Data Security Concerns Are Driving Changes in US Consumer Behavior and Demands | So Good News

It is no longer a problem if but when data breaches will happen – and consumers are taking action. In the age of digital services, this is a critical development because it means that many US consumers now want the power to make informed decisions about how their data is used, stored, and processed. And for US law enforcement agencies, it means that data protection will soon be a big topic on the ballot.

According to the latest Thales Consumer Digital Trust Index, nearly half (48%) of US consumers say they have experienced a data breach – higher than their global peers, at 33%. The number of cyberattacks in the US has put data security in the public eye, and consumers are looking at data breaches affecting millions, including the 2021 cyberattack of T-Mobile and Drizly’s 2020. Now, they are starting to make informed decisions about how they want their data to be managed first.

People Are Taking Data Protection Into Their Own Hands

Hacking and ransomware attacks have been the subject of many headlines and news stories, and one in 20 victims said they first heard about it on the news. 11 percent of those companies took six months to notify consumers of a data breach — a failure of the companies in question.

This weak transparency has led consumers to take security matters into their own hands, as they realize that doing nothing is not an option. More than a fifth have stopped using a company that has been compromised, with the majority asking the company to delete all of their personal information, while others are monitoring their accounts out of suspicion (21%).

These actions show that data protection is a priority for consumers, and it is good for organizations to help them share this responsibility, among other things. Allowing for additional security on digital accounts, such as two-factor authentication (2FA), gives consumers a sense of control over their information – and peace of mind is a key factor in building trust.

Paying the fine is not enough

As for what they expect from companies that fail to keep their data, the economic costs and environmental consequences. Of the consumers surveyed, 53% believe that companies should provide compensation to victims, but, when it comes to law enforcement, only 31% believe that companies should receive large fines for breaking the law, meaning that it is more important than the point of view of consumers. What consumers also want are good data protection measures – not huge fees.

However, the methods that consumers believe should be used differ. More than half believe companies should be forced to improve data security following a breach. This includes encryption and 2FA, which have been favored for a long time. And less than half believe companies should be subject to stricter rules – for example, 12 to 14 months of supervision after a breach. Some believe that companies need to hire more internet professionals – but the prevailing opinion is that managing the process would be a big change.

Looking at the Future of US Privacy and Security

One potential challenge to this oversight is the American Data Privacy and Protection Act (ADPPA). Similar to the European Union’s General Data Protection Regulation (GDPR), which sets important guidelines for consumer data in Europe, the ADPPA is a well-known federal privacy policy in the US that will meet security and privacy requirements. The proposal, which is due in July 2022, could also face a number of obstacles, including conflicts between government and government privacy rights and the return of tech giants.

While we wait to hear about the progress of this law, it is clear that if it does not become law soon, something must provide a modicum of oversight. In order to better understand the type of change that will be effective, it is important to understand the attitudes of consumers around data protection in the US, and for organizations to provide better protection in their digital services, at this time.

In the digital world, data privacy and security cannot be left behind. With GDPR leading as an example, there is not only a need for similar federal legislation in the US, but a call for US consumers who are tired of knowing they are being breached, leaked, or otherwise attacked. They are ready to take data protection seriously, and it is time to see federal protection implemented.