The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article.
After being the subject of big-box data pillaging for so long, consumers finally demand control over their own natural resources – and they’ll take their business elsewhere if they don’t get it.
As individuals see global corporate powers haggle over their personal information, they start to sense just how much their data is worth. And they’re not giving it out for free anymore; in a recent Thales report, 87% of consumers expect “some level of privacy rights” from the companies accessing their data. This seems to be a theme; as companies ask for customers’ information, customers are making demands in return. The question is, can companies keep the balance?
People don’t trust you with their data. Period.
When you trust someone with your finances, you give them control over them. This could be an executor, an investment adviser, your spouse – anyone you feel would do as good a job as you or, better, someone with your best interests at heart. When you don’t trust someone, the opposite is true.
Judging by the amount of control consumers now demand over their data, it’s clear that trust is a commodity yet to be earned by corporate entities. Or if once given by default, it is now hastily being snatched back. A report by professional services firm KPMG revealed that 56% want more control over their personal data, and 87% characterize it as a human right. Indeed, digital rights are human rights!
A recent study by the Annenberg School for Communication summed it up: “Eighty percent of Americans believe that what companies know about them can cause them harm.”
“I have data rights and am not afraid to use them!”
More and more, people are recognizing the high value that businesses place on their data – indeed, that it is the source of many businesses – and they want control over who has it, what they do with it, and when it can be obtained.
It also leaves a really, really bad taste in their mouths when organizations try to hide their data collection, “con them out of it,” or refuse to protect it (and them in the process). The Digital Trust Index report highlights what users now expect from the companies sourcing their information. The list amounts to a very short leash, indicative of very minimal trust. It includes:
72% | Online brand interactions that fit around their workday.
22% | Over one in five will give up after a fruitless online customer service interaction.
46% | A clear view of the data they’ve consented to share.
Additionally, the report reveals that these requirements come with a great deal of mistrust surrounding the entities that handle their information. Trust around the globe in social media companies ranges
from a high of 10% in the US and South Africa, to a low of 2% in Japan. When it comes to organizations using Generative AI, nearly half of all respondents were wary (47%), while those in France and the UAE showed above-average concern (54%).
These stats highlight the challenging position this puts many businesses in, although the terrain is to be expected.
How Do I Protect Them? Let Me Count the Ways
Following significant breaches of trust, there has been a decline in consumer trust towards corporations, governments, small businesses, and non-profits when it comes to safeguarding their information. Consumers are increasingly vigilant and assertive in ensuring the security and privacy of their personal data. Clear-cut and aggressive legislation protecting every ounce of data and consumer autonomy over it has been what’s followed, and that ball is still rolling.
It’s worth compiling a list of all, or at least many, of the notable data privacy and protection laws to date. These are the fruits of our misgivings around for-profit companies harvesting our stats without (and even with) our consent. It can only be approximate, as this legislative snowball is picking up steam, and many are in the works as we speak.
Quick spoiler: Of 194 countries represented in the United Nations (technically 193 plus two non-member observer states), 137 have enacted data privacy and protection laws to date. Here are some you might recognize.
GDPR | General Data Protection Regulation (GDPR)
CCPA | California Rights Privacy Act (CRPA)
APRA | American Privacy Rights Act (APRA)
HIPAA | Health Insurance Portability and Accountability Act (HIPAA)
PCI DSS | Payment Card Industry Data Security Standard
GLBA | Gramm-Leach-Bliley Act
In the US, fifteen states have enacted comprehensive data privacy laws, seven more have put more narrow ones in place, and fifteen total have introduced privacy laws in 2023-2024, according to Bloomberg Law.
The Consequence of Breaking [Data] Trust
While the effort required to implement data protection policies around the globe is monumental, it is simply “the cost of doing business” in the modern world. Don’t do it and see what happens. Security Magazine figures indicate that 66% of US consumers would send a clear message to ham-handlers of sensitive data, refusing to trust their information to a company that suffered a breach.
Consultants at Wavestone report over 91% of businesses now derive significant value from customer data, that’s a message for companies worth listening to and acting upon. Investing in a Customer IAM solution that keeps customer privacy front and center of the authentication journey becomes an enabler for compliance, enhanced trust, and improved bottom line.
An ardent believer in personal data privacy and the technology behind it, Katrina Thompson is a freelance writer leaning into encryption, data privacy legislation, and the intersection of information technology and human rights. She has written for Bora, Venafi, Tripwire, and many other sites.