There has been a lot of talk about privacy, security and data in general which made the headlines in the last couple of months. Most notoriously the GDPR law also came into effect as of 1st of May, which obliged companies take measures to protect the privacy of the European citizens (and not only). At the same time there has been a lot of scandals surrounding data privacy, most known the ones around Facebook.
So, what’s really changed? I think on the surface, people have started to think more about what kind of data they are publishing on the internet about themselves and be more conscious. In reality, I don’t think much has changed, especially since lots of companies started implementing those measures very late. Just one example, I have asked a recruitment service to delete my data about a month and a half ago and I still get automated e-mails from them asking me what to do with my data?
Leaving the big scandals aside, reality is really scary from my point of view. IT revolution has impacted lots of business, but most of them do not have IT as a core business, rather they are using the digital transformation to increase efficiency, performance and make smarter decisions. As a consequence, there are places where software engineers have direct access to client data when they shouldn’t. Unfortunately there is no study that showcases how many companies have this problem and to be honest this is the scary part. I think, companies should go beyond GDPR and have policies that strictly control who has access to this data in a way that can’t be altered and any access has to be logged for auditing purposes. Speaking of which, I wonder how many companies out there do audits on the data?
Reality is that data has become one of the most important assets, if not the most important one as increasingly more companies gather data on their clients. The types of data has also changed, now there are ways to track people over the internet, beyond the website they visited. For an average user this is hard to understand and I am afraid we are not doing enough to protect people’s data. I understand that data is useful for service provides to improve their service and experience for customers, however I feel like there are parties who have taken this beyond that scope.
There is another side to this coin, according to the “right to be forgotten”, companies have to delete the data they have on you on your request. Unfortunately, there are already ways to get around this, by removing any PII (Personal Identifiable Information) but keeping the rest of the data to be processed.
There is also the question of who is responsible for this data? Lots of cases, where customers data has been leaked online from a variety of service providers such as Facebook, Uber, Yahoo!, British Airways etc made the headlines and I have yet to see big actors taking responsibility for this on behalf of their customers.
That means each and one of us is responsible about their data online, so what can you do? Be mindful of the Apps you use, Websites you visit, Services you use, especially the free ones because they have to make a living and they make that living off the data you provide.
On a different note, I think it’s reasonable to think about anything you put online, as it’s going to live there forever.