What is it?
The concept that individuals own all of their personal information and have sole authority over who should have access to their information and how, when, and where it can be distributed.
Why is it important?
All organizations that deal with private health information in the US must abide by the Health Insurance Portability and Accountability Act (HIPAA)(HIPAA). In addition, the European Union’s General Data Protection Regulation (GDPR) legislation affects all organizations that deal with people in the European Union, regardless of where the organization is based. To abide by the law and to respond to customer needs, business professionals must take privacy seriously.
Why does a business professional need to know this?
Privacy is becoming ever more important as organizations collect, analyze, process, and archive large amounts of information about individuals. Personal information is collected by many organizations, including financial institutions, credit agencies, and governments.
Securing private information is one of the greatest challenges of the internet era. As cybersecurity breaches become more frequent, the entities collecting and storing personal information are at risk of unintentionally exposing private data. The Equifax breach of 2017 exposed the private data of 148 million Americans(O’Brien 2017). Once private information is exposed, it can result in a permanent loss of privacy for the affected individuals.
Privacy considerations are global in nature. The European Union has enacted the General Data Protection Regulation (GDPR)(GDPR), which addresses the concerns of people in the EU around loss of privacy. While no equivalent legislation exists in the US, some elements of the US Constitution have been applied to provide protections for some aspects of privacy. In addition, federal statutes, such as the Health Insurance Portability and Accountability Act (HIPAA)(HIPAA), have been enacted to protect information in specific areas.
There is evidence to suggest that a generational difference exists on the question of what exactly is privacy and what should (and should not) be private. Many people agree that at least some information should be kept confidential and in the sole possession of the information owner. However, younger people are believed to be more open to sharing personal details on social media platforms. This may help to explain why the US Federal Trade Commission says younger digital native
consumers are more vulnerable
to scams and more likely than any other group to have lost money to fraud(FTC 2017).
At the same time, older users tend to be skeptical about sharing information they perceive as private. The differences between generations lie in what each generation considers private information. Business professionals need to understand these differences and respect both the privacy concerns of their customers and the regulations under which their organizations operate.
References
- (Ingram 2018) Facebook says data leak hits 87 million users, widening privacy scandal: Ingram, David (2018). Reuters.
- (Rosinski 2018) Is Your Content Safe from Cybercriminals?: Rosinski, David (2018). Astoria Software.
- (FTC 2017) Consumer Sentinel Network Data Book 2017: Reported Frauds and Losses by Age, Percentage Reporting a Fraud Loss and Median Loss by Age: US Federal Trade Commission (2017). Documents cases of fraud involving financial loss by age group, as reported to the US Federal Trade Commission in 2017. Allows users to view the data at the national level (e.g., median loss from online fraud by age group) and by state (e.g., median loss online fraud by age group in Indiana).
- (Fletcher 2016) Cracking the Invulnerability Illusion: Stereotypes, Optimism Bias, and the Way Forward for Marketplace Scam Education: Fletcher, Emma and Rubens Pessanha (2016). Institute for Marketplace Trust: Better Business Bureau. PDF. An overview of consumer survey responses collected by the Better Business Bureau in 2016 that show those most likely to be victims of cyber fraud tend to be younger and better educated.
About Jay Beta
Jay Beta, MBA, Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) , Certified Information Security Manager (CISM), and Payment Card Industry Professional (PCIP), has been an information security professional for 16 years in both private- and public-sector roles. He has extensive background in leadership along with IT compliance, auditing, risk management, governance, and security engineering. He currently works as a cybersecurity executive for a national financial institution.
Term: Privacy
Email: jasonbeta@gmail.com
LinkedIn: linkedin.com/in/jasonbeta