{"id":117848,"date":"2025-07-10T07:03:12","date_gmt":"2025-07-10T07:03:12","guid":{"rendered":"https:\/\/chezaspin.com\/blog\/index.php\/2025\/07\/10\/your-data-privacy-is-slipping-away-heres-why-and-what-you-can-do-about-it\/"},"modified":"2025-07-10T07:03:12","modified_gmt":"2025-07-10T07:03:12","slug":"your-data-privacy-is-slipping-away-heres-why-and-what-you-can-do-about-it","status":"publish","type":"post","link":"https:\/\/chezaspin.com\/blog\/your-data-privacy-is-slipping-away-heres-why-and-what-you-can-do-about-it\/","title":{"rendered":"Your data privacy is slipping away \u2013 here\u2019s why, and what you can do about\u00a0it"},"content":{"rendered":"<p><a href=\"https:\/\/theconversation.com\/profiles\/mike-chapple-2341157\">Mike Chapple<\/a>, <em><a href=\"https:\/\/theconversation.com\/institutions\/university-of-notre-dame-990\">University of Notre Dame<\/a><\/em><\/p>\n<p>Cybersecurity and data privacy are constantly in the news. Governments are passing new cybersecurity laws. Companies are investing in cybersecurity controls such as firewalls, encryption and awareness training at record levels.<\/p>\n<p>And yet, people are losing ground on data privacy.<\/p>\n<p>In 2024, the Identity Theft Resource Center reported that companies sent out 1.3 billion notifications to the victims of data breaches. That\u2019s more than triple the notices sent out the year before. It\u2019s clear that despite growing efforts, personal data breaches are not only continuing, but accelerating.<\/p>\n<p>What can you do about this situation? Many people think of the cybersecurity issue as a technical problem. They\u2019re right: Technical controls are an important part of protecting personal information, but they are not enough.<\/p>\n<p>As a professor of information technology, analytics and operations at the University of Notre Dame, I study ways to protect personal privacy.<\/p>\n<div class=\"wp-block-embed__wrapper\">\n<\/div>\n<p>Solid personal privacy protection is made up of three pillars: accessible technical controls, public awareness of the need for privacy, and public policies that prioritize personal privacy. Each plays a crucial role in protecting personal privacy. A weakness in any one puts the entire system at risk.<\/p>\n<h2 class=\"wp-block-heading\">The first line of defense<\/h2>\n<p>Technology is the first line of defense, guarding access to computers that store data and encrypting information as it travels between computers to keep intruders from gaining access. But even the best security tools can fail when misused, misconfigured or ignored.<\/p>\n<p>Two technical controls are especially important: encryption and multifactor authentication. These are the backbone of digital privacy \u2013 and they work best when widely adopted and properly implemented.<\/p>\n<p>Encryption uses complex math to put sensitive data in an unreadable format that can only be unlocked with the right key. For example, your web browser uses HTTPS encryption to protect your information when you visit a secure webpage. This prevents anyone on your network \u2013 or any network between you and the website \u2013 from eavesdropping on your communications. Today, nearly all web traffic is encrypted in this way.<\/p>\n<p>But if we\u2019re so good at encrypting data on networks, why are we still suffering all of these data breaches? The reality is that encrypting data in transit is only part of the challenge.<\/p>\n<h2 class=\"wp-block-heading\">Securing stored data<\/h2>\n<p>We also need to protect data wherever it\u2019s stored \u2013 on phones, laptops and the servers that make up cloud storage. Unfortunately, this is where security often falls short. Encrypting stored data, or data at rest, isn\u2019t as widespread as encrypting data that is moving from one place to another.<\/p>\n<p>While modern smartphones typically encrypt files by default, the same can\u2019t be said for cloud storage or company databases. Only 10 per cent of organizations report that at least 80 per cent of the information they have stored in the cloud is encrypted, according to a 2024 industry survey. This leaves a huge amount of unencrypted personal information potentially exposed if attackers manage to break in. Without encryption, breaking into a database is like opening an unlocked filing cabinet \u2013 everything inside is accessible to the attacker. https:\/\/www.youtube.com\/embed\/4pZhkNmGtCo?wmode=transparent&amp;start=0<\/p>\n<p>Multifactor authentication is a security measure that requires you to provide more than one form of verification before accessing sensitive information. This type of authentication is more difficult to crack than a password alone because it requires a combination of different types of information. It often combines something you know, such as a password, with something you have, such as a smartphone app that can generate a verification code or with something that\u2019s part of what you are, like a fingerprint. Proper use of multifactor authentication reduces the risk of compromise by 99.22 per cent.<\/p>\n<p>While 83 per cent of organizations require that their employees use multifactor authentication, according to another industry survey, this still leaves millions of accounts protected by nothing more than a password. As attackers grow more sophisticated and credential theft remains rampant, closing that 17 per cent gap isn\u2019t just a best practice \u2013 it\u2019s a necessity.<\/p>\n<p>Multifactor authentication is one of the simplest, most effective steps organizations can take to prevent data breaches, but it remains underused. Expanding its adoption could dramatically reduce the number of successful attacks each year.<\/p>\n<h2 class=\"wp-block-heading\">Awareness gives people the knowledge they need<\/h2>\n<p>Even the best technology falls short when people make mistakes. Human error played a role in 68 per cent of 2024 data breaches, according to a Verizon report. Organizations can mitigate this risk through employee training, data minimization \u2013 meaning collecting only the information necessary for a task, then deleting it when it\u2019s no longer needed \u2013 and strict access controls.<\/p>\n<p>Policies, audits and incident response plans can help organizations prepare for a possible data breach so they can stem the damage, see who is responsible and learn from the experience. It\u2019s also important to guard against insider threats and physical intrusion using physical safeguards such as locking down server rooms.<\/p>\n<h2 class=\"wp-block-heading\">Public policy holds organizations accountable<\/h2>\n<p>Legal protections help hold organizations accountable in keeping data protected and giving people control over their data. The European Union\u2019s General Data Protection Regulation is one of the most comprehensive privacy laws in the world. It mandates strong data protection practices and gives people the right to access, correct and delete their personal data. And the General Data Protection Regulation has teeth: In 2023, Meta was fined \u20ac1.2 billion (US$1.4 billion) when Facebook was found in violation.<\/p>\n<p>Despite years of discussion, the U.S. still has no comprehensive federal privacy law. Several proposals have been introduced in Congress, but none have made it across the finish line. In its place, a mix of state regulations and industry-specific rules \u2013 such as the Health Insurance Portability and Accountability Act for health data and the Gramm-Leach-Bliley Act for financial institutions \u2013 fill the gaps.<\/p>\n<p>Some states have passed their own privacy laws, but this patchwork leaves Americans with uneven protections and creates compliance headaches for businesses operating across jurisdictions.<\/p>\n<p>The tools, policies and knowledge to protect personal data exist \u2013 but people\u2019s and institutions\u2019 use of them still falls short. Stronger encryption, more widespread use of multifactor authentication, better training and clearer legal standards could prevent many breaches. It\u2019s clear that these tools work. What\u2019s needed now is the collective will \u2013 and a unified federal mandate \u2013 to put those protections in place.<\/p>\n<p><em>This article is part of a <a href=\"https:\/\/theconversation.com\/topics\/data-privacy-series-175900\">series on data privacy<\/a> that explores who collects your data, what and how they collect, who sells and buys your data, what they all do with it, and what you can do about it.<\/em><\/p>\n<p><a href=\"https:\/\/theconversation.com\/profiles\/mike-chapple-2341157\">Mike Chapple<\/a>, Teaching Professor of IT, Analytics, and Operations, <em><a href=\"https:\/\/theconversation.com\/institutions\/university-of-notre-dame-990\">University of Notre Dame<\/a><\/em><\/p>\n<p>This article is republished from <a href=\"https:\/\/theconversation.com\/\">The Conversation<\/a> under a Creative Commons license. Read the <a href=\"https:\/\/theconversation.com\/your-data-privacy-is-slipping-away-heres-why-and-what-you-can-do-about-it-251768\">original article<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"<p>Mike Chapple, University of Notre Dame Cybersecurity and data privacy are constantly in the news. Governments are passing new cybersecurity laws. Companies are investing in cybersecurity controls such as firewalls, encryption and awareness training at record levels. And yet, people are losing ground on data privacy. In 2024, the Identity Theft Resource Center reported that [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-117848","post","type-post","status-publish","format-standard","hentry","category-uncategorized","entry"],"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"","jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/chezaspin.com\/blog\/wp-json\/wp\/v2\/posts\/117848","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/chezaspin.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/chezaspin.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/chezaspin.com\/blog\/wp-json\/wp\/v2\/comments?post=117848"}],"version-history":[{"count":0,"href":"https:\/\/chezaspin.com\/blog\/wp-json\/wp\/v2\/posts\/117848\/revisions"}],"wp:attachment":[{"href":"https:\/\/chezaspin.com\/blog\/wp-json\/wp\/v2\/media?parent=117848"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/chezaspin.com\/blog\/wp-json\/wp\/v2\/categories?post=117848"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/chezaspin.com\/blog\/wp-json\/wp\/v2\/tags?post=117848"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}