Short answer: It’s bad and getting worse.
Long answer: Research continues to confirm organizations are falling behind in efforts to protect the privacy of users’ personally identifiable information (PII) online. Data privacy is an exploding issue because the amount of digital data users generate is increasing exponentially, organizations are moving more data and services to the cloud, and privacy regulations are still a way off being a comprehensive fix. At the same time, the COVID-19 pandemic is forcing more remote work, which exposes organizations to greater risks, and cyberattacks are becoming more frequent and sophisticated. The data economy is flourishing, on and off the dark web.
Data privacy is a global issue. Gartner predicts the worldwide information security market will reach $170.4 billion in 2022 as companies globally respond to increasing threats. Some countries are more affected than others though, and the United States is among the worst hit. Internet-connected computers are attacked every 39 seconds in the US and 45 per cent of Americans have had their personal information compromised by a data breach in the last five years. In 2019, the US had the highest average cost per data breach in the world, at $8.64 million, and healthcare data breaches alone affected 40 million people—a number that’s growing with the ongoing COVID-19 pandemic. The US still does not have a national consumer privacy law, despite ongoing efforts to enact one, particularly in light of trailblazing regulatory advances in California.
The picture is similar in the United Kingdom where the cost per data breach is slightly lower than the global average but 88 percent of companies have been caught up in a breach, mostly phishing attacks. High levels of data breach are also reported in nearby Germany (92 percent), France (94 percent), and Italy (90 percent). Small UK businesses suffer an attempted hacking attack every 19 seconds, and nearly 40 percent of UK companies reported a data breach in the 12 months to May 2020.
In Australia, seven in 10 respondents to the Australian Community Attitudes to Privacy Survey 2020 by the Office of the Australian Information Commission (OAIC), nominated privacy as a major concern for them, while 87 per cent wanted more control and choice over the collection and use of their personal information. These consumer sentiments are reflected in those of users worldwide, which we recently reported were that:
- High profile, significant, and regular data breaches have spooked consumers.
- Consumers generally get that they have to trade certain personal information for services, but are now warier of sharing their personal data.
- Consumers want to control their own data and will act to do so if they can.
- Levels of consumer trust for brands is generally low.
- Consumers will abandon brands or delay purchases where they perceive a risk to their personal data.
- The regulatory screws are tightening to protect consumers.
Privacy laws are trying to stem the data privacy crisis and put the brakes on surveillance capitalism, but there’s still a way to go. California has the California Consumer Privacy Act (CCPA) and its successor, the California Privacy Rights Act 2020, which reins in the powers of Big Tech, preventing them from sharing consumers’ personal information and closing a loophole that meant companies could keep targeting ads with user data even when those users opted out.
Beyond the US, there is also solid progress being made in consumer privacy legislation, with the General Data Protection Regulation (GDPR) and Brazil’s new General Data Protection Law, for example. And we hope, in the coming decade, we will see a simplification of the current patchwork of privacy regulations in the US.
At Anonyome Labs, we believe privacy will be a defining issue of the coming decade, starting with some hot topics in 2021, as we ramp up the fight against abuse and misuse of data globally. Watch this space.