Don’t blame Marriott, blame identity

Many of you have now heard of or read about the Marriott data breach — with its “500 million” headline number of customers, a subset of whom, even had their passport info stolen, the NYTimes reports.

It’s convenient to look at this situation and put the blame on Marriott. They should have done better. They should have invested more heavily in security. They should protect the privacy of their customers. Ultimately, it’s their responsibility.

But it’s also an impossible task.

Marriott, after all, is in the hotel and hospitality business. Not the cybersecurity business. And consider that even tech-centric companies hailing from the Valley — Google, Facebook, and Quora — firms with the top engineers in the world all announced fresh breaches over the last couple of weeks.

You could have the best technology, the best security team, and still be vulnerable. With many vectors of attack involving a human element, it’s not hard to see why.

And for companies, these breaches are becoming ever more costly. As CNBC’s Carl Quintanilla noted on Twitter, referencing a Morgan Stanley report, these breaches have a material long term impact on stock price.

This is compounded by new privacy regulations in Europe such as GDPR (with analogues soon to arrive in the States) that levy potentially huge fines for data missteps.

The scrutiny and costs of privacy have some firms so worried that they’re pivoting their business models to lessen their exposure.

Because for companies like Marriott is, just like their customers, the victim here. But they’re not just victims to nefarious hackers.

They’re also victim to a system that is fundamentally broken. With today’s systems, customers expose themselves with each new transaction, each interaction with a new company, giving up their personal information time and time again.

That’s bad for companies because a breach is always around the corner. It’s bad for consumers because their privacy is inevitably violated, and worse, they have no ownership or control over their own identity.

The thing is, there’s a solution for all of this. One in which companies can go back to doing what they do best without the Sword of Damocles hanging over their head. And individuals can regain control over who they are.

It’s a solution that requires a new approach to thinking about out identity — one in which every individual has a right to a portable, digital identity.

It’s also why we’re so excited about the work we’re doing here at globaliD.

Read the globaliD white paper here.