Technology always moves faster than those who attempt to control it. When new technologies generate record profits, fueling an economic fire, regulation hardly seems necessary. But at some point, that innovative spark cannot be controlled, and regulators’ laissez-faire attitude will end. With the recent litany of high-profile cyber-attacks, it’s time to seriously consider the negative impact lack of regulations on technological growth could have on our lives and on our society at large.
The European Union’s upcoming implementation of the General Data Protection Regulation (GDPR) represents the first step in combatting the commercialization of personal information. GDPR will doubtlessly change the global privacy landscape, but whether it will ignite a regulatory trend remains to be seen. Historically, the United States has been averse to regulating tech giants for fear of stunting their growth. While the conflict between privacy and corporate profits seems resolute, it’s not a zero-sum game.
Companies don’t need to sacrifice their growth to ensure consumer peace of mind; both can occur simultaneously. When organizations blatantly disregard their responsibility towards consumers, we need to start asking questions. Breaches are inevitable when technology continuously evolves, but simple steps can be taken to prevent these occurrences from being so catastrophic and placing so many people at risk.
Privacy, Meet Profits
Organizations need to proactively control their data, especially when customers’ personal information is at stake. Reactive policies are not enough: they’re too little, too late. We cannot continue to allow organizations to mishandle private information and escape with nothing but a short apology and a free fraud detection subscription once the damage is already done.
It’s not always intentional disregard causing these issues. Outdated enterprise systems cannot handle modern amounts of data. As software continues to develop, these old systems needs to be phased out and replaced. The challenge? Risky as it may be, information held within these systems doesn’t simply disappear. Proactive control is necessary for determining which information should remain and which confidential or risky information should be deleted. Email archives and shared drives need policies which prevent needless record retention, therefore preventing potentially sensitive information from falling into the wrong hands.
Implementing these policies may be costly, but it makes business sense in the long run. Companies can mitigate risk by defensibly deleting data and drastically cut legal costs by improving their early case assessment (ECA) speeds through proactive management and streamlining of their data.
The cost of not doing so will be mountainous. For instance, GDPR sanctions could reach up to 4% of an organization’s total global revenue. The PR costs and fallout from such a breach could be even worse. We only need to look at Equifax as a case in point. These real possibilities must be addressed now more than ever.
The Need for Regulation
There have been 1,103 data breaches in 2017 alone, according to the Identity Theft Resource Center. More than 171 million records have been exposed. Looking away and hoping not to be next is not a sustainable solution. At some point, organizations must acknowledge the risks involved in improperly protecting customer data. Consumers, governments, and businesses alike have begun to see the risks involved in anemic data management and are seeking a change.