The future of data protection is uncertain, considering the rapid pace of technological change and how it makes it difficult for businesses to keep up with emerging data security threats.
Combine this with the instability of the political landscape of data privacy regulation and imagine what the world will be like five years from now.
In this article, we shall explore the current state of data protection regulation in the US as well as the role of businesses in securing consumer data in the face of technological advancements that pressure them to do otherwise.
Since the introduction of the European General Data Protection Regulation (GDPR) in 2018, there has been significant concern about the establishment of similar data laws in the US and other countries in order to meet current realities.
In fact, the US still does not have a federal, overarching law that regulates all data usage by businesses across the country. Instead, what exists is a patchwork of regulations being initiated by various states.
The California Consumer Privacy Act was the first to be introduced, and to a great extent, it was modeled after the GDPR.
Since then, other states have attempted to introduce their own set of regulations as well, with a significant number of laws having come into effect in July 2023.
As it stands, some states have either passed or signed data privacy regulation bills into law, while a few more have it in the working. So, the state of data privacy legislation in the US looks like the map below:
Image - iapp
The majority of states have considered no such bills; although it is expected that in a few years, all states would have fallen in line. The chart below visualizes the growth of privacy regulation bills in the United States:
Image - iapp
The worry now arises from the fact that companies operating across multiple state borders must comply with multiple legal requirements.
This could create a complex compliance burden, particularly for smaller businesses with limited resources.
It can also lead to confusion among consumers, who may not fully understand their rights and how their data is being handled across different jurisdictions.
However, even though state-level privacy bills may differ in certain aspects, they also share common elements due to the nature of the privacy concerns they seek to address.
For one, just like the GDPR, there is an emphasis on data privacy as a right of individuals providing their data. And, as such, consent is a big deal.
And so is data security.
According to a report, trust in brands has dropped, and consumers typically cite the misuse of their personal data as responsible for their lack of trust.
Businesses today work in a very different reality from what was obtainable 50 years ago, or even 10 years ago. Perhaps what most characterizes technological innovations today is the existence of big data.
This is a world where everything is smart, as there are now multiple sources of digital data collection: phones, computers, watches, IoT devices, cars, even furniture pieces, etc.
To handle this enormous amount of data, organizations train super machine learning models for various tasks: ‘search algorithms, recommendation engines, adtech networks’, etc.
Plus, the introduction of generative AI (popularized via OpenAI’s ChatGPT) has again brought data protection to the forefront.
Are organizations capable of guaranteeing the privacy rights of consumers in the face of technology that magnifies and even incentivizes privacy intrusion?
If, perhaps, organizations were not collecting as much data because they lacked the computing power to process it all, what happens now that artificial intelligence has brought astounding power and speed to the process?
More so, how do they secure all the data they are collecting? Several solutions have been introduced over the years.
And so far, what we have learned is that the most important factors for data security today are visibility, data loss prevention, context awareness, and real-time incident response.
In fact, this is why data detection and response solutions evolved as an improvement over traditional endpoint detection technologies that are not sufficient to meet contemporary needs.
Besides the sheer gargantuan amount of data available, here are some of the popular challenges organizations face in securing data:
1. Cybersecurity threats have become more sophisticated. Even malicious actors have jumped on the AI revolution to launch deadlier, subtler, and more precise attacks than they ever have.
2. Corporate culture: several organizations now let employees work remotely at least part of the time, creating a dispersion of endpoints and increasing the complexity of maintaining high-level security.
3. Insider threats (both unintentional and malicious) are increasing; in fact, they’re up by 50% in the last two years. Organizations still find it difficult to hold employees accountable or even implement security models that grant access on a need-to-know basis.
4. Budgetary constraints are also an important factor. In the last few years, the world has been hit by a global pandemic and economic crises that have compromised the finances of many organizations and led them to deprioritize data security.
As we are now seeing with artificial intelligence, there’s no technological innovation that can be viewed as an absolute win against malicious actors and cyber attackers.
Rather, attackers will always adapt, using that very innovation to launch further, more advanced attackers, and businesses must adapt to this reality.
What this means, in essence, is that there is no end to the work that is cybersecurity. It will always be continuous.
And as businesses launch new products, acquire patents, or expand their customer base, they must constantly think of the additional risks that they are incurring.
One particularly interesting development in the past few years – one that will be key to sustainability – is that cybersecurity has moved from a worry confined to the IT team and now has the management’s proper attention.
This is evidenced by the introduction of CISO (Chief Information Security Officer) roles across several organizations.
Experts in such positions are well-placed to ensure that data protection remains a major concern for their organizations even as they feel the pressure to be market leaders and gain an edge over their competitors.
The issues highlighted in this article show that businesses need to take data protection seriously; more seriously than they have ever done.
Data breaches have a devastating impact on businesses, both financially and with respect to their reputation.
But more importantly, they put the lives of consumers at risk. And all these must be considered as organizations continue their endless, frantic race to innovate at all costs.