Privacy is in the news. Consumers worry about data breaches related to their transactions, finances and healthcare. Hackers bombard networks with ever more sophisticated phishing attacks, seeking to exploit network vulnerabilities. The European Union has implemented an upgraded data protection regime, designed to give control of personal information back to the individual citizen. In July, California passed a sweeping new privacy protection act for state residents.
Yet as the privacy bus teeters at the edge of a steep road, the U.S. Congress and President seem to be asleep at the wheel, offering fiery rhetoric at televised hearings, but making no progress on concrete consumer protection legislation. The paralysis at the federal level benefits neither companies nor consumers, as the time has come to craft new laws for an economy increasingly driven by data profiling and artificial intelligence.
At this important juncture, government should act to create both market competition and data protection. The era of laissez faire deregulation has ended, as the dramatic series of data breaches has illustrated over the past few years and most Americans have felt the pinch of either identity theft or data exposure. Companies have simply not invested enough in either security or data governance. If government at all levels can set standards for protection of personal data, companies will adopt to the rules of the road and build business models accordingly. Usually, we look for the federal government to take the lead, but few expect that to happen in the current stalemated political environment in the “other” Washington.
We can either move to a more European model, recognizing privacy as an essential human right, or we can strengthen the consumer protection statutes more rooted in American concepts of law. Whichever path we choose, the time for action has come.