Can Trump Get Data Privacy Right?

All you have to do is wotk through major headlines over the past few years and you’ll see they’re littered with stories of cyberattacks, data theft, and privacy concerns. From a political and legal perspective, the folks in Washington have a lot of influence over how/whether this issue is solved.

The Dire State of Data Privacy and Security

Since 2013, the Breach Level Index shows that more than 13.44 billion data records have been stolen. This amounts to an astounding 6.2 million per day, or 73 every second. And out of all of these data records that have been stolen, just 4 percent are considered “secure breaches” (where encryption was used and the stolen data was rendered useless).

No person or entity is immune to data breaches. According to MyMoid, identity theft accounts for 59 percent of data breaches. After this, financial access and account access are the most popular forms of attack, accounting for 17.8 percent and 9.6 percent respectively.

For businesses, the average cost of a data breach is more than $150 million. It also leads to the erosion of trust of consumers and facilitates a hostile environment where people and businesses are unable to trust one another.

On the citizen side of things, malicious web activity is at an all-time high rate. Apple’s Mac systems alone saw a 230 percent increase in malware activity last year, and the severity of online attacks doesn’t seem to be getting any better for other operating systems.

How the Trump Administration Should Respond

Though it may seem like a private sector challenge that businesses and individuals must deal with on an individual basis, data security is a national issue. As with any other crime or security threat, data privacy must be protected and enforced on a governmental level.

And it just so happens that Donald Trump and his administration are in power at a crucial junction where key decisions must be made. How Trump and others in power respond could impact the trajectory of this issue in America for years to come.

Here are some ways the administration is already dealing with the issue, as well as some thoughts on how they can move forward:

  1. New Data Privacy Policy

On May 25, 2018, the European Union officially began enforcing Europe’s General Data Protection Regulation, more commonly known as GDPR. This regulation consists of a collection of rules that outline how businesses can gather and use data. And while it only applies to businesses that collect information on customers living in the EU, it appears that American policymakers are paying attention

Earlier this year, it was announced that the Trump administration had begun work on developing a consumer data privacy policy. The Commerce Department also began meeting with big tech companies like Facebook Inc., Alphabet Inc., and Comcast Corp.

In a July Statement, White House spokeswoman Lindsay Walters said that the administration, with the help of the White House National Economic Council, “aims to craft a consumer privacy protection policy that is the appropriate balance between privacy and prosperity.... We look forward to working with Congress on a legislative solution consistent with our overarching policy.”

While any American data privacy policy won’t be an exact replica of Europe’s GDPR, it’s possible that there will be some similar elements -- such as giving consumers more control over what online data they share with companies.

  1. Larger Data Theft Task Forces

While there’s already some presence in this area, the White House, Federal Trade Commission, and FBI need to work together to invest more resources into data theft task forces that specifically target criminals who choose to participate in illegal behavior that targets American citizens.

One of the most important challenges will be luring top talent into this area, as opposed to other more traditional task forces that combat violent crimes, drugs, and national security threats. Once professionals see the value in this space, data theft and cybersecurity -- as career tracks -- will be viewed in a more positive light.

  1. Require Two-Factor Authentication

There’s no excuse for lax policies when it comes to conducting sensitive transactions in a hostile digital landscape -- particularly when it comes to filing taxes or applying for credit. Two-factor authentication should be a mandatory requirement in these instances.

“Two-factor authentication requires the identification number plus a second element based on something physical in the possession of the consumer. This could be a one-time code sent to the consumer via email or SMS, or some biometric element (such as a fingerprint or iris scan),” HexaTier explains. “These technologies are already mature enough for widespread implementation today. An identity thief without access to the consumer’s email account, mobile phone or physical body will be unable to accomplish anything with the identity number alone.”

There’s also a case to be made for more single-use/disposable identity numbers for secure transactions. This ensures that information, even if stolen, is unusable by the theft. So while it won’t prevent data theft from occurring, it can limit the damage (much like encryption does).

  1. Greater Penalties for Offenders

As things currently stand, there aren’t a ton of negative ramifications for businesses that fail to properly protect consumer data. Sure, there may be certain fines and slaps on the wrist, but most large organizations see these as nothing but minor speed bumps in the road.

To get businesses to take data privacy seriously, there needs to be a greater sense of responsibility. Serious penalties -- on a legislative level -- can make sure repeat offenders don’t have the chance to make similar mistakes three, four, or five times.

Restoring Trust in a 1984-Esque World

In George Orwell’s famous book 1984, he tells the story of a dystopian world where citizens become victims of perpetual war, government surveillance, propaganda, and an overall lack of personality or privacy. And though it was a fiction novel published in 1949, many of the circumstances Orwell wrote about seem to be coming true.

While the establishment has played a catalytic role in facilitating the progression towards an Orwellian society, it’s ultimately up to those in Washington to rescue us from the current state of affairs.

President Trump has always prided himself in being anti-establishment. He speaks of draining the swamp and putting people of real experience and value into office to make intuitive decisions that benefit average middle-class citizens. And if there ever were a way to show the American people that privacy and security matter, it would be to place an emphasis on preventing and combatting cyberattacks, data theft, and related concerns.

The time to act is now. Privacy is quickly dissipating, and it’s up to our current leadership to be proactive about what’s a very real concern. The only question is, will they listen?

All you have to do is wotk through major headlines over the past few years and you’ll see they’re littered with stories of cyberattacks, data theft, and privacy concerns. From a political and legal perspective, the folks in Washington have a lot of influence over how/whether this issue is solved.

The Dire State of Data Privacy and Security

Since 2013, the Breach Level Index shows that more than 13.44 billion data records have been stolen. This amounts to an astounding 6.2 million per day, or 73 every second. And out of all of these data records that have been stolen, just 4 percent are considered “secure breaches” (where encryption was used and the stolen data was rendered useless).

No person or entity is immune to data breaches. According to MyMoid, identity theft accounts for 59 percent of data breaches. After this, financial access and account access are the most popular forms of attack, accounting for 17.8 percent and 9.6 percent respectively.

For businesses, the average cost of a data breach is more than $150 million. It also leads to the erosion of trust of consumers and facilitates a hostile environment where people and businesses are unable to trust one another.

On the citizen side of things, malicious web activity is at an all-time high rate. Apple’s Mac systems alone saw a 230 percent increase in malware activity last year, and the severity of online attacks doesn’t seem to be getting any better for other operating systems.

How the Trump Administration Should Respond

Though it may seem like a private sector challenge that businesses and individuals must deal with on an individual basis, data security is a national issue. As with any other crime or security threat, data privacy must be protected and enforced on a governmental level.

And it just so happens that Donald Trump and his administration are in power at a crucial junction where key decisions must be made. How Trump and others in power respond could impact the trajectory of this issue in America for years to come.

Here are some ways the administration is already dealing with the issue, as well as some thoughts on how they can move forward:

  1. New Data Privacy Policy

On May 25, 2018, the European Union officially began enforcing Europe’s General Data Protection Regulation, more commonly known as GDPR. This regulation consists of a collection of rules that outline how businesses can gather and use data. And while it only applies to businesses that collect information on customers living in the EU, it appears that American policymakers are paying attention

Earlier this year, it was announced that the Trump administration had begun work on developing a consumer data privacy policy. The Commerce Department also began meeting with big tech companies like Facebook Inc., Alphabet Inc., and Comcast Corp.

In a July Statement, White House spokeswoman Lindsay Walters said that the administration, with the help of the White House National Economic Council, “aims to craft a consumer privacy protection policy that is the appropriate balance between privacy and prosperity.... We look forward to working with Congress on a legislative solution consistent with our overarching policy.”

While any American data privacy policy won’t be an exact replica of Europe’s GDPR, it’s possible that there will be some similar elements -- such as giving consumers more control over what online data they share with companies.

  1. Larger Data Theft Task Forces

While there’s already some presence in this area, the White House, Federal Trade Commission, and FBI need to work together to invest more resources into data theft task forces that specifically target criminals who choose to participate in illegal behavior that targets American citizens.

One of the most important challenges will be luring top talent into this area, as opposed to other more traditional task forces that combat violent crimes, drugs, and national security threats. Once professionals see the value in this space, data theft and cybersecurity -- as career tracks -- will be viewed in a more positive light.

  1. Require Two-Factor Authentication

There’s no excuse for lax policies when it comes to conducting sensitive transactions in a hostile digital landscape -- particularly when it comes to filing taxes or applying for credit. Two-factor authentication should be a mandatory requirement in these instances.

“Two-factor authentication requires the identification number plus a second element based on something physical in the possession of the consumer. This could be a one-time code sent to the consumer via email or SMS, or some biometric element (such as a fingerprint or iris scan),” HexaTier explains. “These technologies are already mature enough for widespread implementation today. An identity thief without access to the consumer’s email account, mobile phone or physical body will be unable to accomplish anything with the identity number alone.”

There’s also a case to be made for more single-use/disposable identity numbers for secure transactions. This ensures that information, even if stolen, is unusable by the theft. So while it won’t prevent data theft from occurring, it can limit the damage (much like encryption does).

  1. Greater Penalties for Offenders

As things currently stand, there aren’t a ton of negative ramifications for businesses that fail to properly protect consumer data. Sure, there may be certain fines and slaps on the wrist, but most large organizations see these as nothing but minor speed bumps in the road.

To get businesses to take data privacy seriously, there needs to be a greater sense of responsibility. Serious penalties -- on a legislative level -- can make sure repeat offenders don’t have the chance to make similar mistakes three, four, or five times.

Restoring Trust in a 1984-Esque World

In George Orwell’s famous book 1984, he tells the story of a dystopian world where citizens become victims of perpetual war, government surveillance, propaganda, and an overall lack of personality or privacy. And though it was a fiction novel published in 1949, many of the circumstances Orwell wrote about seem to be coming true.

While the establishment has played a catalytic role in facilitating the progression towards an Orwellian society, it’s ultimately up to those in Washington to rescue us from the current state of affairs.

President Trump has always prided himself in being anti-establishment. He speaks of draining the swamp and putting people of real experience and value into office to make intuitive decisions that benefit average middle-class citizens. And if there ever were a way to show the American people that privacy and security matter, it would be to place an emphasis on preventing and combatting cyberattacks, data theft, and related concerns.

The time to act is now. Privacy is quickly dissipating, and it’s up to our current leadership to be proactive about what’s a very real concern. The only question is, will they listen?