As your data gets passed around between countless third parties, there aren’t just more companies profiting from your data, but also more possibilities for your data to be leaked or breached in a way that causes real harm. The data collected by the vast majority of products people use every day isn’t regulated. Since there are no federal privacy laws regulating many companies, they’re pretty much free to do what they want with the data, unless a state has its own data privacy law.
Companies can use, share, or sell any data they collect about you without notifying you that they’re doing so. No national law standardizes when (or if) a company must notify you if your data is breached or exposed to unauthorized parties.
If a company shares your data, including sensitive information such as your health or location, with third parties (like data brokers), those third parties can further sell it or share it without notifying you.
Unlike other forms of communication, such as physical mail, online privacy and security is more difficult to govern. This can leave individuals vulnerable to an invasion of privacy.
Currently, privacy laws are a cluttered mess of different sectoral rules.
U.S. Privacy Act of 1974 Rights and restrictions on data held by government agencies
1996
Health Insurance Portability and Accountability Act (HIPAA) Healthcare and heath insurance personal data protection
1999
Gramm-Leach-Bliley Act (GLBA) Protects financial nonpublic personal information (NPI)
2000
Children's Online Privacy Protection Act (COPPA) Protects the personal information of those age 12 and younger
Currently, a total of seventeen states have passed comprehensive data privacy laws in the United States:California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Tennessee, Texas, Florida,Montana, Oregon, Delaware, New Hampshire, New Jersey, Kentucky, and Nebraska.
Data privacy is the protection of personal data from those who should not have access to it and ability of individuals to determine who can access their personal information. Data privacy, also called information privacy, is an aspect of data protection that addresses the proper storage, access, retention, immutability and security of sensitive data.
Data privacy is typically associated with the proper handling of personal data or personally identifiable information (PII), such as names, addresses, Social Security numbers and credit card numbers. However, the idea also extends to other valuable or confidential data, including financial data, intellectual property and personal health information. Vertical industry guidelines often govern data privacy and data protection initiatives, as well as regulatory requirements of various governing bodies and jurisdictions.
A data breach occurs when one or more individuals are allowed to read data they are not authorized to access. Once they can read the data, they can steal it and often make changes to it. Depending on the type of data involved, the consequences can include destruction or corruption of databases, the leaking of confidential information, the theft of intellectual property and regulatory requirements to notify and possibly compensate those affected.
Business data only becomes a target when it is of value to a third party. Different kinds of data are more or less valuable to third parties and represent different levels of risk to a business.
Intellectual Property
Product drawings and manuals, specifications, scientific formulas, marketing texts and symbols, proprietary software and other material that the business has developed.
Competition Information
Data on competitors, market studies, pricing information and business plans.
Legal Information
Documentation on court cases the company may be pursuing, legal opinions on business practices, merger and acquisition details and regulatory rulings.
Personally Identifiable Information
Data such as social security numbers, contact information, birth dates, education and other personal information.
IT Security Data
Lists of user names and passwords, encryption keys, security strategies and network structure.
Financial Information
Charge card numbers and expiration dates, bank accounts, investment details and similar data.
Health Information
Details on health conditions, prescription drugs, treatments and medical records.
DATA BROKERS
A data broker, sometimes called an information broker, is a business that collects personal data from various sources, processes it, and sells it to individuals or companies for marketing, risk mitigation, and other purposes. Some of the largest data brokers in the US are Acxiom LLC, Epsilon Data Management LLC, Oracle America Inc., Equifax Information Services, LLC, Experian LLC, and CoreLogic.
Data brokers typically aggregate information through what’s publicly available on the internet and by buying it from other organizations, such as credit card companies. Common avenues for data sourcing are social media sites, public records, loyalty programs, and mobile apps.
After data brokers have aggregated your personal details, they’ll use machine learning to identify patterns and dissect this information into audience segments. These audience segments are then often sold to AdTech companies, such as Epsilon and Red Ventures, that use these groupings to market products to prospective customers.
Other types of organizations purchase data from brokers, too. According to a Business Insider report, several US government agencies, such as the FBI and the Department of Homeland Security, are clients of Venntel, a massive US-based data broker.
Your data in bits and pieces is not worth anything on its own, but a complete data profile of you and your buying habits is extremely valuable to marketers, employers, landlords, banks, and others.
The US data bridge will ensure that high standards of protection for personal data are maintained when the data is sent to certified US organizations. Any US company that elects to receive UK data under the data bridge will be required to maintain those standards