Some special days on the calendar are whimsical, some are over-commercialized. International Data Privacy Day, recognized each year on Jan. 28, is neither. It highlights a massive and unwieldy problem requiring immediate global attention from individuals, businesses, governments and organizations of every kind: exponential data growth in our data-filled work, lives and world means unprecedented personal and business data exposure.
First, let’s dig in and consider the data growth. Estimates in 2019 concluded that the entire digital universe in 2020 would be some 44 zettabytes of data, that is, “40 times more bytes than there are stars in the observable universe.” This sheer amount of data, structured and unstructured and the speed of its creation threaten our capacity to control it. Its large cyber surface area and the pitfalls of its exposure—some the result of data attack and some the result of data loss—are many: data and intellectual property theft, data laundering, identity and anonymity attacks, discrimination, ransomed data, reputation damage, lost revenue and customer exploitation of every kind. Of even bigger concern, however, is that this isn’t an exhaustive list.
As known and unknown patterns of risk expand, the idea of privacy—being free from the observation, interference and the intrusion of others—will become a distant memory if data protection and recovery don’t keep pace with its growth.
Generally, public is dismayed by the way their data is handled by businesses
Now consider Americans’ behavior and beliefs on this matter. On the one hand, Americans freely give away and potentially expose their data via apps constantly. But on the other, Pew Research reveals the public’s dismay about data collected by companies and the government.
Regarding Americans’ views of data collected by companies:
- 81% believe they have very little or no control over data collected; and
- 81% believe the potential risks of companies collecting data about them outweigh the benefits.
Regarding Americans’ views of data collected by the government:
- 84% believe they have very little or no control over data collected; and
- 66% believe the potential risks of the government collecting data about them outweigh the benefits.
Wow. The sense of powerlessness is high in those percentages, and trust in business and government is low. Unsurprisingly, Americans want more ownership of their data and accountability for those who would misuse it or be negligent in its management. That’s why the theme of this year’s Data Privacy Day, which is spearheaded in the U.S. by the National Cybersecurity Alliance (NCSA), is “Owning Your Data” and thus your privacy. On a larger scale beyond special days, the situation has created enormous pressure on business and government to get behind a unified strategy and tame the data behemoth.
The push for federal reform
In democracies, government is tasked with addressing issues of basic public goods. Data protection and recovery are increasingly being viewed through this lens as a privacy-rights factor, but the issue is unique. It intrinsically connects business and government within a tech-based reality, as both possess big data and the government relies on tech business innovators to help solve challenges. Safeguarding commerce and improving Americans’ trust and sense of control by protecting data privacy are imperative for the private and public sectors. But there’s even more at stake. U.S. government and military officials view data growth, exposure and protection as a matter of national security, especially as AI-driven competitive technologies are exploited strategically by rival nations.
Think tanks, non-profits and executives expect the Biden administration and 117th Congress to take up comprehensive federal data protection legislation. Tech giants and other stakeholders are anxious for certainty around the rules of the road and hopeful that the U.S. will align with and potentially exceed the European Union’s GDPR framework. As one writer explained, “the United States increasingly finds itself in a position that’s unprecedented since the dawn of the internet era: laggard,” while the EU aggressively pushes to become “the most data-empowered continent in the world.”
Liberty and substance for all?
What might federal reform look like beyond aligning with GDPR? Well, there’s a model. U.S. states have historically served as experimental venues for major legislation and our most populous state, in November 2020, enhanced the California Consumer Privacy Act (CCPA) with the California Privacy Rights Act (CPRA), via voter proposition. Most provisions are set to take effect in 2023. These are voluminous laws and aggressively protective of consumers and businesses in some areas.
In a nutshell, the CPRA: adopts key GDPR principles, includes new rights protecting consumers and their data, modifies other existing rights to further protect consumers and their data, gives some relief to SMBs, establishes some exemptions and, quite poignantly, introduces a “sensitive personal information” category that imposes new restrictions on business use of certain personal information.
Of course, federal reform may change and exceed the California model, but it’s an indicator of some key consumer and business concerns about data growth, exposure, privacy and protection. As with HIPAA, specific to health records and FERPA, specific to education records, (both concerned with personally identifiable information, PII), a new federal law would override any existing state legislation with which it conflicts courtesy of the U.S. Constitution’s supremacy clause and become the law of the land.
That’s what everyone wants: A united vision of data privacy and protection that clarifies priorities and requirements, instead of patchwork rules coming from every state and multiple continents.
With this new administration’s apparent will to genuinely balance stakeholder needs and especially consider the needs of the public, such a federal law, like GDPR, would help Americans “own their data.” At least in part. There’s no doubt provisions will help businesses improve existing practices with an eye toward efficiency and resiliency and manage some forms of liability. And not least, the government will probably further clarify its authority to control the impacts of cyber warfare—which is aggressive, sophisticated and ongoing.
No need to panic; innovators are on it
As the zettabytes continue to multiply, much work in managing and securing data within a unified framework needs to be done. But the good news is that much work that’s innovative and well tested already is being done. Too much to tick off in this blog, but developments in cloud data warehousing, edge analytics and hybrid management, as well as network cybersecurity and data protection are pivotal right now in ensuring an ecosystem that supports the privacy and integrity of data.
Additionally, there is a fundamental truth widely applicable to data and, really, to all computing, worth calling out. That is, in almost every data attack and data loss scenario, accessing known good state is crucial. When there are questions of data integrity of any kind, known good state must exist and be a measure for fixes, or the fix itself.
Rooted in that truth, Infrascale focuses on delivering world-class backup and recovery that can be spun up in minutes. Most organizations cannot afford unplanned and prolonged downtime. They need to recover as quickly as possible. Regardless of the nature or size of the business, protecting and maintaining the data is paramount. Losing critical business data can cause irreparable harm, even to the point of failure. Infrascale Disaster Recovery gives customers unlimited disaster recovery and failover testing, a patented Deduplication File System (DDFS) that’s fast (with every backup looking like full image), unlimited resource utilization, no required capital expenditure, recovery image screenshot verification and unlimited restore points replicated to the cloud.
Consumers, businesses and governments need this level of trusted and cost-effective data protection and recovery … to get everyone on the same page and in control of their data destinies.
This article is based on industry information from Infrascale, a cloud-based data protection company providing backup and disaster recovery solutions. It specializes in current challenges facing Americans when it comes to data privacy and their own solutions.
Editor’s note: eWEEK is testing Industry Perspective as a beta-type feature. Let us know what you think at [email protected]