The Merriam-Webster dictionary defines “privacy” as the quality or state of being apart from company or observation. In the traditional sense, the term ‘privacy’ used to only apply to the conversations that you had with your doctor or therapist. In today’s digital world, privacy extends to almost every aspect of your everyday life.
Modern society has evolved into an environment that can only survive by constantly processing data to achieve results. Think about it — everywhere you go and with almost everything you do, you’re constantly carrying a cell phone around in your pocket. And your cell phone isn’t just sitting idly in your pocket when it’s not in your hand. It’s constantly processing usage and geolocation data and sending it back to your phone provider, or the companies that develop the mobile apps you’re using. If you need any proof at all, check out this piece from the New York Times.
‘Data privacy’ and ‘data security’ are two separate entities, and yet they are often used interchangeably. While separate, the two operate hand-in-hand. States in the U.S. are slowly getting up to speed with data protection regulation, but currently, these are only State-laws, and not Federal-laws, and they can vary drastically from state to state.
COVID-19 and Increased Concerns Around Corporate Data
In the age of COVID-19, over 60% of Americans are working from home (or were at one point) while simultaneously using personal computers for work, or using work computers on their personal home networks, in turn increasing the risk of data privacy and security concerns for corporations of all sizes. Online sales and ecommerce is up 55% year-over-year through July 2020 which has further boosted the risks for businesses with employees working from home and using work computers on home networks.
The state of privacy and data security (especially in the age of Coronavirus) has evolved beyond what most individuals ever could have imagined. The National Fraud Intelligence Bureau (NFIB) reported a 400% spike in coronavirus-related fraud reports in March 2020. There’s been a 600%+ increase in reports of phishing emails since February 2020. Ransomware payments have increased by 33% since the end of 2019. All of these statistics are a clear response from criminals to attempt to take advantage of worldwide fear and uncertainty due to the global pandemic. To top it off, in many cases, antivirus updates and security vulnerability patches have fallen by the wayside as people work from home because their corporate systems were not already set up for a massive work from home environment.
With the majority of workers at home (or not in their usual offices), employees are constantly interacting with sensitive and confidential data from their personal computers or home networks, or both. Because of this, corporations are facing a whole new slew of attacks on privacy and data security. Companies must rethink their security protocols as well as their disaster recovery and backup solutions as more and more confidential data is created or transmitted across insecure platforms. Companies with BYOD (bring your own device) programs or those that merely relied on employees having their own computers to work from home during this crisis have encountered unforeseen risks as those systems became shared-use with online shopping, kids’ schooling, and countless other needs.
Data privacy and data security *aren’t* Federal issues in the U.S. (yet)
In the European Union, the General Data Protection Regulation (GDPR) was adopted in 2016 and became enforceable in 2018, and basically, it gives more control to individuals over their personal data and simplifies the regulatory environment surrounding data protection.
However, unlike the EU, the United States does not have a federal privacy law (yet). Some U.S. states have started to follow suit. California has the most strict data privacy law of any U.S. state with the California Consumer Privacy Act (CCPA) which is intended to enhance the privacy rights and consumer protection for residents of California.
One of the biggest differences between GDPR and the CCPA is that CCPA addresses “consumers” versus GDPR which addresses “data subjects”. The term “data subjects” is much broader, and much broader on purpose. CCPA had an enforcement date of July 1st, 2020, but that became unclear as businesses have been struggling to prioritize consumer privacy, especially as the regulations could be changed again with the California Privacy Rights Act (CPRA) which is to be more strict than CCPA, and, is on the upcoming ballot in November 2020.
Only three (3) states in the U.S. have privacy laws currently in effect: California, Nevada and Maine, but many others have laws currently going through the legislation process. In general, these laws, in most cases, are not as comprehensive as GDPR. Plus, the guidelines on how companies need to comply are also fuzzy. Does your company follow the rules for the state you are headquartered in? Does your company have to follow rules for each state you do business in? Or, do you simply just implement the most strict policy from each state? The mix of legal, technical, and procedural skills needed to sort out how to react to these assorted rules is difficult to navigate and likely out of reach for all but the largest companies.
Privacy Concerns with Contact Tracing and Coronavirus
The global COVID-19 pandemic has opened the doors for global contact tracing, meant to trace and monitor the contacts of infected peoples. Manual contact tracing is labor and time-intensive, so naturally, governments are turning to smartphone apps for help.
With contact tracing, collected data is anonymized, but really only 4 data points are needed to ID most people. This raises questions about who has access to this data. Is it government agencies or law enforcement or healthcare organizations or private companies that develop these apps? The more people who handle this contact tracing data, the higher risk for human error to occur.
Imagine if every time you left the house, your local government was notified and tracked how long you stayed at each location away from your residence, and then compared that with every other person that you came in contact with? Well, it’s happening, right now, in countries around the world (gentle reminder that data can always be leaked, hacked, mis-used or stolen).
Conclusion
In the United States, the ideas of data privacy and data security have completely evolved into major issues since the concepts were introduced with the U.S. Privacy Act of 1974. From HIPAA in 1996 to COPPA in 2000, to CCPA and CPRA in 2020, it’s clear that the state of privacy will constantly be shifting.
Without Federal guidelines or resources to help smaller companies adapt, protecting consumers’ privacy will either hinder small business or be done solely as a best effort. The widespread use of the internet has disseminated your personal information across more sources, platforms and networks than you could ever know.
Now more than ever, it’s clear that future technologies and businesses need to be built and designed with data privacy in mind. Data privacy should never ever hinder innovation - it should foster the desire for tech. companies (and others) to do the right thing.
Privacy is a concern for any use of any cloud service, including Egenera. This is one of the key reasons that all Egenera cloud sites are geo-locked, keeping customer data & systems in the location of their choosing unless they request it to be moved. Although privacy laws in the U.S. are still progressing, we expect to see a Federal data privacy law that mirrors GDPR.
About Egenera
Egenera was founded in 2000 and was quickly named as one of the top 10 startups to watch in 2002. Egenera’s Xterity Cloud platform is a global public cloud offering that is built in top tier data centers with leading connectivity providers, with the mission to simplify the consumption and management of IT resources. Xterity’s simplified cloud console allows organizations to get into the cloud without certifications, developers, or system architects.
From their operations in Massachusetts & California, to Japan, the UK, and Ireland, Egenera has established a reputation within the cloud computing industry as a leader in simplified IaaS. Egenera can help organizations large or small achieve their goals by providing 24 x 7 x 365 support and learning the individual needs of your business.
Explore a simplified cloud platform and avoid hours of headaches at Egenera.com.
