The role of government
When businesses are obligated by regulations (and punitive fines) to publicly disclose when information is lost or stolen, they are incentivized to improve the controls and procedures in place to ensure the safety of the data residing on their networks. For firms in industries handling highly sensitive data such as banking and health care — which are already subject to specific cyber-risk regulations to show accountability for the data they retain on customers — this is a major benefit.
The world of digital commerce will need to develop the same consumer confidence moving forward by using consistent data retention language that is transparent and understandable. The National Institute of Standards and Technology has been helping with this goal by developing a Privacy Framework, collecting information on industry best practices and technology tools so that it can review and recommend the best voluntary principles and guidelines. With this information businesses can “better identify, assess, manage, and communicate about privacy risks” as part of a data protection program to enjoin confidence and trust with consumers. These principles are designed to highlight the benefits innovative technologies can bring to consumers’ lives while understanding the privacy needs of individuals. Harmonizing data protection standards across industries will help clear confusion surrounding conflicting language in service agreements, data retention, and data aggregation. These new guidelines will create accountability for the use of personal data that businesses have collected and ensure transparency on how data are maintained or used by their systems.