Within the last week, I have received two separate emails from two different companies letting me know that my data has been breached. Damn! Not again. Personal well-written passionate emails from CEOs who sit perched nervously behind their computers (or is it their PR?), hashing out apologetic emails, anxiously hoping their share prices don’t drop. Offering us lines such as, “We take the security of our users’ personal data very seriously.” to “We offer you our sincere apologies that this has happened.” Right. If you took it seriously enough then my private data wouldn’t have ended up on someone’s croaky laptop in Latvia.
Yet with the most significant data privacy breach in history come and gone courtesy of hotel chain, The Marriot. I thought it was fitting I add some additional thoughts of my own on to the post I put together earlier this year on the Facebook/Cambridge Analytica privacy breach. Especially after scratching my head as to why that particular issue never sent people flooding onto the streets, unlike climate change or Brexit has. Perhaps it’s because of outrage fatigue.
You would think in a post-GDPR world privacy breaches like the Marriott would have been one for yesteryear, but no, the increase has caused many to speculate that we are now in a new status quo climate and that we should all make this part of the civic wallpaper. Pretty ugly wallpaper if you ask me.
Perhaps as part of our New Year’s resolution for 2019, we should just submit everything we have about ourselves in a folder to everyone we know and every company we register with. Or what about we start selling our data to companies mentioned above so at least we can make some money out of people breaching our data. Let’s put our data on Craigslist and sell it to the highest bidding hacker?
The more I think about it the more I feel uncomfortable receiving these passionate apologetic emails about privacy breaches. Not because my data has been stolen, not because these apologies aren’t sincere but because literally, nothing is happening to safeguard our data at all. No kryptonite encryption styled tool, no special quantum computing sci-fi firewall. Literally, nothing that I know of. Imagine instead of an apology I received an email from a companies CEO saying, “We just wanted to let you know your data is safe with us because Remi Malek from Mr Robot is working for us.”
It’s like someone walking into a doctor’s surgery in the 80s and managing to steal all the patient’s records including yours. If you had found that out, you would be irate, to say the least, and potentially contemplating legal action. But none of this is happening; there is no coalescing or swell of support from the civil society or the tech community on how to deal with such an enormous problem. Did GDPR fix anything? Absolutely not, not from the position where I am getting my emails.
Many accounts have been set up by me that I left behind many moons ago. I have since deleted many that I come across. It would be great if there were a tool that collected every account you ever set up and with a straightforward click asking me whether I wanted to keep it or delete it, no questions asked.
Just a couple of thoughts that might help you the next time you get an email from a CEO telling you he/she fucked up.