Last year, I attended a conference where I asked the keynote speaker if we would ever see GDPR-type regulations passed in the United States. She said no, she didn’t think businesses or government would be able to agree on anything to pass similar regulations.
That may be true, but research shows that the majority of Americans don’t agree, thanks largely to the Facebook and Cambridge Analytica data sharing scandal. According to a study conducted by customer identity and access management (CIAM) company Janrain, 57 percent say that the Cambridge Analytica incident made them more aware of data privacy issues and 69 percent want GDPR-style regulations to be put in place here. Nearly 40 percent want the ability to control how their data is used and see a “right to be forgotten” rule, which requires organizations to delete data they may have on a European user should the user ask, enacted here.
In other words, Americans want to see companies provide better governance of sensitive data. For example, even though a third of the respondents said they were okay with websites and mobile apps monitoring their information to provide well-targeted ads, coupons and other experiences, they want these businesses to do due diligence when it comes to protecting their data. And hasn’t that long been the problem – these companies have our information but we customers have no idea how our sensitive information is stored or shared. I think what the respondents in this survey are saying is that we get that you need our data so we have a good experience with your company, but we want some assurance that you are doing everything possible to protect us from having our money or identities stolen.
Jim Kaskade, CEO at Janrain, appears to agree with my assessment, stating in a formal response:
Over the past few years, consumers had been reporting growing acceptance of allowing businesses to use their personal data in order to provide personalized products, services and experiences. However, that does not mean that you treat it any differently than financial or health information, which is highly regulated. The recent news surrounding Cambridge Analytica has awakened people to the fact that they value their social data as much as they do any other personal data. Now the question is whether businesses will begin to self-regulate to address this fact.
And if businesses don’t do it, will the government step up to enact GDPR protections here — or will organizations forced to follow EU compliance do a better job at protecting all of us?
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba