Last week, an article reported a class-action lawsuit against Facebook and allegations that the social network was selling data from private user messages to advertisers. This is certainly not the first, nor will it be the last, accusation that a social networking site has collected and leveraged user data without clear communication to and agreement from its users. Not only are consumers faced with the risk that a site might gather and sell their data without their knowledge or approval, but they also face the threat of social networks and other sites being hacked and their data being stolen and misused.
Most recently Snapchat, Target and Neiman-Marcus suffered security breaches that resulted in of users’ and consumers’ accounts being exposed. While these breaches aren’t the same as intentionally mining and selling private data, they may’ve resulted from insufficient investments in data security. Snapchat, for example, was warned a week before they were hacked that their code posed a security risk. Social and ecommerce sites take steps to minimize security risks and mitigate tangible and intangible losses if a breach occurs, but are they doing enough? Is there a market for users to pay for guaranteed privacy?
The number of sites, apps and data access points is increasing. The volume of data shared is growing. Hackers are devising new methods of breaching security safeguards. Companies are investing just enough to meet legal requirements while maintaining margin. Is it time to take new, drastic measures, such as privatizing data security and privacy? Creating an exchange where people can track and manage their exposure? Pulling back the curtain, aggregating and reveal which companies have access to what data? Turning over control to users by giving them a single site where they can opt out of services, take educational courses to help them protect themselves or pay for better protection—thereby subsidizing costs of losses?
These are just a few suggestions, but the overarching theme is that we now live in an information economy where more data is being mined, collected and traded everyday and where the owners of that data—consumers—know precious little about what is being collected, who gets to use it and how. As long as that is the case, individuals face the threat of having their data exploited. Companies and financial institutions face the threat of security breaches, erosion of consumer confidence and millions of dollars in financial losses. It’s time to share the control and responsibility for managing consumer data privacy and security with consumers.