The Washington media often treats regular citizens as if they are as hopelessly divided as the political class. The American people, however, continue to prove they are more adept at forging consensus than their elected representatives. There’s no better example than the popular outcry over online data security. With data breaches continually in the news, and a roiling public debate over the responsible use of “big data,” Americans have been crying out for a sensible policy response that both protects consumers’ personal data and also preserves the climate of innovation that fuels the online economy.
Unfortunately, this pursuit of sensible consumer protections is often hijacked by advocates of European-style restrictions on the transfer of data online. Such proposals, however, are unworkable and indeed counterproductive: after all, the modern economy is built on the exchange of information.Indeed, truly protecting consumers online doesn’t include restricting the exchange of information online. It means giving Americans the tools they need to harness that exchange while protecting their personal data. It means empowering us to make the most of the vibrant, ever-evolving exchange of information we call the Internet.
As a first step, the Federal Trade Commission and other authorities must step up their efforts to combat the growing ranks of hackers and other online criminals who would run roughshod over our online economy.
The high profile data breaches of Target, Michaels and now Home Depot are only a few recent instances. Indeed, last year alone saw 614 data breaches expose 552 million identities. Meanwhile, 13.1 million Americans became victims of identity fraud. And, lest you think this is just a corporate problem, the government has itself experienced its own share of data breach headaches. Just last month, a massive breach of a federal contractor endangered the records of up to 25,000 federal employees.
Astonishingly, however, the government has yet to even enact a standard for notifying consumers whose data is breached, let alone provide consumers and businesses the tools they need to begin fighting back to better prevent hacks and breaches from occurring in the first place. As a result, consumers are left to contend with rising online fraud alone. Consumers also need the FTC and other agencies to help corporations fend off hackers by providing best practices for data security.
And that is to say nothing of when the government itself misuses data. This isn’t a hypothetical threat: government data mishaps can deny veterans’ the benefits they have earned, expose veterans or government employees’ personal data, block seniors from the Medicare they rely on or erroneously link law-abiding Americans to crime or terrorism. The data-driven economy has evolved too quickly for government bureaucracies to keep up; that’s why a balanced approach to online consumer protection and security also means reforming and updating the government’s own data practices.
Similarly, policymakers must consider how to promote the benefits of “big data,” while also preventing its misuse. As the FTC has itself recognized, aggregated online data offers myriad benefits to Americans; it can help us spot online fraud, save energy, identify trends in health care and make advertising more efficient for consumer and advertiser alike. Yet abuses are also possible, which is why the FTC is holding a workshop today on the effects of “big data” on low-income and underserved consumers—an important first step in what must be an ongoing conversation.
Indeed, safeguarding Americans online means ensuring that the data-driven economy is the tide raising all boats; it means harnessing the power of big data to stamp out the predatory practices of the past. For example, insurance companies, employers and colleges should not be able to use family members’ data against relatives, potential employees or kids applying to schools. We should examine whether Laws should be adapted and updated to respond to these emerging harms, like expanding consumer protections akin to the Fair Credit Reporting or Genetic Non-Discrimination Acts.
Mistakes will inevitably be made and, when they do, we need mandated corporate due process that provides near real-time, hassle free, complete corrections for any harms caused. This will increase society’s confidence that participants in our online economy can safeguard consumers’ personal data wisely and responsibility.
A balanced online consumer protection and data security policy will not only protect consumers; it will guide innovators in their quest to provide new, beneficial, data-driven tools. From saving energy to health care trends, the benefits of this new economy seem endless. By acting now, we can empower Americans to take advantage of these benefits while resting assured that their personal data cannot be used against them.