back
You typically think of healthcare or financial services companies as data-rich environments. And they are. But you yourself actually create data from the moment you wake up. You set the wake-up alarm on your phone. Maybe you look at your sleep app to see how much deep sleep you logged last night. You tell Alexa to start the coffee, and you take a quick look at the weather site. With every action, you’re creating data that’s stored somewhere. According to Domo1, on average, every human created at least 1.7 MB of data per second in 2020.
Those are just “everyday” actions. Now suppose you book a hotel room for an upcoming trip. You use your member ID to log in and make your reservation. The booking now places you at a specific hotel property for defined days or nights in the future. The hotel chain very likely shares your data and interactions with airline, car rental, or other partners. That data about you is being proliferated to places that you don’t know about.
You might think that’s not such a big deal, until you realize just how far and in how many places your data can be found. According to Statista, there is 10% unique and 90% replicated data2 in the global datasphere. Between 2020 and 2024, the unique/replicated data ratio is projected to change from 1:9 to 1:10. Your booking data might now exist in nine or 10 other places.
All that data never really dies. Data fingerprints of our actions, purchases, and communications are stored…somewhere…by someone. Who has it? What do they do with it? Many companies analyze collected data to glean insight for increasing sales and marketing success. As storage gets cheaper and compute power gets faster, it’s easy to keep data “just in case.”
As organizations hold this data, they’re responsible for it. How well are they protecting it? What if it’s breached? It’s one thing if the organization that you interacted with directly is breached, because you provided them with your personal data. If one of their partners is breached, now your data was lost by an organization that you might never have even heard of. Chances are, the fine print about sharing data with partners is included in the original company’s website terms and conditions or privacy policy that you agreed to in order to use the site. It would be difficult to hold the company accountable without a court battle. But even if you won, you can’t bring your data back into custody. It’s already in the hands of fraudsters and dark web denizens.
Protecting privacy is emerging as a critical issue for everyone—companies and individuals alike. Businesses that create data about someone or are allowed by their customers to create data about them are responsible for that data. That’s the genesis of many state and foreign privacy laws, such as the California Consumer Privacy Act (CCPA) and the EU’s General Data Protection Regulation (GDPR). If that data is breached, the organization is at risk.
To complicate matters, what if future laws are adopted to cover specific data that isn’t protected now? Take a grocery store, for example. They might store customer records that detail everything you’ve purchased there—food, pharmacy items, alcohol, gas, or cigarettes. There are not laws regulating individuals’ grocery purchasing data (although pharmacy prescription data would be covered by HIPAA regulations). Suppose a law regulating personal consumption of a product—alcohol or toilet paper—is passed in the future. The grocery store is breached, and now, the purchasing history of every individual who bought more than the regulated amount of a product is public. Is the grocery store retroactively responsible for it?
These are big questions and we don’t have all the answers. What we do have is a way to know exactly where data proliferates, who has it, and how it’s used. For businesses, having proof of your ability to surveil the organization’s data is a huge step forward in protecting company assets and customer privacy. Consumers don’t yet have the power to find, secure, or delete data about themselves once it has been proliferated by organizations that hold it. Obviously, our job isn’t done yet.
Let us show you how data surveillance delivers data assurance. We should talk.