At the end of June 2018, the California Consumer Privacy Act was passed unanimously, potentially sparking a revolution in data protection across the US. Following in the footsteps of the EU’s new GDPR laws, the privacy act will mean radical changes to how companies can gather and monetise their customers’ data in California. Below Lawyer Monthly explores with Nina Conseil, Senior Director, Product and Marketing at Affinion, the potential for GDPR like data protection law to go global.
It is not surprising that the tide is turning – for as long as we can remember Silicon Valley has had the upper hand and free rein to do whatever it pleases. But all that has changed since the furore surrounding Cambridge Analytica’s use or rather misuse of Facebook data hit the headlines. Mark Zuckerberg has been hauled in front of the US Congress to answer questions from the Senate commerce and judiciary committees on privacy, data mining, regulations. He has also been grilled by the European parliament and faces a lawsuit for allegedly misusing the personal data of more than 71 million people. While many have criticised the effectiveness of these hearings, users remain furious and US legislators are responding with the law.
Not just Facebook
The Facebook data scandal is just the tip of the iceberg. Unfortunately sensitive personal information often falls into the wrong hands - Norton’s latest global research shows that 978 million people were victims of cybercrime last year, losing an estimated $178 billion to hackers. Similarly, a hacker dubbed ‘Courvoisier’ stole 78 million usernames and passwords to sell on the dark web, infiltrating the likes of Uber, Argos and Asda. Only last month, Adidas suffered a security breach which endangered sensitive data of millions of its customers.
Data privacy is a serious issue for both businesses and their customers and regulation like GDPR and the California Consumer Privacy Act are helping to address it. But what else needs to change to ensure sensitive data remains private and consumers protect themselves?
Putting education first
Norton research shows 10% of the world’s population experience cybercrime every year – be it ID theft, financial fraud or a misuse of their data. This means that before long almost everyone will either be a victim or know someone directly impacted by cybercrime. Regardless of how it happens and who’s at fault, one mistake can have a huge impact – either personally, financially, or both.
Interestingly, Sophos research shows people are currently more worried about cybercrime than physical crime, yet a third of them admit ignoring data breach emails. Clearly businesses need to educate consumers on how to act if they fear they’ve been hacked - Symantec Internet Security Threat Report found that despite a 13% increase in data vulnerabilities, people don’t know who to turn to for help, while 41% can’t identify a phishing email and guess at its legitimacy.
Equipping customers with innovative tools
Financial institutions need to innovate and arm their customers with the tools they need to protect themselves such as technology which actively scans for potential data privacy risks. The provision of products and services that raise awareness and help improve data privacy and cyber security could become a key differentiator in driving loyalty. This way of thinking is starting the hit the mainstream and we’ve already started working with financial institutions across the world to offer cyber and ID protection to their customers.
One growing field is dark web scanning – most consumers won’t have seen or know much about the dark web, let alone considered whether their personal data has been published there. By offering dark web scanning, customers are given additional peace of mind and the option to take action before they suffer a loss or damages. In taking this approach, businesses are going the extra mile to show they truly care about the security of their customers’ cyber security and data.
Thanks to the Facebook scandal, data protection is the theme tune for 2018 and businesses across the world must keep up. Financial services businesses and customers alike should embrace the challenge to build an ecosystem in which data is as secure as possible. To make this possible, it’s vital that banks and financial institutions do all they can to educate and empower their customers to protect themselves while providing peace of mind. Failure to do so will not only result in data losses, but also trust and inevitably, profit.