How to Protect Your Data Privacy from Erosion

Mike Chapple, University of Notre Dame

In recent years, the domains of cybersecurity and data privacy have made frequent headlines as governments implement new regulations and organizations invest heavily in security measures. As detailed in a recent analysis, legislators are increasingly enacting laws aimed at bolstering cybersecurity protocols. Concurrently, businesses are pouring resources into security technologies, including firewalls and encryption, reaching unprecedented spending levels as noted by Gartner’s latest forecast.

However, despite these promising efforts, data privacy appears to be deteriorating.

According to the Identity Theft Resource Center, 2024 saw a staggering 1.3 billion notifications issued to victims of data breaches, a figure that has tripled from the previous year. This alarming trend illustrates that, despite expanded cybersecurity initiatives, personal data breaches are not only persisting but escalating.

Many individuals view cybersecurity as primarily a technical concern, and while technical controls are vital, they alone cannot resolve the issues at hand.

As a faculty member in information technology, analytics, and operations at the University of Notre Dame, my research focuses on strategies for enhancing personal privacy protection.

Effective personal privacy protection hinges on three foundational elements: robust technical controls, heightened public awareness about privacy needs, and policies that prioritize individual rights. A deficiency in any of these components can jeopardize the entire privacy framework.

First Line of Defense: Technology

Technology serves as the primary barrier against unauthorized access to sensitive data. It includes measures like encryption, which secures information during transmission to thwart potential intruders. Yet, even the most advanced security systems can falter when misconfigured or poorly managed.

Two critical technical measures include encryption and multifactor authentication, which form the backbone of digital privacy. Their efficacy is maximized when implemented correctly and adopted widely.

Encryption converts sensitive data into an unreadable format requiring a specific key for access. For instance, HTTPS encryption is utilized by web browsers to safeguard information during secure connections, averting eavesdropping by unauthorized parties. Presently, the majority of web traffic is protected through this method.

Despite advancements in encrypting transmission data, breaches persist. This highlights the need to guard data when stored across devices and servers, an area often lacking robust security measures.

Securing Stored Data

Protection for data at rest, found on laptops, phones, and cloud servers, is crucial. Unfortunately, encryption of stored data lags behind real-time transmission methods. Although modern smartphones typically come with built-in encryption, many cloud services and organizational databases do not. According to a 2024 industry survey, only 10% of organizations reported that at least 80% of their cloud-stored data was encrypted, leaving a significant volume of sensitive information vulnerable to exploitation.

Multifactor authentication, which demands multiple verification forms for accessing sensitive information, significantly bolsters security compared to a single password. It typically combines knowledge (a password), possession (a smartphone app), and something intrinsic (like a fingerprint). Correct application of multifactor authentication can reduce compromise risks by 99.22%.

Despite the fact that 83% of organizations mandate multifactor authentication for employees, millions of accounts still rely solely on passwords. As cybercriminals grow increasingly sophisticated, bridging the 17% gap in multifactor adoption is vital for enhanced security.

This security measure represents one of the simplest yet most powerful steps organizations can take to mitigate breaches, but its utilization remains suboptimal, leaving substantial room for improvement in defending against attacks.

Fostering Awareness

Even the most advanced technological measures can falter if human error is involved. Facts from a Verizon report indicate that 68% of data breaches in 2024 were influenced by human mistakes. Organizations can address this risk through effective employee training, careful data minimization, and stringent access controls.

Additionally, establishing policies, conducting audits, and developing incident response plans equip organizations to mitigate potential data breaches. Strengthening defenses against internal threats and physical breaches should also include measures like securing server rooms.

Public Policy and Accountability

Robust legal frameworks hold organizations accountable for maintaining data security and empowering individuals regarding their data. The European Union’s General Data Protection Regulation exemplifies such legislation, enforcing stringent data protection practices and granting individuals rights to access and manage their personal data. Notably, Meta faced a €1.2 billion fine in 2023 for non-compliance with these standards.

In contrast, the United States lacks a comprehensive federal privacy law despite ongoing legislative discussions, leaving a complex landscape of state regulations and industry-specific rules – such as the Health Insurance Portability and Accountability Act for health data – to fill existing gaps.

While some states have established their own privacy regulations, this fragmented approach provides inconsistent protections for American consumers and creates substantial compliance challenges for businesses operating nationwide.

The mechanisms, frameworks, and awareness necessary to safeguard personal data are certainly in place. However, the utilization of these resources remains insufficient. By enhancing encryption practices, expanding multifactor authentication deployment, investing in training, and establishing clear legal guidelines, many breaches could be averted. The effectiveness of these tools is evident. What now remains is the collective commitment and coordinated federal efforts to enforce these necessary protections.