Suppose Massive Hacks Are Inevitable. What Then?
The retailer Neiman Marcus said last week that hackers had potentially accessed the data of 4.6 million customers, including names, contact information, and credit card numbers.
Suppose hackers are sophisticated enough that, even when businesses take the necessary steps to protect themselves, breaches are likely to happen. What then?
Here’s what you can do and should expect from businesses that store your data:
Businesses should devalue your data. That means encrypting it or otherwise protecting it so that, even if the company is hacked, hackers cannot immediately use or sell your personal data
Businesses should be able to tell you exactly what data they’ve stored about you, and they should only store the minimal amount of information necessary
Businesses should let you decide exactly what information you’re willing to share with them in the first place (this is why we started Reklaim)
You should be able to figure out exactly what data of yours was compromised across hacks. You can do that with Reklaim via Unveil
An increasingly popular data privacy term is zero-party data. For example, Microsoft said last week that it is focused on zero-party data as fuel for its advertising strategy.
But what the heck is zero-party data?
The “party” in zero-, first-, second-, and third-party data refers to the party from whom a company is getting data and how that data is obtained.
You’ll hear privacy-first companies tout first-party data, which is so named because the company collects it from a consumer with whom they have a direct relationship. For example, if you shop on a retailer’s website and consent to let them collect data on the items you’re browsing, the data they collect on your product interests is first-party data.
Second-party data is first-party data shared between companies. So, if Macy’s got consent to collect data on your browsing and shared it with another company, it would be second-party data.
Third-party data is collected, aggregated, and often predicted into existence by data companies and without a direct relationship between the consumer and the company storing the data. Third-party data is generally the worst enemy of privacy because it has been collected and sold many times removed from the consumer’s knowledge. Therefore, it is precisely this data that privacy rules are cracking down on and that is disappearing from the market.
That brings us back to zero-party data, which is data you, the consumer, willingly share with businesses. The privacy-aware business community likes this because it signals you’re fully conscious of the information being collected.
All that said, the privacy-first future of the economy is really simpler than that: It’s about consent. Did you, the consumer, fully consent for a company to collect data and use it in the ways they’re using it? That’s the true test for privacy-first business — and it’s what you should look for in all the businesses you patronize.