A Country in Crisis: Data Privacy in the US

Over the past several years, digital data has been increasing at an unprecedented rate. To put it into perspective, in 2019 the overall global population increased at just over 1% to 7.7 billion, while the number of unique mobile phone users increased by 2% to 5.8 billion. In addition, the number of internet users increased 9% to 4.4 billion, which is 57% of the global population. As global urbanization continues, the sheer number of people utilizing data in their day-to-day lives will continue to grow. All this data, which moves across continents in seconds, needs to be stored and managed somewhere. This exponential increase in the use of digital data has required an equally aggressive increase in data storage capabilities.

As digital data increases, so does the trend of moving data storage to the cloud. The cloud is nothing more than large data centers that house racks and racks of servers and drives that run 24/7 and utilize massive cooling mechanisms to keep the temperature down. As a result, data centers use an excessive amount of energy, making operations expensive. While larger businesses previously owned their own data centers or used in-house data storage, there has been a rapid shift to cloud service providers over the past five years. In fact, it is expected that the number of large companies in North America shifting away from using their own data centers to cloud service providers will increase from 10% in 2017 to 80% by the end of 2022. The move to cloud service providers is further evidenced by the increasing number of mergers and acquisitions in the cloud service sector. But how does this affect data privacy? It puts the onus of maintaining data privacy, including the destruction of data at end-of-life, into the hands of technology giants rather than individual organizations who know that a breach could literally destroy their businesses. And considering end-of-life drives — and the data they contain — can linger for years in landfills that are routinely scavenged for anything of value (and data is highly valuable), a lack of mandated end-of-life data destruction is alarming. As data increases exponentially and its storage shifts inexorably to the cloud, concerns over data security and privacy escalate in parallel, leading to much-needed data privacy legislation.

In 2018, the European Union (EU) implemented the General Data Protection Regulation (GDPR) in an effort to protect the privacy of European consumers. GDPR requires that all organizations that do business with EU citizens adhere to the legislation, meaning that global organizations such as Apple, Facebook, and Google, as well as smaller US companies that sell to Europeans, are required to follow GDPR. Since its inception in May of 2018, GDPR has leveraged hundreds of millions of Euros in fines and is only getting more aggressive with enforcement; however, GDPR only affects organizations that have dealings with EU citizens.

Conversely, the United States has fallen behind in data privacy legislation, leaving the onus of maintaining data privacy to individual states or private companies. Considering that well over half of all global data breaches occur in the United States, the lack of a federal data privacy law is concerning. Unlike their European counterparts, Americans are largely left to their own devices when it comes to data privacy and has little recourse when a breach occurs. In fact, one of the largest breaches of 2012 occurred with major online retailer Zappos, affecting 24 million customers. In 2019, the agreed-upon settlement to a class action lawsuit provided reparation to the affected individuals in the form of a 10% Zappos discount code that was only good through 31 December 2019. Needless to say, a 10% discount code (which actually helps Zappos rather than punishes them) in exchange for breached personal data hardly seems equitable. Until the United States takes data privacy as seriously as its European and Canadian counterparts, the privacy and security of American citizens will continue to erode.

Data privacy and security is a serious and growing global issue, even more so in the United States where the bulk of data breaches occur. Breaches and end-of-life data mining will only escalate in line with our digital footprint, of that there is no question. Without a federal data privacy law, the privacy of American citizens’ data will continue to be at serious risk. And 10% off a pair of shoes simply isn’t the answer.

Brought to you by: