Privacy: Who cares?

Share this article:
Privacy: Who cares?
Following massive breaches and Snowden leaks, who cares about privacy anymore?

Following the recent headline-making breaches at Target and Neiman Marcus, which exposed the personal data of 100 million-plus customers, as well as the secrets exposed by Edward Snowden that the U.S. government is collecting data on the communications of U.S. and foreign citizens, the question is: Who cares? 

Target will be hit with costs of around $1.4 billion, according to a Wall Street Journal report. So, execs are presumed to be finally taking notice of the consequences. But, is the general public mindful of these intrusions into their privacy? Are average citizens willing to have their personal information exposed if it means convenience in using credit cards, mobile devices or the internet? 

Despite the efforts of security experts to spread the word on safe online practices, and all the appliances put in place to protect enterprise and public networks from the “bad guys” trolling for proprietary data and personal information, what exactly is the deal with privacy? Who suffers most when a breach occurs: The person whose PII is purloined, the financial institution responsible for restitution, the security firm whose tool has just been proven ineffective?

“Target is the sea-change that has impacted not only consumers but regulators, merchants and the banking industry,” said Craig Spiezle, founder and president of the nonprofit Online Trust Alliance. Up to recently, a breach has been perceived as a business annoyance and was ignored by many, he said. “As the world is increasingly becoming a data-driven economy, data security and privacy issues are now top of mind.”

Spiezle added that as consumer anxiety is climbing, the industry must move from a misguided view that compliance is enough and commit to data privacy and security stewardship. “We must provide great user controls and focus on data minimization to reduce the exposure, while also communicating to users the value they receive in exchange for their personal information.”

But, still, will it take a fraud committed in their name to get individual customers to raise their voice? “As long as the financial and retail sectors continue their refusal to disclose the sources and types of breaches from which they suffer, then that – personal liability – should never happen,” said Avner Levin, associate professor and director of the Privacy and Cyber Crime Institute, Ryerson University in Toronto. “Let's start by asking for transparency and information sharing around security breaches.”

If the masses are not yet careful enough with their online habits, perhaps board rooms, at least, are getting the message that privacy is not simply a security issue, but a component of business operations that affects their bottom line.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in 2 Minutes On

Best practices for removing admin rights: A step-by-step approach

Careful control of administrator rights in the very foundation of IT Security. Allowing admin rights exposes a dangerous security risk, creating an easy entry point for advanced persistent threats, zero-day attacks and sophisticated malware.

Mobile-derived credentials

It's more than a trend. Mobile devices are becoming the new enterprise desktop. But mobile devices require the same security considerations to access corporate intranets or securely sending and receiving email.

Catching up to the insider

Catching up to the insider

Have effective changes been instituted to protect organizations from other Snowdens or negligent employees?