A recent study by security firm Carbon Black found that 84% of companies polled had suffered a data breach within the last year. Yet, while data breaches are becoming more common, most of us have done little to change our internet habits to protect our personal data. In this article, Sophie Lalor-Harbord looks at why protecting your data is becoming increasingly important.
We all know how data breaches affect businesses, from regulatory penalties, reputational issues, drops in share price to costs of dealing with investigation and compensation. But how do breaches affect individuals and why should we care?
The most obvious reason why we need to protect our devices and online accounts is to secure our financial identity. Phishing scams, luring people into providing private data (such as credit card information), are becoming more common and the more information we make public online, the more vulnerable we are to such scams.
When it comes to data that is less obviously sensitive, it might be easy to think “well I have nothing to hide, so it doesn’t matter”. But in reality, we all have something to hide, whether it is how much money we earned last year or that we watched every episode of last season’s Love Island. And even if we don’t think we have anything to hide now, we might do in the future. The fact is, we should all have control over who knows what about us.
While many of us are lucky to be able to say that our childhood was not documented on social media, we need to be mindful of the impact that our online presence might have on our children. For example, if your child wants to run for political office one day, which of your online posts or photos could be used against them to damage their reputation? And do we trust that what we have posted online to a select group of friends/family will still only be available to those people in 15 years’ time? As Bitcoin engineer Jameson Lopp (who lives his life ‘off-grid’) recently said: “The biggest issue is that you don’t know what might become an issue.”
Perhaps the scariest thing about the fact that organisations can and have been monitoring our online presence is that it might change our behaviour. Even information we don’t actively share, such as our browsing history, is used to feed us advertising that makes us more likely to spend money online. The fact that we buy something that we might not otherwise have bought because of targeted advertising is one thing, but the fact that we might not look something up on a search engine for fear of someone watching is another. It is a slippery slope.
Finally, our data is valuable. While we might choose to provide it in return for ‘free’ online services, that doesn’t mean that the providers of those services should be entitled to sell it on. If our data is used without our permission or something goes wrong and it is stolen, we have the legal right to be compensated. For example, in the case of Richard Lloyd v Google LLC [2019] EWCA Civ 1599, which is going through the English courts at the moment, it is suggested that iPhone users who were subject to Google’s unlawful tracking should be compensated £750 each.
Protecting our data and being conscious of what we put online and how it might be perceived, used or passed on is crucially important if we are to remain financially secure and able to manage our own reputations and identities.
