With the California Consumer Privacy Act (CCPA) going into effect on January 1, 2020, I think it’s timely to look at how digital natives may change the way we view data privacy altogether. If you were a toddler when Voyager 1 and 2 buzzed Saturn in 1980 and 1981 respectively, you are a digital native, as is anyone who came along after you. Maybe you started high school when email and file-sharing started going mainstream, and by the time you graduated, The New York Times had a homepage, at least one of your parents was likely online, and we, consumers at large, were beginning to experience FOMO (fear of missing out) if we weren’t online.

Ubiquitous tracking and big data pools as we know them today weren’t even a glimmer in a mad data scientist’s eye back then — and yet, people born before we learned who shot J.R. (or digital immigrants, as they came to be known) had already been making privacy mistakes for years.

Privacy Habits of the Past

Although the term was coined in the 1960s, identity theft has been with us for much longer. This author shares a name with a notorious horse thief, born Henry McCarty in the 19th century American Wild West. This scoundrel misappropriated the name William Bonney from an obituary in a New Jersey newspaper before he went west and famously fell into considerable mischief.

Two generations after his demise, the U.S. government began handing out identifiers for the new Social Security program. That’s where the trouble began in earnest. Many states put that number on their state-issued driver’s licenses — and this practice wasn’t banned until 2005. When Medicare came along in the 1960s, the Social Security number (SSN) was used as an identifier for each recipient. It was convenient, and it seemed like a good idea at the time, but the practice was officially ended in 2017.

Another habit we all got into long before digital natives started tagging themselves in hundreds of social media photos was putting our driver’s license numbers, addresses and phone numbers on the face of our checks. Credit cards weren’t widely accepted at grocery stores until the late 1990s, and who wanted to carry cash? None of us wanted to wait in long lines while the cashier wrote our phone and driver’s license numbers on our check to guard against fraud. It was easier and faster to have the info printed right on the check when we ordered them. The banks knew all about it. It was convenient, and yes, it seemed like a good idea at the time.

As we started using credit cards more broadly, we found ways of getting into even more privacy trouble. Rewards programs started sprouting like weeds. There were airline miles, discounts at the check stand and loyalty points for every possible purchase. Now, we coin new currencies faster than influencers gain followers. For 15 percent off, we allow our pharmacy, grocer, clothier and online retailer to track everything we buy, and we’d dutifully bark our phone number at clerks with people all around us to make sure we got credit for every purchase.

Digital natives certainly aren’t alone in posting photos, videos and online journals from their own social media accounts. While it might be easier for someone who grew up with the technology to post a fully captioned photo that tags five friends or colleagues, the consequences seem to vary more by the reach of the social profile in question than demographic factors. These consequences can range from varying degrees of embarrassment to ostracization and severe career impact. Sharing photos, videos and inner thoughts seemed like a good idea at the time — just like sharing SSNs, driver’s license numbers and phone numbers did before.

Data Privacy Expectations Are Rapidly Evolving

Our collective attitude toward data privacy is changing as we learn more about how maintaining data privacy is both desirable and difficult. We are now more attuned to the effects of sharing and the consequences of subtle privacy violations. In short, we’re in an era of rapidly evolving data privacy expectations. We’re increasingly turning to regulators to help us corral entities who would sell pieces of our information that we wouldn’t necessarily share on our own. Partly due to the experiences of digital natives, we are reconsidering the rules of data sovereignty.

As the consequences of data sharing become more evident (think public shaming versus identity theft) and long-lasting (searches often expose events going back decades), we are recognizing that our online images and thoughts can define us and should be owned by us, regardless of whether we fully understood the impact of sharing them. If a musical group can stop a political campaign from using its song or an actor can stop a merchant from using their image in an advertisement, it is my opinion that each of us should be able to determine how our images and musings may be used by collectors and whether to allow their collection at all.

The Berne Convention, which was adopted way back in 1886, established that publication alone is enough to establish a copyright. I’d assert that it’s not much of a stretch to extend that to what we publish about ourselves, whether that information is generated intentionally or as a byproduct of living in the digital age.

Should We Have Personal Sovereignty Over Our Data?

Regulators alone cannot solve this problem. It seems to me that what digital natives have asked us to do — sometimes explicitly, but often indirectly — is create the technical means to grant and revoke permission to collect, access, use and share the data we all produce.

Regulators could force each covered entity to create processes whereby current data subjects can request agency over their data privacy. New technologies could be created to encode each atomic unit of data and establish clear ownership. With options such as blockchain and smart contracts, I believe we could honor evolving data privacy expectations and enable data subjects to set or change the rules to which data brokers and users must adhere. If those parties fail to act in accordance with those rules, they could be prohibited from using that data.

Certainly, this concept has a more complex application when it comes to the digital exhaust we create (think location data and log data) as opposed to data elements that are more obviously descriptive, but this seems like more of an architectural challenge than one of scale to me. After all, we’ve managed to solve the scale problem for collection and use. As I see it, giving data subjects sovereignty over their data seems like a logical next step for our time — one that might just remain a good idea as we look back on this time years from now.

More from Data Protection

Data security tools make data loss prevention more efficient

3 min read - As businesses navigate the complexities of modern-day cybersecurity initiatives, data loss prevention (DLP) software is the frontline defense against potential data breaches and exfiltration. DLP solutions allow organizations to detect, react to and prevent data leakage or misuse of sensitive information that can lead to catastrophic consequences. However, while DLP solutions play a critical role in cybersecurity, their effectiveness significantly improves when integrated with the right tools and infrastructure. Key limitations of DLP solutions (and how to overcome them) DLP…

Defense in depth: Layering your security coverage

2 min read - The more valuable a possession, the more steps you take to protect it. A home, for example, is protected by the lock systems on doors and windows, but the valuable or sensitive items that a criminal might steal are stored with even more security — in a locked filing cabinet or a safe. This provides layers of protection for the things you really don’t want a thief to get their hands on. You tailor each item’s protection accordingly, depending on…

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

Cost of a data breach: The evolving role of law enforcement

4 min read - If someone broke into your company’s office to steal your valuable assets, your first step would be to contact law enforcement. But would your reaction be the same if someone broke into your company’s network and accessed your most valuable assets through a data breach? A decade ago, when smartphones were still relatively new and most people were still coming to understand the value of data both corporate-wide and personally, there was little incentive to report cyber crime. It was…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today