Civic News
Cybersecurity / Data / Federal government / Guest posts / Policies

Will US reform help Americans ‘own’ their data — and help businesses protect and recover it?

On International Data Privacy Day, Infrascale's director of product marketing discusses how Americans view data privacy, and the policy being developed around it.

Big data. (Photo by Pixabay user geralt, used under a Creative Commons license)
This is a guest post by Doug Braun, Reston, Virginia-based Infrascale's director of product marketing. A version of it originally appeared on Infrascale's website and is republished here with permission.

Some special days on the calendar are whimsical, some are too commercialized. International Data Privacy Day — Jan. 28 — is neither. It highlights a massive and unwieldy problem requiring immediate global attention from individuals, businesses, governments, and organizations of every kind:

Exponential data growth in our data-filled work, lives, and world means unprecedented personal and business data exposure.

A problem space

First, let’s dig in and consider the data growth. Estimates in 2019 concluded that the entire digital universe in 2020 would be some 44 zettabytes of data — that is, “40 times more bytes than there are stars in the observable universe.”

This sheer amount of data, structured and unstructured, and the speed of its creation threaten our capacity to control it. Its large cyber surface area and the pitfalls of its exposure — some the result of data attack and some the result of data loss — are many: data and intellectual property theft, data laundering, identity and anonymity attacks, discrimination, ransomed data, reputation damage, lost revenue, and customer exploitation of every kind.

Of even bigger concern, however, is that this isn’t an exhaustive list.

As known and unknown patterns of risk expand, the idea of privacy — being free from the observation, interference, and the intrusion of others — will become a distant memory if data protection and recovery don’t keep pace with its growth.

Now consider Americans’ behavior and beliefs on this matter. On the one hand, Americans freely give away and potentially expose their data via apps constantly. But on the other, Pew Research from 2019 reveals the public’s dismay about data collected by companies and the government.

Americans’ views of data collected by companies:

  • 81% feel they have very little or no control over data collected
  • 81% feel the potential risks of companies collecting data about them outweigh the benefits

Americans’ views of data collected by the government:

  • 84% feel they have very little or no control over data collected
  • 66% feel the potential risks of the government collecting data about them outweigh the benefits

Wow. The sense of powerlessness is high in those percentages and trust in business and government is low. Unsurprisingly, Americans want more ownership of their data and accountability for those who would misuse it or be negligent in its management. That’s why the theme of this year’s Data Privacy Day, which is spearheaded in the U.S. by the National Cybersecurity Alliance, is “owning your data” and thus your privacy.

On a larger scale beyond special days, the situation has created enormous pressure on business and government to get behind a unified strategy and tame the data behemoth.

The push for federal reform

In democracies, government is tasked with addressing issues of basic public goods. Data protection and recovery are increasingly being viewed through this lens as privacy rights factor in, but the issue is unique. It intrinsically connects business and government within a tech-based reality, as both possess big data and government relies on tech business innovators to help solve challenges. Safeguarding commerce and improving Americans’ trust and sense of control by protecting data privacy are imperative for the private and public sectors.

But there’s even more at stake. U.S. government and military officials view data growth, exposure, and protection as a matter of national security, especially as AI-driven competitive technologies are exploited strategically by rival nations.

Think tanks, nonprofits, and executives expect the Biden administration and 117th Congress to take up comprehensive federal data protection legislation. Tech giants and other stakeholders are anxious for certainty around the rules of the road and hopeful that the U.S. will align with and potentially exceed the European Union’s General Data Protection Regulation (GDPR) framework.

As TechCrunch put it: “The United States increasingly finds itself in a position that’s unprecedented since the dawn of the internet era: laggard,” while the EU aggressively pushes to become “the most data-empowered continent in the world.”

Liberty and substance for all?

What might federal reform look like beyond aligning with GDPR? Well, there’s a model. U.S. states have historically served as experimental venues for major legislation and our most populous state, in November 2020, enhanced the California Consumer Privacy Act (CCPA) with the California Privacy Rights Act (CPRA), via voter proposition. Most provisions are set to take effect in 2023. These are voluminous laws and aggressively protective of consumers and businesses in some areas.

In a nutshell, the CPRA adopts key GDPR principles, includes new rights protecting consumers and their data, modifies other existing rights to further protect consumers and their data, gives some relief to SMBs, establishes some exemptions, and, quite poignantly, introduces a “sensitive personal information” category that imposes new restrictions on business use of certain personal information.

Of course, federal reform may change and exceed the California model, but it’s an indicator of some key consumer and business concerns about data growth, exposure, privacy, and protection. As with HIPAA, specific to health records, and FERPA, specific to education records (and both concerned with personally identifiable information, PII), a new federal law would override any existing state legislation with which it conflicts courtesy of the U.S. Constitution’s supremacy clause and become the law of the land.

That’s what everyone wants: a united vision of data privacy and protection that clarifies priorities and requirements, instead of patchwork rules coming from every state and multiple continents.

With this new administration’s apparent will to genuinely balance stakeholder needs and especially consider the needs of the public, such a federal law, like GDPR, would help Americans “own their data.” At least in part. There’s no doubt provisions will help businesses improve existing practices with an eye toward efficiency and resiliency, and manage some forms of liability. And not least, government will probably further clarify its authority to control the impacts of cyber warfare — which is aggressive, sophisticated, and ongoing.

No need to panic — innovators are on it

As the zettabytes continue to multiply, much work in managing and securing data within a unified framework needs to be done. But the good news is that much work that’s innovative and well tested already is being done. Developments in cloud data warehousing, edge analytics, and hybrid management, as well as network cybersecurity and data protection, are pivotal right now in ensuring an ecosystem that supports the privacy and integrity of data.

Consumers, businesses, and governments need trusted and cost-effective data protection and recovery to get everyone on the same page and in control of their data destinies.

Engagement

Join the conversation!

Find news, events, jobs and people who share your interests on Technical.ly's open community Slack

Trending

How venture capital is changing, and why it matters

What company leaders need to know about the CTA and required reporting

Why the DOJ chose New Jersey for the Apple antitrust lawsuit

DC daily roundup: Dcode Capital's $19M; tech for sports events; the Key Bridge disaster

Technically Media