What Is Digital Privacy—and How Can It Be Protected?

Protecting privacy is the right thing to do – and a smart business decision

Digital privacy, data security, PII, GDPR…. there’s a lot of talk about privacy these days, but what does it all mean? Who’s really responsible for protecting it? And is “online privacy” even possible in a digital world?

In today’s expanding threat landscape organizations face more privacy risks than ever before. It’s no longer a personal matter—the privacy of employees and customers directly affects organizations too. We’ve broken down the basics to get you up to speed on what digital privacy is, why you should care, and what you can do to protect it.

Digital privacy—also called online privacy or Internet privacy—refers to the protection of private citizens’ online information. Let’s break it down…

What is privacy?

It helps to first understand privacy in general. Merriam-Webster defines privacy as, “a: the quality or state of being apart from company or observation, b: freedom from unauthorized intrusion”. If you sing in the shower or dance around in your kitchen while making your morning coffee you can do so uninhibited because you have privacy.

What does privacy mean in the digital age?

In the virtual world where every action we take can be tracked, however, privacy may seem more like an ideal concept than a reality. Your search history, the posts you ‘like’ on social media, and every keystroke you make on a digital device—you may expect this information to be private, but too often it is not.

Our online activity leaves a digital “footprint” that can be used to identify us, such as social media posts, employment records, shopping and entertainment preferences, geolocation data, and financial and healthcare information. And the typical digital footprint is massive—one analysis of data from more than 20,000 users revealed that the average user has 90 online accounts, and in the U.S., there’s an average of 130 accounts linked to a single email address. In the digital age of working from home and BYO-Devices, there’s little distinction between personal and professional when it comes to data. This new paradigm means organizations must protect the privacy of customers and employees to protect themselves.

The Internet is a dangerous place. There are two main threats to digital privacy: Data breaches and personal data availability.

Data breaches expose personal data every day

Data breaches are an everyday occurrence; the Verizon 2020 Data Breach Investigations Report provides analysis from nearly 4,000 breaches. These incidents can be giant, like the Equifax breach that exposed the personal data of more than one-half of the U.S. population. Or they can be much smaller, like the breach of a Vermont chocolatier that exposed the personal data of 90 customers. No matter the size, each and every breach puts affected individuals at risk for identity theft and privacy compromises.

Data breaches fuel cyberattacks — for consumers and organizations

Cyber-criminals exploit personal data for profit. Trillions of usernames, passwords, personal information, and confidential documents are for sale on all levels of the Internet—surface, deep, and dark webs. Criminals purchase and use this data to steal a person’s identity or money, commit crimes in their name, and even launch phishing or social engineering attacks on their employer.

Personal data is easily tracked, stored, aggregated sold, and stolen

Another threat to digital privacy is how giant companies like Facebook gather personal data. In addition to the information shared on personal pages, the company tracks everything a user Likes and Shares, the Facebook groups we belong to, events we attend, and location information from photos we post. Now that Facebook owns WhatsApp and Instagram, they can track us through those apps as well.

Big data aggregates personal data

Where it gets really creepy is when data is aggregated across multiple sites. Data brokers piece together personal information bit by bit to compile highly detailed personal profiles on millions of people — then sell the whole profile to anyone who wants it. (More on how you can remove these profiles later.)

Even when data is anonymized, advertisers can target consumers based on highly detailed attributes that might seem private: such as religion, gambling habits, or even the likelihood to become pregnant!

Personal data privacy risks erode consumer confidence

Social media companies will argue that they don’t sell data directly—they only use it to match us with advertisers—and if we’re going to get online advertising anyway, it might as well be relevant. There are two problems with that argument. First, data that’s stored can be lost or stolen. The second issue is that bad actors are now using legitimate online advertising channels to accomplish their scams. Both fuel rising consumer privacy concerns, with a whopping 81% of consumers now saying they must trust an organization to do business with it.

Now that you know what digital privacy is and why it’s important, the next question is how to protect it — and who’s responsible. Consider the layers of protection available for protecting a car. There are laws requiring door locks and setting penalties for car thieves, products like OnStar that can geo-locate and disable a stolen vehicle or ‘The Club’ steering wheel lock, proactive measures such as seeking out secure parking — and if all else fails, insurance to recoup losses. Privacy is no different.

Laws Protecting Digital Privacy

With all these threats, digital privacy is understandably a hot-button topic for state and federal lawmakers. California has led the way on state-level protection, passing both the California Consumer Privacy Act (CCPA) and the California Privacy Rights and Enforcement Act.

In Washington, D.C., both Democrats and Republicans have proposed a slew of bills, but disagreement on two key issues has stalled legislation:

1. Should a federal law preempt state laws?
2. Should individuals have the right to sue for privacy violations (private right of action)?

Whatever the outcome, the trend is clear: consumers want and need privacy protection. Increasingly consumer privacy issues put organizations at risk too. (After all, every employee from front line worker to CEO is also a consumer.) Stolen credentials or personal information from consumers can be used to mount phishing or social engineering attacks against their employers or affiliated organizations. Legislation takes time, and with the threat landscape expanding organizations can’t afford to wait around.

Organizations Differentiate on Privacy Protection

When you consider that 81% of shoppers say they must trust a brand to buy from them and 79% of Americans are concerned about how their data is being used by companies, it’s no surprise companies are investing in privacy as a competitive advantage.

While market leaders like Apple and Google make the headlines for leveraging privacy as a competitive advantage, they’re not the only ones cashing in on privacy. According to Cisco 70% of organizations saw business benefits from privacy investments, with an average ROI of 2.7x. Organizations invest in privacy in many ways:

• Transparency and coherent communication about privacy policies and practices
• Offering employees, members, or even customers subsidized access to a consumer privacy protection plan
• Prioritizing privacy when designing and building products, processes, and platforms
• Ensuring data portability

Proactive Consumer Privacy Protection

Whether purchased directly, provided as an employee benefit or club perk, or integrated into existing membership portals (e.g. healthcare or online banking) consumer privacy protection is an essential component to protect digital privacy. Basic plans include coverage for identity theft, such as fully-managed identity recovery services and reimbursement insurance. But the real value is in proactive privacy protection. Using a suite of technology solutions, consumers can take control over what personal information is shared, stored, tracked, and even sold online. Armed with knowledge and tools to protect their privacy, they become less of a target for cybercrimes — personally and professionally.

We hope this post has cleared up any questions you had about what privacy means in the digital age and why it’s worth protecting. Now that you’re a pro on all things Digital Privacy, what will you do with your newfound knowledge? Here are a few immediate steps you can take to start protecting privacy — for yourself, your employees, or your organization:

1. Make sure everyone accessing your organization’s network is using a secure password manager.
2. Provide employees a way to remove personal info from data broker sites to limit the availability of information that can support phishing or social engineering attacks. (Our new ForgetMe feature does exactly that and you can try it for free here.)
3. Give remote workers access to a VPN (virtual private network) to create a secure connection even on public wifi.
4. Disable ad tracking on your computer and devices, and use a browser plug-in to limit data tracking. (IDX Privacy offers tools for all of this.)
5. Offer employees or members access to consumer privacy protection — naturally, we recommend our own award-winning coverage, IDX Privacy.
6. Share this post with the appropriate internal privacy, HR, IT, or leadership teams to encourage a united front.

If you still have questions you can continue learning about Digital Privacy and what it means in the digital age check in this eBook.