Managing privacy: how consumers are changing the paradigm

December 23, 2019
a close up of a woman's hands using her cellphone demonstrates the need for managing consumer privacy with cybersecurity regulations

As more and more personal data is shared online, consumers are becoming more knowledgeable about what they share and with whom their data is shared. Per the Federal Trade Commission, over 440,000 individuals reported identity theft during 2018 and that number continues to grow each year. As a result, many consumers are fighting back over their right to have their personal information protected.

As companies like Facebook and Google come under fire for their privacy practices, consumers have been requesting more expansive federal privacy legislation and implementing clear rules for security protocols.

Currently, there is no one comprehensive federal law that regulates the collection and use of personal information. Specific regulations, such as the Health Insurance Portability and Accountability Act (HIPAA), covers protected health information in certain circumstances, but no one law covers all personal information shared in the digital medium. 

In a Pew study from 2016, “roughly half of Americans do not trust the federal government or social media sites to protect their data.” Companies and retailers fared slightly better, at 36%. Additionally, the study found that 49% of Americans “feel that their personal information is less secure than it was five years ago”.

Nuala O’Connor, in an article on Reforming the U.S. Approach to Data Protection and Privacy, outlined what she felt were the four qualities necessary to implement to best protect not only the data of consumers, but the consumers themselves.

  1. Develop a law that will “cover all institutions, not just tech companies, credit-rating agencies, and other narrow sectors of the economy.”
  2. Remove inconsistencies that exist due to conflicting legislation, particularly surrounding protected health data, which is currently regulated under a number of individual laws.
  3. Incentivize companies for implementing preventive practices and require legally mandated response mechanisms when a breach does occur. 
  4. Recognize that the definition of a harm that comes from a breach needs to be expanded. “Identity theft is one such harm, but so too are the inconveniences suffered by affected individuals and their gnawing sense that they lack control over their ‘digital selves’.”

At the core of any increased privacy initiatives is the idea that a consumer has the right to keep their information private, and companies are responsible for ensuring that data remains private. 

To address this, items that have been proposed as part of the Customer Online Notification for Stopping Edge-provider Network Transgressions (CONSENT) Act include requiring online providers to:

  • Notify customers about the collection, use, and sharing of personal information
  • Obtain opt-in consent to use, share, or sell customers' personal information
  • Develop certain data-security practices
  • Notify customers in the event of a security breach.

While still under consideration, the Act addresses many of the concerns consumers have shared regarding their right to privacy.

Want to learn about cybersecurity? Capitol offers bachelor’s, master’s and doctorate degrees in cyber and information security. Many courses are available both on campus and online.To learn more about Capitol’s degree programs, contact admissions@captechu.edu.