On Data Privacy Day, here's a reminder that you have none

Or at least very little.

Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce | Amazon | Earned wage access | Online marketplaces | Direct to consumer | Unions | Labor and employment | Supply chain | Cybersecurity | Privacy | Stalkerware | Hacking Credentials
  • 2022 Eddie Award for a single article in consumer technology
Laura Hautala
3 min read
Angela Lang/CNET

In 2018, there were 1,244 publicly reported data breaches affecting US companies and consumers. Those breaches exposed more than 446 million records.

That's according to the Identity Theft Resource Center, a nonprofit that helps people deal with the consequences of having their data stolen and used to impersonate them. The group's annual data breach report came out Monday, just in time for Data Privacy Day.

It's worth noting that those are just the publicly reported breaches. What's more, a good portion of them don't include a full tally of the number of records exposed. In other words, the problem is almost certainly much, much worse.

So it's a great time to pause and reflect on something that's been staring consumers in the face for years. Companies are collecting tons of data on you, and then criminals are stealing it from the companies. Data privacy? What data privacy?

That much is clear from the trove of 773 million login credentials that data breach expert Troy Hunt found posted publicly on a popular cloud sharing service. Amassed from more than 2,000 different data breaches, the stockpile included logins from as long ago as 2008. It's also clear from the big breaches of 2018, which included hackers accessing 30 million Facebook accounts, stealing 429,000 credit card records from British Airways customers and nicking the passport numbers of more than 500,000 people from a database owned by Marriott. All those things could help identity thieves impersonate people and create chaos in their lives.

Informed choices

Eva Velasquez, president and CEO of the Identity Theft Resource Center, said that one important step companies can take to improve things is to tell consumers everything about what data they're collecting on them. That'll let them make much more informed decisions about what services to use, especially when they consider what could happen if hackers stole that data.

"It's an insult to our consumer constituency to say, 'You don't really need to know that,'" Velasquez said. "You need to let me make that decision of whether to engage with your platform."

Next, she said, companies need to re-evaluate the kinds of data they hold onto, and for how long. Having a plan to delete unnecessary data prevents the info from falling into the hands of hackers. Finally, companies need to publicly disclose detailed information about data breaches much more frequently than they already are.

Shifting toward privacy

It'll take pressure from consumers and advocacy groups, as well as political will from lawmakers, for those changes to be broadly adopted. That's where there're some signs of possible change on this year's Data Privacy Day.

Consumers are more concerned about data privacy since last year's stream of privacy nightmares -- like the Cambridge Analytica scandal, in which Facebook users learned how extensively their personal data had been mined by the third party apps their friends were using.

Watch this: GDPR: Here's what you need to know

On top of that, this past June California passed the nation's strictest data privacy law. After that, tech companies asked lawmakers to pass a federal data privacy bill to bring the whole country under one set of privacy regulations. So far, Democrats have proposed several bills, as has Florida Sen. Marco Rubio, a Republican. In Europe, the General Data Protection Regulation is having an impact on how tech companies around the world treat personal data.

Hackers gonna hack

Even if one of those laws passes, it's possible, if not likely, that there'll be even more than 446 million records exposed in data breaches in 2019. There'll always be plenty of your data for criminals to hack, because organizations will keep collecting it.

Your data is extremely valuable to companies, which have an incentive to keep collecting it to make their products more convenient and tailored to your preferences, and to use it to personalize the ads you see. Hackers have an incentive to steal it so they can make money off it illegally.

With a dynamic like that in play, it's easy to keep wondering, what data privacy?

Security:  Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.

Cambridge Analytica: Everything you need to know about Facebook's data mining scandal.