If Everyone’s Getting Hacked, Maybe They Shouldn’t Keep All That Data
According to a recent Irish study 61% of organizations suffered a data breach last year.
I highly doubt that high of a number is unique to Ireland. I would not be surprised if it was higher in some other places. The truth is the chances that you have had your personal information lost due to a hack or other type of data breach is probably close to 100%.
In all the discussion about digital security, the one question that I rarely ever see asked by anyone in this industry is whether these organizations should be hanging on to this information to start with?
Granted, there are always certain types of records that need to be kept, but I would like to see us all have a real conversation about how much data companies keep, especially online companies. The Big Data revolution encourages companies to keep everything. The more data they have about their customers and site visitors, the more they know exactly how to sell us more stuff.
They have a vested interest in keeping everything we’ve ever done. They have records of every purchase, every item we’ve even looked at, and now they even track us when we aren’t even on their site through the use of beacons. They compile all that data to know what works, what doesn’t work, etc.
They only nominally asked our permission to do that, by the way. Usually it was hidden paragraphs deep in a Terms of Service that makes no sense to anyone.
That’s a privacy problem, to start with. The larger problem, however, is that all of these companies, with all of this information, will eventually lose it. Part of that will always be inevitable, it’s the price we pay in this connected age. Some of it though, could be avoided. When my credit card information, or my username and password is part of a data leak from a company that I haven’t done business with in years, why is that information still there? Why can’t I simply use my credit card to make my purchase, and once a limited time that would be needed to cover any disputes passes, it’s no longer sitting in the company’s database?
Seriously, how useful is it to me to be able to see what I purchased on Amazon in 2002?
Some other areas where maybe we should question why we don’t have a time limit on holding on to data:
- Why does a site I haven’t logged into in years keep that account information?
- Why do employers keep social security numbers for former employers forever?
- Why do government agencies keep data forever? (Tax records, Census Records, etc.)
- How long should banks and credit cards companies keep records of transactions and purchases?
I’m not saying every organization should stop collecting and keeping any kind of data. There are some legitimate uses for hanging on to it, and even some legal requirements. But as we move further and further into the Big Data/Artificial Intelligence age, I think we all should be able to step back and question just how much of our information is going to be sitting in these large repositories, and how long it’s going to be there, at risk of being breached.
It’s our information, after all. Shouldn’t we get some say in how it’s managed?
Follow these topics: Tech