business users want GPS and other location services on their smartphones. But what does 2008 really hold in store?
The tech's still in its early days, but tracking a pizza delivery street by street shows what's possible.
The ‘Dark Side’ of Big Data (2012)
Speaking of predictive analytics, 2012 birthed the concept of “big data.” Big data can solve big problems, but big ideas have driven many poor societal decisions over time. Big data has empowered companies to deny services and monetize consumer data. This data aggregation continues to grow today, fueled partly by national security and focused marketing.
While big data shows tremendous potential in a variety of industries, such as healthcare, e-commerce and traffic prediction, it has a potential "dark side" as well.
Will big data be a force for good or evil by the end of this decade? See if you agree with expert reactions to new Pew Internet Center research.
Right to be Forgotten
Following a 2014 ruling by the European Union and the European Court of Justice, the "Right to be Forgotten" provides support to those EU citizens who wish to remove personal data from search engines under EU jurisdiction. But this was easier said than done, and US citizens did not get the same treatment.
A study by privacy researchers finds that attempts to obscure online information can be defeated with a bit of effort.
The "right to be forgotten," recognized in Article 17 of the European Union's revision of its 1995 data protection rules, is at once admirable and asinine.
GDPR Emerges (2016-2018)
There are real benefits to be had in understanding and protecting consumer data. The year 2016 brought the European Union’s General Data Protection Regulation (GDPR) to the forefront, which forced companies to rethink what practices are done with personal data, and introduced new, real punishments for non-compliance. Amazon, WhatsApp, and Zoom were all penalized in 2021 with a 4% total revenue fine for violations signaling a rebalanced data relationship between people and companies.5 Common GDPR Misconceptions
A company's effort to comply with GDPR doesn't end on any particular date. The work is ongoing, tied to a recognition of privacy as a fundamental right.
GDPR: A Cost vs. Benefit Analysis
It's a mistake for companies to view compliance with GDPR as just a financial burden. There are real benefits to be had in understanding and protecting customer data.
Equifax Breach (2017)
The Equifax Breach of 2017 taught us the need for companies to test third-party code so that patches can be properly and timely implemented. Equifax was snake bitten when back doors in that sourced code were left open and exploited.
Equifax blamed its recent high-profile breach on the Apache Struts Web Framework. As software delivery cycles shrink, developers have to rely on more third-party components, libraries and frameworks. When they do, what are their liabilities and responsibilities?
Cambridge Analytica Scandal (2018)
2018’s Cambridge Analytica Scandal reiterated the need for CIOs to stop ignoring customer data privacy concerns and how companies can get a handle on their data operations.
Facebook has lost billions in market value, been targeted for investigation by 37 states and the FTC, and many users are threatening to delete their accounts. It's past time for enterprise CIOs to stop ignoring customer data privacy concerns.
As we continue to rely on access and convenience, at what point are our Data Privacy issues more than just a personal problem? Great question, stay tuned.