Members of the ID2020 Alliance are united in the belief that identity is a fundamental and universal human right and that we all deserve better ways to prove who we are — both in the physical world and online.
As a community of technologists, advocates, implementers, and funders, we also believe that ethically implemented, privacy-protecting, user-managed, and portable digital ID solutions offer a better alternative to the current “data as a commodity” paradigm.
A new report from KPMG entitled, The New Imperative for Corporate Data Responsibility, suggests that the American public increasingly agrees with this perspective. Based on a survey of 1,000 respondents, the report concludes that consumers expect corporations to “take significant steps to better protect, manage, and ethically use their data.”
“The findings are unmistakable,” says Orson Lucas, Principal, KPMG Cyber Security Services. “Data privacy and protection are clear priorities for consumers. Close attention to customer data handling, management, and protection practices are key, foundational elements of establishing and maintaining digital trust.”
The report outlines valuable findings regarding how the public feels about the security of their data, the issues that concern them, and who they believe bears responsibility for creating a more secure and trustworthy digital ecosystem.
Key Findings: Beliefs
- 97 percent of respondents say that data privacy is important to them
- 87 percent believe that data privacy is a human right
- 86 percent believe that data privacy is a growing concern
- 68 percent don’t trust companies to ethically sell their private data
- 54 percent don’t trust companies to use their personal data in an ethical way
- 53 percent don’t trust companies to collect data in an ethical way
- 50 percent don’t trust companies to protect their personal data
These insights should not surprise us. After all, a majority of Americans have, at one time or another, been personally affected by a data breach. On the one hand, it is encouraging to see that public opinion is shifting; our experiences have made us all more cognizant of how our identity and personal data are being misused and mismanaged. On the other hand, these experiences are also contributing to a growing mistrust of all forms of digital ID. For those who work in this space, this is a timely reminder that, as we develop and deploy new forms of digital ID, we must do so with an intentional focus and abiding commitment to rebuild and maintain public trust.
Key Findings: Concerns
- 83 percent of respondents worry most about the theft of their Social Security Number, followed by their credit card number (69 percent), and their passwords (49 percent)
- Only 16 percent are worried about their medical records being stolen. Medical records are the most commonly cited example of data that consumers trust companies to protect (57 percent)
Given these rapidly changing consumer opinions, and with our vision of good digital ID for all as our guiding star, we at ID2020 regularly revisit the question: how do we get there?
The data suggest what we have long believed: that, in the coming years, market forces (i.e. consumer demands) will drive tectonic shifts in the data economy. But will market forces be enough?
Most telling in the data is that the public is most likely to trust healthcare companies to protect the privacy of their medical records. Laws such as the Health Insurance Portability and Accountability Act (HIPAA) and the California Consumer Protection Act (CCPA) establish robust data protections and stiff penalties for companies that mishandle data. These offer the public a degree of confidence that their health information will be held sacrosanct.
The house is on fire and that the public is finally smelling the smoke when it comes to data security. Market forces can be extremely powerful, but we expect that governments will play an equally important, catalytic role by establishing the regulatory frameworks and consumer protections necessary to rebuild trust and encourage the broad adoption of safe and secure digital ID applications.
Here as well, the KPMG data provides some valuable insights for policymakers.
Key Findings: Who is Responsible
- 91 percent of respondents say that corporations should take the lead in establishing corporate data responsibility
- 56 percent say that companies should prioritize giving consumers more control over their data in 2020
- 84 percent are open to state legislatures giving consumers more control over their data
“Data privacy issues are not going to go away,” says KPMG Cyber Security Services Principle, Steve Stein. “In fact, consumer protections around data privacy, like the ones provided by the CCPA, are very likely to be codified in other states and eventually at the federal level. Simply put, privacy laws are only going to increase in volume and rigor. That’s why visibility, protection, and trust is gaining such momentum in the marketplace and also why leading-edge companies are not looking at data privacy as just another compliance or check-the-box exercise. They see privacy as one of the pathways to growing their business by improving trust with their customers.”
So…How DO We Get There?
Identity systems rely on trust to function; trust between issuers of identity and relying parties and, critically, that of those who use the system to prove their identity to access various goods, services, and privileges.
ID2020 was established in 2016 to promote the adoption and implementation of user-managed, privacy-protecting, and portable digital ID solutions. To achieve this vision, we are working simultaneously along three tracks.
We are helping shape the market through the ID2020 Certification, which applies 41 rigorous, outcome-based Technical Requirements to certify best-in-class digital ID solutions. We are working with policymakers in the United States and internationally to advocate for the ethical implementation of better forms of digital ID. And, as the technologies continue to evolve, we are implementing programs in the field to test and apply what we learn as these systems are replicated and brought to scale.
Fully realizing the potential of digital ID will require businesses, technology providers, policymakers, and civil society to collaborate — and quickly — to build and implement functional, privacy-preserving, user-managed ID systems, and work to overcome the mistrust which could impede their broad adoption. We developed the ID2020 Alliance model to foster this collaboration.
The road to good ID for all is riddled with potholes…and we have one chance to get this right.
ID2020 is a global public-private partnership that harnesses the collective power of nonprofits, corporations, and governments to promote the adoption and implementation of user-managed, privacy-protecting, and portable digital ID solutions.
By developing and applying rigorous technical standards to certify identity solutions, providing advisory services and implementing pilot programs, and advocating for the ethical implementation of digital ID, ID2020 is strengthening social and economic development globally. Alliance partners are committed to a future in which all of the world’s seven billion people can fully exercise their basic human rights, while ensuring data remains private and in the hands of the individual.