Consumers are fatigued from data breaches, ransomware attacks, and data misuse scandals, and are anxious about their privacy. Now a trio of surveys show U.S. consumers are losing trust in organizations to protect their personal information and support government regulation of the companies that collect it.
More than four out of five consumers say they are concerned about how companies use their data, according to an IBM Institute for Business Value survey. Three-fourths of respondents say they do not trust companies with their data, notes an Axios report on the survey.
Those concerns are echoed by a survey of 1,000 U.S. adults by security hardware company nCipher Security. One in five respondents say they don't trust anyone to protect their data, with more than two-thirds concerned about identity theft. "Consumers are grasping for a semblance of control," says Peter Galvin, nCipher's chief strategy and marketing officer.
Respondents to both these surveys want companies to be held accountable for protecting their data. In the IBM survey, 87 percent of respondents say governments should regulate companies that manage personal data. Nearly 40 percent of nCipher survey respondents say organizations should fire their chief information security officer following a breach by an intruder. The same percentage say hacking should be a federal offense and that C-level executives should be fined or imprisoned for failing to protect data.
The Problem With Facebook
One case in point is Facebook, which has drawn the ire of legislators, regulators, and consumer and privacy advocates over the past year. Facebook's troubles began with reports that U.K. research firm Cambridge Analytica had obtained personal data on tens of millions of Facebook users and built profiles on them before the 2016 U.S. presidential election. Similar privacy lapses have emerged since then, despite Facebook executives' assurances to the U.S. Congress and European Commission that the company was working to ensure users' privacy.
Now with Facebook CEO Mark Zuckerberg recently touting a more "privacy-focused social network," a Consumer Reports survey finds that one-fourth of Facebook users say they are very concerned about the amount of personal data Facebook collects about them. They're just not willing to do much about it, themselves.
For example, only 10 percent of Facebook account holders surveyed stopped using Facebook after learning about the Cambridge Analytica scandal, Consumer Reports found. By far, the biggest reason for staying with Facebook was it was the easiest way to stay connected with people, respondents say.
While they didn't quit, 70 percent report they have changed how they use Facebook. Forty-four percent surveyed say they have revised their privacy settings and nearly 40 percent have cut back on posting and viewing content, and turned off location tracking on Facebook's mobile app.
Companies Leaking Data
Consumers might act differently if they knew how frequently organizations compromise their data. In a recent U.S. survey conducted by Opinion Matters, 83 percent of security professionals say their organization has accidently exposed customer or business-sensitive data.
The study, commissioned by Boston-based security firm Egress, blames the proliferation of unstructured data contained in emails and document files combined with the number of internal and external channels that employees can communicate through. This combination "has made it easier than ever for employees to share data beyond traditional security platforms," says Mark Bower, chief revenue officer for Egress.
The survey notes five technologies that have contributed to accidental data breaches by employees: external email services such as Gmail and Yahoo Mail, corporate email, file-sharing services, collaboration platforms such as Slack and Dropbox, and messaging apps.
Most respondents say their organizations have implemented new security policies, and invested in security technologies and employee training. What they haven't done is encrypt data. Nearly 80 percent share sensitive data internally without encryption, and almost two-thirds share it externally without encrypting it. Without encryption, an employee mistake is more likely to result in data exposure, the survey notes.
With the European Union's General Data Protection Regulation in effect and other laws due to come online in the next year, organizations will need to plug these data leaks or pay a stiff price (see "GDPR's Global Reach" in the April issue of Internal Auditor). As these surveys indicate, consumers are growing tired of unfulfilled privacy promises and want companies and governments to act.