What happens when you trust companies to manage your data?

Data breaches are all too common news these days. They are so common that sites like haveibeenpwned.com, f-secure.com and many others have gained popularity and increased activity in recent years. We’ve heard reports of an estimated 533 million Facebook users having their data breached earlier this year, 53 million T-Mobile customers and most recently reports of 70 million AT&T (US based) customers impacted by an alleged data breach.

Even more alarming is the refusal by AT&T to acknowledge or validate the breach, effectively denying an incident occurred. What happens when the custodians of our data don’t own up to being hacked? That alone tells a story of who they believe “owns” your data.

ShinyHunters group claims to have data of 70M AT&T customers, Restore Privacy, 2021

Which begs the question; if we as consumers and users of services are asked to provide our written consent and opt-in to companies’ privacy policies, how much do we hold them accountable to those policies? Do we actually trust them with our data? 

Chances are, if your data has been breached, you may not even know about it. Companies rarely, if ever, disclose what or who’s data was lost or stolen as a result of a breach. And if it’s “anonymised”, then why do we need to worry?

Certain industry sectors, such as government services and financial services are governed by law and regulation(s), which provide some level of additional “protection” for consumers (albeit, after the fact). But for most other industries, outside of providing guidelines for how data must be encrypted, stored and destroyed, what protections and penalties are in place for data breaches?

Your data is your most valuable online asset. It holds the key to your financial, health, family and personal history, present and future. Control over who has access to that information and perhaps more importantly when they should access, is something that every person is entitled to decide for themselves.

Over time, we’ve seen migration from lists to databases. From databases to data warehouses and from data warehouses to data lakes (and lets throw data marts in there too!). All designed on the same premise; to hold and store YOUR data. 

It’s worth noting that blockchain has set a trend of decentralization, and while it may not be directly applicable to personal data, there are similar principles and learnings we can apply to your personal data. At the end of the day, the question we all need to be asking ourselves; is the person you trust the most yourself?

Further reading

  1. https://www.businessinsider.com/hacker-selling-the-data-of-70-million-att-users-2021-8