Data privacy wildfire: Could we have been more prepared?

What standards do today’s companies — internet, data, and really any company that holds consumer data — need to hold themselves to? 

It’s a good question, and one that is particularly relevant to New York State’s recent enactment of the SHIELD Law (more here: https://www.forbes.com/sites/forbestechcouncil/2020/09/16/why-us-companies-should-know-about-the-ccpa-and-new-york-shield-act/#74ae86fb32e1).

When I take a step back from the articles, opinion pieces, media, and more, what I find to be perplexing and fascinating is that while the right to privacy and protection is not novel, does the new medium or innovation itself demand or require novel standards, practices, or laws? Or, is that a slippery slope and borderline a case of “situational ethics”?

Does a new technology or innovation necessitate different standards or laws? Does the category or industry matter? Or, rather, should similar standards be placed across industries, tech, and innovation no matter the situation or context?

I find that we cannot fully speak to data and privacy without understanding the holistic history of these kinds of laws, their origins and why they’re enacted and upheld in the first place. As well as how they’ve changed or been modified over time.

For example, what accountability does Lowes or Home Depot have to our personal information when they swipe our credit cards when we purchase 3M hooks and a plunger? What happens if/when Lowes or Home Depot mishandles this type of information? What is at stake?

Pre credit cards, it was more difficult to track and trace our purchases or consumer buying behavior; our transactions were more or less anonymous, which could equate to less liability on the company and the consumer. The transaction that once took place was simple: I give you a dollar bill or two, you give me the plunger.

Today, in the age of information, digitization, and ‘connectivity’, we have multiple [digital] transactions happening at the same time [in any given moment, on the comfort of our couches]: I give you my credit card, your computer receives my CC information. You give me the plunger and the receipt with my information on it — what I purchased, some digits of my credit card, and perhaps my Lowes Member Number (if that’s a thing?). In addition, the purchase is stored in my Lowes Member Profile.

This type of digital streamlining and recording, while efficient for both the company and consumer, undoubtedly holds more liability and responsibility on both parties.

…And, when I take a step back from this, it seems like the more I unpack in the tangled digital connectivity web, the more it seems like we sparked a data privacy wildfire that’s too difficult to contain now that we’ve been at this for 30+ years.

I could easily slap a “we should have known” or “we could have been prepared” on this, but I think the inventors and the consumers could have never imagined the things we could do at our fingertips just a couple decades after the advent of the personal computer.

We’ve all been part of this technological transformation journey, and I do think it’s safe and smart for both consumers and companies to be educated, aware, and informed of their rights and protections — as well as the ability to opt in or out at any given time. Just like how our non digital life works. Same standards, different mediums.

SOURCES: 

1. https://www.forbes.com/sites/forbestechcouncil/2020/09/16/why-us-companies-should-know-about-the-ccpa-and-new-york-shield-act/#74ae86fb32e1
2. Complete Guide to US Privacy Laws: https://www.varonis.com/blog/us-privacy-laws/