Rest Assured — Most Companies Aren’t Stealing Your Data
Here’s what you need to know about your information in the hands of others.
You’ve likely seen a fair amount in the news about how companies like Facebook, Google, and Amazon are hoarding every piece of information about their users they come in contact with. Sometimes it’s being used to better serve ads, or suggest products you might like; but most notably sold to others for profit.
I’m here to tell you, that’s not the case. At least for a majority of the smaller companies you interact with, because keeping data in today’s world is a burden. In fact, it’s a task forced upon the IT (Information Technology) side of any operation that takes a massive effort to manage properly — if those in charge are managing it at all.
What it Takes
It requires storing, tracking, auditing, searching, deleting, and building systems to capture and retain this data in the first place: all of which is essential to a successful business. This can be hard though. Especially when the level of effort to properly manage data increases exponentially as the data set grows. Thus leaving most smaller businesses without the resources to invest in larger management operations.
It just so happens that companies like Amazon and Google do though. Giving them the edge as they own, host, and manage massive data warehouses with scalable programming to help make this operation easier. These warehouses are capable of expanding quickly when needs arise, and allow the host to offer up those services to the other companies you interact with through the term “cloud” storage.
You might be asking, “Wouldn’t that mean that those smaller companies are giving our data to the big guys anyway?”
Well not quite. A majority of the time the data being stored is encrypted for legal or business practice reasons, meaning while they might have the data physically, they can’t actually access it. Think of it like giving your friend (who’s never played an instrument before) a bunch of sheet music to hold on to. They will have no way to read it without first being trained, or in this example, given the key to decipher it.
The Cost and Risks
As data is constantly changing, but mostly growing, it needs to be managed. Another big reason companies aren’t retaining your data is actually exactly that. To keep 15 years worth of your transactions doesn’t benefit them. Maybe the last 3 years, for legal reasons, but past that it’s useless information costing them money to store on a server. The more they can get rid of, the less they have to pay. This in turn also reduces risk.
That risk comes mostly in the form of data breaches. If a nefarious actor were to get in, having only a few years worth of customer data greatly reduces the amount of people affected, as well as any sort of compensation damages the company may have to pay.
Protections
Now each and every company has their own way of handling data based on type, but oftentimes depends more on what laws there are for that information specifically. To add to the complexity, each country, and every state can have it’s own laws in regard to data privacy as well.
A great example is from the EU and it is the GDPR (General Data Protection Regulation) which gives anyone within the EU the right to be forgotten. Even if you are a US company, if you deal with customers in the EU, you have 30–60 days from receiving a request, to prove that you have erased all information pertaining to the requester.
A similar law passed quite recently in California called the CCPA (California Consumer Privacy Act) giving California residents the right to request from any company, access to their own personal information, that their information is not sold, and to be forgotten. It’s laws like these that are reigning in the bigger tech giants as sanctions from countries/states can be hefty. Of course these regulations also apply to smaller companies, and do a great job at emphasizing how important it is to manage the minimum necessary when it comes to personal data.
Now What?
Data is complex, tricky, and actually a nuisance for many companies outside the essentials of a user profile. If they can avoid it, they will, but that doesn’t mean that breaches won’t happen. Or that they’ll take all the necessary measures to keep your information safe. What this does mean though, is that there is still privacy to be found within many of the businesses you interact with. We can at least take some solace in that.
As always, avoid giving out personal information unnecessarily.
“All human beings have three lives: public, private, and secret.” — Gabriel García Márquez
