Taking Responsibility for Data Privacy

Money Matters

Late in 2019, the Pew Research Center’s Internet & Technology group published the results of a study about data privacy and individual control over personal information. Most survey respondents felt their personal information was less secure than ever before, and that providing data to companies and marketers posed more risks than benefits.

Six in 10 survey respondents were certain that their online and offline activities were being tracked daily by businesses and the government. And during COVID, with more people needing to make purchases online, communicate with friends and family online, and use online tools to stay connected to the world, those concerns are certainly valid. Fortunately, government watchdog groups and legislation enacted throughout the world can help. But taking personal responsibility for keeping sensitive information safe and secure requires all of us to be vigilant.

GDRP, CPRA and the Latest Data Privacy Measures

padlock on a computer keyboard to represent data privacy.The European Union passed the General Data Protection Regulation (GDPR) in May 2018, making it a legal obligation for companies to protect the private information of EU citizens. Companies doing business in the EU – online or off – were notified well in advance of the ruling and resulting legislation and have faced hefty fines for noncompliance.

GDPR had real teeth and even industry giant Google ran afoul of the rules. In January 2019, just months after GDPR went into effect, Google was fined in excess of $57 million dollars for “lack of transparency, inadequate information and lack of valid consent regarding ads personalization.” Google fought back, but a French court upheld the ruling and fine this past summer in June 2020.

California enacted a similar state-specific version in July 2020 called the California Consumer Protection Act (CCPA), which will be further strengthened by the California Privacy Rights Act (CPRA) which passed in November 2020. Under the new regulation (which goes into effect in 2023), Californians can dictate how their personal information (race, religion, sexual orientation, health, geographic location – even private conversations) can or cannot be used. Minors must expressly agree to have their data shared or sold, and companies that ignore the legislation will face sizeable fines.

Which Countries Do the Best Job at Maintaining Online Privacy?

With its reputation for guarding countless bank accounts, you may have guessed that Switzerland tops the list. The Swiss Federal Data Protection Act (DPA) has been in effect since 1992, furthering Switzerland’s reputation for keeping money and information entrusted to it safe and secure. The DPA is a work in progress, and as recently as September 2020 it underwent a stringent review. The Swiss government determined that additional protective measures are needed, particularly for Swiss companies transferring data to the United States.

Iceland has had a similar Data Protection Act since 2015, designed to protect its citizens’ privacy, and Malaysia enacted its Personal Data Protection Act in 2010 to prevent citizens’ personal information from being used inappropriately.

Finally, Spain, which is part of the EU and covered by the GDPR, has its own national data protection agency and strict laws governing companies that have data transfer equipment in Spain.

What Can You Do to Protect Your Privacy and Personal Information?

While it’s heartening to know that watchdog groups and governmental bodies are working to improve protections for their citizens, we need not move to Switzerland to keep our personal information safe. It’s up to us as individuals to take charge of how our data is used and shared. There will always be bad actors looking to exploit and misuse personal and financial information, but there are steps you can take to prevent being a victim.

The Federal Trade Commission (FTC) website offers comprehensive information about keeping personal information secure both online and offline. These four tips are key to the FTC approach to data privacy and security:

  1. Know who you are sharing information with
  2. Store and dispose of your personal information securely, especially your Social Security number
  3. Ask questions before sharing your personal information
  4. Maintain appropriate security on your computers and other electronic devices.

Data privacy and protection is our individual responsibility. While respondents to the Pew Research Center survey said they lacked control over their personal information, most confessed that when presented with an opportunity to read a company’s privacy policy, they simply clicked through without reading. In fact, only 22% said they regularly read the Privacy Policy when making a purchase or agreeing to something online where personal information was exchanged.

Take advantage of every opportunity to learn what your personal information will or could be used for before handing it over. Glossing over the fine print and agreeing to terms and conditions without understanding them removes any control you have over your personal data. Our individual actions can complement legislation enacted to protect our privacy.