Data is a great resource for companies. It helps propel product innovations and in many cases, is direct feedback for what direction a product should develop. Its value extends beyond the company collecting information, which is often why companies are willing to sell their data to others.
Most free services on the internet aren’t free; you’re the product being sold.
The superhighway of the web has led to our information being placed online in different formats and on websites we likely don’t visit often. With the increasing number of data breaches, hacks, and poor protection by companies, the fight for privacy as a consumer is long overdue.
For businesses handling user’s data, it’s clear the basics of approaching this issue should include hashing passwords, encrypting databases, and anonymizing data. These best practices may seem simple, but it’s evident they’re not being followed.
Passwords
The need for strong passwords is more apparent than ever. The rules for strong passwords have changed over the years, but products like a password manager (1Password, LastPass, etc.) ensure it’s easy to get your accounts to be secure.
To no surprise, we encourage all of our clients to create unique passwords they aren’t using anywhere else. Also necessary is the activation of two-factor authentication, which should reduce the chances people can log into your account onto a new device without you knowing.
Our clients often need to share passwords to allow us access to accounts they’re using. The most secure way to send these passwords is through an encrypted messaging service such as Keybase. If you don’t wish to download another program, you can encrypt a pdf with a password and send a master list of passwords securely via Firefox Send.
Data protection
In a world where passwords and personally identifiable information are still being stored in plain text, it’s time people start taking database encryption seriously. There’s no reason users should be concerned about their passwords being leaked as they were stored irresponsibly. Standard encryption protocols call for all passwords in a database to be hashed, but there’s different levels of hashing.
Best case scenario, always create a strong password (AKA one you find difficult to memorize) and change your password if you’ve been involved in a hack.
Similarly, when it comes to collecting usage and traffic data, it should always be collected anonymously. For example, data collected from a phone shouldn’t collect any personally identifiable information.
Both Apple and Google have embraced differential privacy, a method that makes it harder to identify a single user’s information in their data, and Google has even produced libraries to help developers implement the concept in their own work.
GDPR and CCPA
Policy always lags behind technology. However, it’s starting to catch up and enforce rules to protect consumers in the 21st Century. GDPR and CCPA are two of the biggest laws in this effort to modernize.
GDPR or General Data Protection Regulation is a law enacted in the EU in 2018 to empower citizens to have clearer control of who can use their data. Without getting into all of the details, it’s important to be familiar with this law if you plan on launching a product that will be used by citizens in the European Union.
Similarly, CCPA or the California Consumer Privacy Act is California’s solution to addressing data protection needs. For instance, it forces companies to give consumers the ability to delete their data a company has collected for the first time or use a stripped down version of a software.
Some companies have expanded the protections to consumers outside of California and there’s a good chance it will influence similar legislation across the U.S.
What comes next for privacy in tech
Thanks to data breaches and legislation like GDPR and CCPA, the focus of protecting privacy has increased, even if policies to reflect this have yet to be implemented.
Consumers are nevertheless more vigilant about how companies use their information, even if they have no control of where it goes. Of course, data is critical for targeted marketing and ads, a feature people both appreciate and don’t, so at the end of the day it’s really about being responsible about information.
Transparency is the key guiding principle behind a lot of the momentum behind privacy in this sector. The more companies can get on board with this, the more likely consumers will be to participate on their platforms. Still, many people have given up on ever taking control of their information. There’s a long way to go in accountability for both sides in this marketplace, but in the end drawing clearer guidelines around best practices will benefit everyone involved.