<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1678611822423757&amp;ev=PageView&amp;noscript=1">
Defrag This

| Read. Reflect. Reboot.

Does the US Need a Constitutional Amendment for Data Privacy?

Michael O'Dwyer| January 22 2019

| security, GDPR

does-the-us-need-a-constitutional-amendment-for-data-privacy

Data privacy seems to have surpassed all other technological buzzwords (with Big Data, AI and IoT largely responsible for the increase in available data) in the last few years, primarily because of the number of data breaches, which continues to rise unabated each year.

The most annoying aspect of all is that the individuals with compromised data are for the most part entirely blameless; they have simply made the mistake of trusting a third party (whether a bank, business, government organization or healthcare provider) to secure their data adequately.

Understandably, we are all frustrated, especially when we personally take all the necessary precautions to protect our personally identifiable information (PII). We shred documents in a cross-cut shredder, we use different long alphanumeric (with special characters) passwords for each online service and change them regularly, we use VPNs and avoid insecure Wi-Fi. All these precautions become worthless when the third parties we deal with take a casual approach to protecting our data. Clearly, as much as we would like to avoid it, legislative efforts become necessary to force all who handle data to do so in a responsible manner, as if their own data (and those of their family members) was involved.

Clearly, when ethics and data security are not enforceable or even present in data storage processes, then regulations are needed to force compliance in areas that should have been obvious to even the most intellectually-challenged root vegetables.

Compliance can make any IT pro's skin crawl, but it shouldn't. Read this free  eBook.

What’s The Big Deal About Data Privacy Anyway?

Well, it’s quite simple and I’m sure many readers feel the same way. I’m very careful about the data I place online and expect those I deal with to have some sort of security policy in line with my requirements. I don’t want my data sold, exchanged or shared with those I have no dealings with. After a hospital stay to remove the part of my brain that reacts to presidential/political incompetence, I don’t wish to receive calls, emails or snail mail offering medical insurance, hats, orange wigs or invitations to attend political rallies. VIP cards in retail outlets should not result in a bombardment of unsolicited catalogs or invitations to acquire yet another credit card.

Managed File Transfer

Of course, the above examples are annoyances, but the real problem is that the more people that have your PII, the greater the odds of identity theft. Alarmist BS, you cry… hardly, given the Equifax breach last year. Identity theft is on the rise globally but let’s focus on the U.S. for the moment. According to Experian, the Identity Theft Resource Center (ITRC) reported a 44% increase in breaches in 2017, exposing almost 179 million records. Some 31% of those affected by data breaches are later targeted for identity theft.

And, the most recent ITRC report at the time of writing indicates that there were 89 reported data breaches in the U.S. in December 2018 with a total of 945,735 records exposed. It’s worth noting that this an 11-page pdf where the majority of listed breaches shows ‘records exposed’ as ‘unknown’. 500,000 exposed records came from the San Diego Unified School District and 243,000 from Goldsilver, a New York-based provider of gold and silver dealer services. The other breaches came from a mix of healthcare and financial providers, educational institutions, government services and businesses, including one entry from Harley Davidson.

What records are involved in these data breaches? Financial info, medical data, billing addresses, phone numbers or social security numbers are sure to be involved, all of which can be used to aid identity theft. Therefore, when companies obviously cannot protect our data, it’s time for regulations and government involvement, ideally with financial penalties for non-compliance.

Our Data is Valuable…

It’s a given that hackers are not stupid, and they target their attacks at industries that will yield results. Financial and healthcare service providers have long been identified as juicy targets and it remains a mystery why organizations in these industries are still hacked. Obviously, they cannot protect data in the manner necessary to prevent data breaches. So, what’s the answer?

Segregation of data would seem obvious. Forget the joys of automation, data sharing and remote access. Bring back the ‘air gap’ between online networks (networks that are connected to the internet) and segregate PII in a contained network, encrypting and anonymizing data as it is collected online. Data would then be added incrementally to the offline network as needed for analytics, marketing, etc. Sure, it might involve manual updates and two terminals (one for the connected network and the other for the offline network) for helpdesk operators or customer service but it would work, in my opinion. If everything remains connected or stored in the cloud, data is at risk as hackers are creative and patient, waiting for that one software, hardware or employee exploit that will allow them network access.

No discussion on data privacy is complete without mentioning social media and big retailers such as Amazon. Collectively, our online data is precious and the reason why Facebook, Google and Amazon are global goliaths. By using their products and services, we willingly share our data, which is then used/sold on in a variety of ways to ‘improve services’ and fix an election. Smart speakers, for example, send all audio to remote storage, which is then used to improve speech recognition/AI.

Data privacy will never be a reality if the urge to connect and share everything continues.

What’s Being Done to Increase Data Privacy?

Look at the EU, yes, look at them… far from the so-called American Dream but their citizens can control what happens to their data on a global scale, thanks to the introduction of the GDPR. All organizations that handle the data of EU citizens must comply, regardless of location – it is not optional. Sure, compliance causes additional expense, but breached companies brought it on all companies by not protecting their harvested data. California has followed suit with the California Consumer Privacy Act, and forces organizations to considers an individual’s right to privacy, including the right to prevent the sale of your information. This is certainly a step in the right direction, but it needs to roll out on a national level and evolve along with technology. It makes sense to do this, as third parties (regardless of location) who store data on Californian residents will need to comply.

Unfortunately, none of these regulations mandate how data is to be protected, leaving that to the organizations involved. Still, it’s a start and regulations that force everyone to comply with them can only improve our privacy in the long run. George Washington never envisioned how technology would involve itself in our lives and I’m sure if he had known, he would have included a reference to responsible handling of personal information, forcing Big Business to handle our data as we expect. Protecting us from identity theft, waiting until we are seeking products and services before sending info and not selling our data seem like common sense requirements, even in a technological age.

Topics: security, GDPR

Leave a Reply

Your email address will not be published. Required fields are marked *

THIS POST WAS WRITTEN BY Michael O'Dwyer

An Irishman based in Hong Kong, Michael O’Dwyer is a business & technology journalist, independent consultant and writer who specializes in writing for enterprise, small business and IT audiences. With 20+ years of experience in everything from IT and electronic component-level failure analysis to process improvement and supply chains (and an in-depth knowledge of Klingon,) Michael is a sought-after writer whose quality sources, deep research and quirky sense of humor ensures he’s welcome in high-profile publications such as The Street and Fortune 100 IT portals.

Free Trials

Getting started has never been easier. Download a trial today.

Download Free Trials

Contact Us

Let us know how we can help you. Focus on what matters. 

Send us a note

Subscribe to our Blog

Let’s stay in touch! Register to receive our blog updates.