Data Privacy in 2020
One of the biggest trends related to the internet in the past few years has been data privacy. And with the surge in new laws regarding the topic, the tend will only continue.
Here we will take a broad look at data privacy in 2020.
In niche fields such as health and law there have always been laws protecting consumer data. However until 2018 – with the introduction of the GDPR – there has not been a widespread data privacy law protecting the masses.
In 2020 continue expecting new laws to start taking effect such as the CCPA or California Consumer Privacy Act. These laws will likely be similar to the GDPR for what they try to accomplish – such as:
- Transparency of how user data is collected and used
- Notification of how things such as cookies are used
- Reporting of events such as data breaches
- Requirements to allow users a path to opt out of data tracking and collection
- Allowing users to request their data be handed over to them or destroyed
- Financial accountability to violations of these laws
Carefully review these new laws as they are introduced to make sure compliance is maintained.
Another hot topic regarding data privacy is security – or more specifically how companies keep (or don’t) user data secure.
In 2019 it was documented that billions of user records were compromised or leaked. A few of the notables are:
- Capital One – 106M records
- Hostinger – 14M records
- Canva – 139M records
- Dubsmash – 162M records
- Whitepages – 18M records
- MyFitnessPal – 151M records
Unfortunately, this trend of data breaches is likely to increase in 2020 as more and more users fill the web.
So what is/can be done to mitigate this problem?
On the consumer side, a few of our recommendations are to begin implementing common security practices.
- Use a password manager
- Only use trusted sites
- Ensure sites have SSL’s before submitting any sensitive data
- Use unique passwords for all subscriptions or accounts with sensitive data
- Create passwords that are at least 9 characters, with capital letters, numbers and special characters
What are websites doing?
Unfortunately many established websites are falling behind the curve security wise.
As already mentioned in 2019 alone there were hundreds of millions of user records leaked. So what are websites doing to combat this?
There are too many defense mechanisms to note alone but here are some of the notables:
- Protection against social engineering/organizational attacks
- Using valid SSL’s
- Using proper encryption algorithms when necessary
- Salting and hashing passwords properly
- Validating/sanitizing user input to prevent injection attacks
- Keeping software, plugins, code versions up to date
- Educating employees on organizational security measures