Data Privacy Day

Data Privacy Day: Will U.S. Reform Help Americans ‘Own’ Their Data and Help Businesses Protect and Recover It?

Some special days on the calendar are whimsical, some are too commercialized. International Data Privacy Day is neither. It highlights a massive and unwieldy problem requiring immediate global attention from individuals, businesses, governments, and organizations of every kind: Exponential data growth in our data-filled work, lives, and world means unprecedented personal and business data exposure.  

An Immense Problem Space

First, let’s dig in and consider the data growth. Estimates in 2019 concluded that the entire digital universe in 2020 would be some 44 zettabytes of data, that is, “40 times more bytes than there are stars in the observable universe.” This sheer amount of data, structured and unstructured, and the speed of its creation threaten our capacity to control it. Its large cyber surface area and the pitfalls of its exposure — some the result of data attack and some the result of data loss — are many: data and intellectual property theft, data laundering, identity and anonymity attacks, discrimination, ransomed data, reputation damage, lost revenue, and customer exploitation of every kind. Of even bigger concern, however, is that this isn’t an exhaustive list. 

As known and unknown patterns of risk expand, the idea of privacy — being free from the observation, interference, and the intrusion of others — will become a distant memory if data protection and recovery don’t keep pace with its growth.  

Now consider Americans’ behavior and beliefs on this matter. On the one hand, Americans freely give away and potentially expose their data via apps constantly. But on the other, Pew Research reveals the public’s dismay about data collected by companies and the government.

Regarding Americans’ views of data collected by companies:

  • 81% feel they have very little or no control over data collected
  • 81% feel the potential risks of companies collecting data about them outweigh the benefits

Regarding Americans’ views of data collected by the government:

  • 84% feel they have very little or no control over data collected
  • 66% feel the potential risks of the government collecting data about them outweigh the benefits

Wow. The sense of powerlessness is high in those percentages and trust in business and government is low. Unsurprisingly, Americans want more ownership of their data and accountability for those who would misuse it or be negligent in its management. That’s why the theme of this year’s Data Privacy Day, which is spearheaded in the U.S. by the National Cybersecurity Alliance (NCSA), is “owning your data” and thus your privacy. On a larger scale beyond special days, the situation has created enormous pressure on business and government to get behind a unified strategy and tame the data behemoth.

The Push for Federal Reform

In democracies, government is tasked with addressing issues of basic public goods. Data protection and recovery are increasingly being viewed through this lens as privacy rights factor in, but the issue is unique. It intrinsically connects business and government within a tech-based reality, as both possess big data and government relies on tech business innovators to help solve challenges. Safeguarding commerce and improving Americans’ trust and sense of control by protecting data privacy are imperative for the private and public sectors. But there’s even more at stake. U.S. government and military officials view data growth, exposure, and protection as a matter of national security, especially as AI-driven competitive technologies are exploited strategically by rival nations.

Think tanks, non-profits, and executives expect the Biden administration and 117th Congress to take up comprehensive federal data protection legislation. Tech giants and other stakeholders are anxious for certainty around the rules of the road and hopeful that the U.S. will align with and potentially exceed the European Union’s GDPR framework. As one writer explained, “… the United States increasingly finds itself in a position that’s unprecedented since the dawn of the internet era: laggard,” while the EU aggressively pushes to become “the most data-empowered continent in the world.”

Liberty and Substance For All?

What might federal reform look like beyond aligning with GDPR? Well, there’s a model. U.S. states have historically served as experimental venues for major legislation and our most populous state, in November 2020, enhanced the California Consumer Privacy Act (CCPA) with the California Privacy Rights Act (CPRA), via voter proposition. Most provisions are set to take effect in 2023. These are voluminous laws and aggressively protective of consumers and businesses in some areas.

In a nutshell, the CPRA: adopts key GDPR principles, includes new rights protecting consumers and their data, modifies other existing rights to further protect consumers and their data, gives some relief to SMBs, establishes some exemptions, and, quite poignantly, introduces a “sensitive personal information” category that imposes new restrictions on business use of certain personal information.

Of course, federal reform may change and exceed the California model, but it’s an indicator of some key consumer and business concerns about data growth, exposure, privacy, and protection. As with HIPAA, specific to health records, and FERPA, specific to education records, (both concerned with personally identifiable information, PII), a new federal law would override any existing state legislation with which it conflicts courtesy of the U.S. Constitution’s supremacy clause and become the law of the land.

That’s what everyone wants: A united vision of data privacy and protection that clarifies priorities and requirements, instead of patchwork rules coming from every state and multiple continents.

With this new administration’s apparent will to genuinely balance stakeholder needs and especially consider the needs of the public, such a federal law, like GDPR, would help Americans “own their data.” At least in part. There’s no doubt provisions will help businesses improve existing practices with an eye toward efficiency and resiliency, and manage some forms of liability. And not least, government will probably further clarify its authority to control the impacts of cyber warfare — which is aggressive, sophisticated, and ongoing.

No Need to Panic — Innovators Are On it

As the zettabytes continue to multiply, much work in managing and securing data within a unified framework needs to be done. But the good news is that much work that’s innovative and well tested already is being done. Too much to tick off in this blog, but developments in cloud data warehousing, edge analytics, and hybrid management, as well as network cybersecurity and data protection are pivotal right now in ensuring an ecosystem that supports the privacy and integrity of data.

Additionally, there is a fundamental truth widely applicable to data and, really, to all computing, worth calling out. That is, in almost every data attack and data loss scenario, accessing known good state is crucial. When there are questions of data integrity of any kind, known good state must exist and be a measure for fixes, or the fix itself.

Rooted in that truth, Infrascale focuses on delivering world-class backup and recovery that can be spun up in minutes. Most organizations cannot afford unplanned and prolonged downtime. They need to recover as quickly as possible. Regardless of the nature or size of the business, protecting and maintaining the data is paramount. Losing critical business data can cause irreparable harm, even to the point of failure. Infrascale Disaster Recovery gives customers unlimited disaster recovery and failover testing, a patented Deduplication File System (DDFS) that’s fast (with every backup looking like full image), unlimited resource utilization, no required capital expenditure, recovery image screenshot verification, and unlimited restore points replicated to the cloud.

Consumers, businesses, and governments need this level of trusted and cost-effective data protection and recovery … to get everyone on the same page and in control of their data destinies.