Privacy and security have common elements but are different. Digital privacy choices are made based on the beliefs and perceptions of what can be shared and what should be kept discreet during communication. There has been a proliferation in the use of social networking sites. As a result, many individuals, firms, and communities view a loss in privacy as the result of a cybersecurity incident. However, not all cybersecurity incidents result in a privacy loss and not all privacy loss is the result of a cybersecurity incident. Privacy regulations provide the building blocks to ensure that sufficient data privacy standards are abided and that there are consequences for non-compliance, which in most cases are fines and levies to the defaulting organization. These regulations should provide guardrails to protect individuals and organizations by requiring data owners to be better stewards of that data. The problem is that technology changes at a faster pace than regulations can be created, so there is always a lag in the implementation.
TopIntroduction
The privacy of digital information is one of the most complicated issues to address as it transcends many directions. Data Privacy and cybersecurity have common elements but are different concepts. Privacy choices are made based on the beliefs and perceptions of what should be shared and what should be kept discreet during communication. Cybersecurity protects the confidentiality, integrity, and availability of systems and data. It is the common areas that provide a “conceptual blurring of boundaries between privacy and security” (Conger & Landry, 2008, p. 3). As a result, many individuals, firms, and communities view a loss of privacy as the result of a cybersecurity incident. A cybersecurity incident can lead to a breach of privacy, which may result in the loss of personal data which also includes Personally Identifiable Information (PII). This incident may result in the loss of confidentiality, integrity, or availability. The general principle is that once one of these tenets is compromised, there has been a breach of security of the organization or individual. Stevens (2010) proposes that “a data breach occurs when there is a loss or theft of, or other unauthorized access to, data containing sensitive personal information that results in the potential compromise of the confidentiality or integrity of data.”
However, not all cybersecurity incidents result in a privacy loss, and not all privacy loss results from a cybersecurity incident. “Privacy and cybersecurity risk overlap concerning concerns about the cybersecurity of PII, but there are also privacy concerns without implications for cybersecurity and cybersecurity concerns without implications for privacy” (Boeckl et al., 2019). The best way to illustrate the overlap and differences is with the Venn diagram, as shown in Figure 1. Data privacy issues can be addressed from ethical, legal, and technological viewpoints. This chapter will examine data privacy through the lens of government regulations in technology. Examples of social media, Internet of things (IoT), voice-based assistants, and tracking will facilitate this examination to review technology and privacy concerns.
TopGovernment Regulations For Protecting Privacy
Government regulations should provide the building blocks to ensure that sufficient data privacy standards are abided-by and that there are consequences for non-compliance, which in most cases are fines and levies to the defaulting organization. For example, a 2019 Pew Research Center survey discovered that “Over 60% of U. S. adults reported that they did not think it was possible to go a day without the government or companies collecting data from them” (Brown, 2019). Determining if the government collects more data than private organizations is challenging. The government keeps and processes data for its citizens and has jurisdiction to collect data from private companies. In addition, the government is involved in surveillance activities using government-owned assets like cameras and partnerships with private organizations like telecommunication companies.
Suppose digital privacy is a modern-day issue that gets addressed using common-law principles. How does the government step up to fill the void of abuse of personal information within social networking sites? The problem of perception of the citizens of the government interfering in what is supposed to be their business. Can governments work with companies that own and manage social media sites to ensure they correctly classify data and restrict or hash out personally identifiable information used within their platform to better protect individuals’ right to digital privacy? To what extent can the government dictate what gets posted on a social networking site? Primarily when that social media site may be owned and operated in another country. One can argue that the government’s interaction with technology can impact innovation; however, without controls in place, the companies that hold and control the social media platforms can potentially leverage the data for their own gains.