As the world becomes increasingly more digital, we have witnessed a large rise in privacy tech companies. These startups are aimed at enhancing cybersecurity and helping consumers protect their personal information online.
While this may appear like a noble mission from the outside, it appears they have several blindspots and that much more can be done to meet the ‘data privacy’ expectations of individuals and businesses alike.
Continue reading below as we dive into where these privacy tech companies are falling short, and what you can do to best protect yourself.
Where Privacy-Tech Companies Miss the Mark for Data Privacy
Today, much of the focus on online privacy tends to be on cookie consent. Anyone who has been on the internet over the past few years knows what this looks like. You visit a website for the first time, and you’re prompted to consent to its cookies which allow trackers to access and process your personal data.
While cookies are essential to a seamless and modern-day internet browsing experience in most cases, they also make your personal data much more vulnerable. So even though new regulations have pushed these companies to ask for your permission to track your personal data, there is still much more that can be done.
Privacy-preference frameworks like ‘cookie consent forms’ do not provide sufficient information or explanation to individuals as to how their data will be collected/stored/disseminated based on their preferences. Most are overly generic and follow boilerplate templates whose details we all tend to gloss over.
Furthermore, how can we ensure that the online services are actually implementing these policies, as per our preferences? More complex issues include “what difference will it make to the end-user who chooses to hold back all personal information versus the one who allows the collection and sharing of their personal data?”.
When we specify our preferences on a new website or application, what is the incentive to share anything but a very minimal amount of information with the service provider? With this, “do not share my personal data” and “allow only necessary cookies” are really the only options that anyone should pick! Unless the benefit of sharing more information is clear to the user, why should they share more than the absolute minimum?
Service providers need to clearly and truthfully explain what user data is required/utilized and for what specific purposes. If the exact same level of functionality and user experience can be delivered/achieved with less access to information, then that’s all that should be collected in the first place.
For example, instead of having your exact address, having a zip code alone may be good enough to customize your experience. Similarly, instead of your exact date of birth, just your birth year is likely sufficient to make recommendations. In this instance, only zip codes and age-in-years should be collected by the service provider.
Thus, a good data privacy framework needs to be much more than just consent management for cookies. Online service providers and websites need to give customers a way to review the personal data that is being stored on each site, and not just ask for their consent to collect it one time and be done with it.
Data Privacy Beyond Personal Information
Personal information, while being a great starting point for defining what constitutes private information, is not where the definition of ‘private data’ ends!
Individuals and organizations both subscribe to a much broader notion when it comes to defining ‘what constitutes private and sensitive information’, which needs to be taken into consideration by service providers and application developers.
This is most crucial when we are referring to information contained within unstructured data, such as files and documents. It is hard for service providers to automatically classify whether a file contains sensitive or private information. Such classification can often be subjective and depend upon the individual or organization that owns the data.
Today’s SaaS applications, especially those supporting storage and sharing of files and documents, do not provide any mechanism for users to specify which files they consider sensitive. Ideally, such data should be handled with extra care and the principle of ‘minimal access’ and ‘minimum information disclosure’ should be adhered to.
So, given the fact that unstructured data makes up the majority of data that we are generating today, the difficulty of classifying them easily leaves a large portion of our data and information vulnerable to attacks. Online service providers that help us generate, collect, and disseminate potentially sensitive information need to provide greater controls to the data owners to protect “what they consider or know to be sensitive information”.
In sum, it should be easy to apply a higher degree of protection to sensitive data without compromising the usability, availability, or shareability of the protected data items.
Data Encryption as the Solution
So as you interact with data-centric applications on the web, how can you best protect your sensitive data? This is especially true with the emergence of privacy-tech companies that are leaving such a large hole when it comes to the protection of unstructured data.
The good news is that with user-controlled encryption (wherever possible), you–the data owner–will have granular control to determine which sensitive data items are accessed, at what time, and for what purpose. You will no longer grant authorization to service providers or any third-party apps for an unknown scope and length of time. You can have full control and allow your data to be used on your own terms.
With GarbleCloud, you can leverage smart encryption for your files and documents in the cloud, without compromising on collaboration and search functionality. We’re simplifying data encryption for the modern workforce, helping protect corporate data from external malicious attacks. It’s simple and easy to use, with no software downloads or installation required.
Try GarbleCloud today for free and see how you can turbocharge your data security.