What is Data Privacy?
GDPR is the data privacy regulation at the moment. Worldwide, it is the strictest regulation
regarding how businesses must act and the rights citizens have with respect to their data.
To better understand the regulation and how it came into being,
it’s important to further understand data privacy itself.
Defining Data Privacy
Data is simply another word for information. It can be any type of information; the number of people on the planet, the weight of an elephant or the probability that it might rain tomorrow. You can find data anywhere you look. In today’s world, however, when we talk about data, we frequently think about information that goes into a device, gets stored in a computer or “processed” to do a task, and may be sent through the Internet to help us get things done.
This, of course, speeds up the way in which we live and work. The concern is that, while the information about the elephant is not particularly sensitive (well, except to the elephant perhaps), there’s a lot of information about people which is considered personal – information that we don’t typically share unless there is a reason to do so. This is the information that identifies us to the rest of the world – physically, financially, spiritually, politically or otherwise. The term for this type of information is “personally identifiable information.”
So, the thought behind data privacy in general is that this type of sensitive information should be private, which, according to the dictionary, means that it is “intended for or restricted to the use of a particular person, group or class.” Therefore, data privacy is all about restricting the use of this personal information.
The Beginnings of Data Privacy Legislation
Nowadays, when we hear the phrase data privacy, we immediately think of Facebook advertising scandals or the Equifax disaster that left millions of customer records exposed. That’s what the media focuses on, and addressing situations like this is among the problems society aims to solve today.
The fact is, however, data privacy has been a concern since the late 1800s. At that time, information was distributed differently than today – by newspaper.
Of course, the newspaper was novel at the time, as was photography. Prior to its printing, stories, facts and images could not be shared in such a quick, far-reaching manner. All of a sudden, it became possible for a story to be published that told how Myrtle hadn’t paid her debt to the local shopkeeper. Previously, that situation would have been an issue between Myrtle and the shopkeeper only. But now there was a possibility of it becoming public knowledge. As that happened, questions about the legality and ethics of sharing information began to unfold.
Two United States lawyers authored an article called The Right to Privacy in 1890, in which they explored this topic. They stated that individuals had the “right to be left alone,” and began to examine questions about what privacy means, one’s rights with respect to privacy and the limits privacy has.
With each new technological step, questions about people’s privacy have been raised. Early on, telegraph tapping caused concern. Lithographs had people asking if it was OK to use their images in advertisements. The telephone instigated discussion about wiretapping and government surveillance. And, in the 1960s, computers and their ability to store information came into question.
In the United States the first notable modern step toward information privacy actions was the Freedom of Information Act of 1966, which recognized medical and criminal record data as private. On the heels of this, the United States Congress passed the Privacy Act of 1974, which began to recognize the responsibility of the government to be forthright in its collection of personal data and the right of individuals to gain access to and/or correct any data being stored. Multiple United States laws have evolved since this point, addressing specific situations like financial and medical records, credit reporting, how data is used by computers, etc.
Then, as the Internet took center stage in the early 1990s, a flurry of new legislation took hold, sorting through issues pertaining to the transmission and use of data. From the advent of “cookies” to the use of email, information about who we are, what we’re doing and how we live was being collected and used at a furious pace. Addressing this was the impetus behind the European Union’s Data Protection Directive in 1996. This offered comprehensive protection to EU citizens. It was unique in that it did not focus on a specific type of data; rather it had a far broader scope. It was the precursor to GDPR, which is the most modern and complete data privacy regulation in the world at this time.
What Can I Do?
Individuals and Their Role in Data Privacy
While legislation can certainly help ensure that data privacy remains an important focus, individuals must also take ownership of their own data and its management.
Get educated. It’s no longer only IT professionals who need to know how data works. Anyone who is engaging online – shopping, sending email, watching videos, or signing up for a newsletter – needs to be aware that each action is trackable and every piece of information we share can be saved. Learn about your data rights and consider how/when you may want to use these.
Be proactive. While data privacy laws have a lot to do with how data is shared from an individual to a company, there are also concerns about data being stolen by criminals. Take all necessary precautions to guard against this, because, once your data is out in the open, there is no getting it back: change passwords, use online safety tools, check your credit report, review privacy settings in your browser and social media channels. (More tips)
What Can We Do?
Businesses and Their Role in Data Privacy
Of course, businesses will now focus on compliance – with GDPR or any other newly created law/regulation that impacts their region or industry. Generally speaking, however, businesses must:
Take action. The question is no longer if there will be data privacy legislation that impacts businesses so much as what the requirements will be. As these come to light, businesses must continually evaluate their current data handling processes, take steps to strengthen security measures, and document each action to prove compliance.
Look to the future. Businesses should view the recent onslaught of data privacy discussions as a wakeup call. This is a cry by consumers who are no longer willing to allow businesses to profit from their personal data. While initial compliance may take the form of processes and paperwork, in time it could change how companies do business. Think about the fact that one day your business may not have continuous access to personally identifiable information. How will you adapt to such a change?