As technology rapidly advances, it’s easy to get swept up in the excitement of new possibilities. The rise of cloud computing, in particular, has opened up numerous opportunities. However, with this increased capacity, it’s crucial to ask, “Just because we can, does that mean we should?”

Here are just a few examples of some amazing capacities that we have with technology and data:

• Predictive Analytics: Target once used buying habits to predict a woman’s due date with startling accuracy. This was discovered and became an issue when a 16-year-old girl’s father discovered she was pregnant through a packet of coupons sent by Target.
• Retail WiFi Tracking: Retailers often provide WiFi to shoppers, not out of altruism, but to combat “showrooming”—where customers view products in-store but buy them online.
  Techniques include:
  • Redirecting users to the retailer’s website when they try to visit competitor sites.
  • Capturing cell phone or email addresses to send timely coupons for products viewed in-store.
• Stadium WiFi Analytics: A sports stadium’s CIO discussed how they provide WiFi for season ticket holders, allowing them to track users’ movements and tie this data to demographic information. This helps them strategically place products and services to target specific demographics.

These examples highlight that data is a critical cyber currency, analyzed, traded, and monetized. When using “free” services, your data is often the price. Providers use this data to market more effectively, direct you to specific content, and more. This is true for many paid services as well, where secondary revenue streams come from data analysis.

With the extensive collection of data, both individuals and governments are scrutinizing security, privacy rights, and obligations more closely. The European Union’s General Data Protection Regulation (GDPR), enacted in 2018, underscores this shift. GDPR asserts that privacy is a fundamental human right and mandates businesses to protect personal data. Non-compliance can result in fines of 2-4% of global revenue. For instance, if GDPR had been in effect during Tesco Bank’s 2016 breach, the fines could have reached $2.65 billion.

GDPR also requires breach notifications within 72 hours, detailing the nature and scope of the breach. While the US hasn’t adopted regulations as stringent as GDPR, similar measures are being considered.

For individuals, this should enhance privacy expectations regarding data held by companies. For businesses, the obligation to secure data and notify stakeholders in case of a breach is increasing. Companies adhering to industry best practices tend to be better protected against breaches and their consequences. At our IT company, we regularly audit networks and conduct security testing to ensure our measures are effective.

If you’d like to discuss how we can help with your IT needs and ensure your technology practices align with these evolving standards, please contact us. We’re here to help you navigate the complexities of modern technology and data security.