Does Privacy Still Matter in a Post-Breach World?
Posted February 10, 2016
Privacy is currently an extremely hot topic. From public outrage over government surveillance techniques, to the way companies like Facebook store and use our data, to the illegal selling of identity credentials on the dark web. Personal information is everywhere, floating in the ether of cyberspace and companies are being forced to do more to look after our data.
The European Commission, for example, is aiming to strengthen and simplify current data protection laws with the reformed General Data Protection Regulation (GDPR). The regulation is more comprehensive in its scope and covers all businesses that hold or process personal data in the EU, having implications for businesses the world over.
Yet in this digital age of constant, high-profile data breaches, has the concept of data privacy died a death? Surely it is now impossible to really safeguard our data? Should we continue to control who uses our personal information when many of us so freely give it away in exchange for the latest social media game or meme? Anyway, does it really matter?
Glenn Greenwald, in his Ted talk “Why privacy matters”, observes “…the people who say that… privacy isn’t really important, they don’t actually believe it, and the way you know that they don’t actually believe it is that while they say with their words that privacy doesn’t matter, with their actions they take all kinds of steps to safeguard their privacy*.” Perhaps this is the differentiation. Data, and the way you transact online, reveals a lot about your identity as a whole, particularly as connected devices have made the online world such an integral part of our daily lives. Privacy isn’t just about safeguarding information, it is about protecting our identity and maintaining a level of trust with the businesses we transact with. So if we ask again, does privacy still matter, the answer should be unequivocally yes!
If privacy still matters, even in this complex climate of trading information, signing up for ever more online accounts, and risking our data being shared illegally following a security breach, how can organizations really keep our identities safe?
In an increasingly digitized world, we are leaving complex data footprints as we transact daily across a range of brands and websites. Our digital identity reveals a wealth of information about how, where and why we transact, and has the ability to be constantly updated and refined to account for minute changes to our online behavior.
The trouble is, many businesses still rely on static, outdated assessments of our personal information, such as credit check reports. Yet these are virtually ineffective in a post-breach world, and are often already being bought and sold by cybercriminals. It’s ironic that fraudsters are now more adept at passing step-up authentication questions than legitimate customers.
Fraudsters may steal a snapshot of this information, perhaps a username or a password, or the method we transact with a particular company. Yet if we are clever enough to look at identity data holistically, through time and across all geographies, cybercriminals can’t possibly keep up.
ThreatMetrix has a unique approach to fighting fraud, all the while maintaining data privacy. The ThreatMetrix Digital Identity Network uses the power of anonymized global shared intelligence to give organizations the upper hand in the fight against cybercrime even though no PII is ever divulged. ThreatMetrix is able able to analyze millions of daily consumer interactions including logins, payments and new account applications without even touching any personal data.
ThreatMetrix builds a unique digital identity for every user by analyzing the myriad connections between devices, identity information, behavior and threat intelligence.
However, our cloud-based solution anonymizes all personal information, meaning businesses can make connections between devices and transactions, or email address and locations, without sharing any of the PII itself.
Ultimately, digital businesses need digital identities in order to provide the level of trust that users should demand to protect their online transactions. Digital identities are essentially an online thumbprint; unique, impossible to fake and unequivocally related to one user. A compelling proposition for businesses wanting to show that they take privacy of data seriously.
*Glenn Greenwald. “Why privacy matters”. Ted.com. October 2014