Controlling your own data destiny

Every year, the amount of consumer data available to companies climbs exponentially. By the year 2020, 1.7 megabytes of data will be created every second for every person on the planet. Currently, however, only 0.5% of this data is being analyzed in any meaningful way. This makes the seemingly endless news reports of data breaches even more terrifying.

Yet, consumers continue to demand—and claim they benefit from—the conveniences afforded them when companies collect and use their personal data to serve up highly tailored solutions for every need and desire.

Due to the overwhelming fear about data breaches and security risks, legislators have attempted to pass laws that give consumers more power over how and when their personal data is collected and used.

Similar to the General Data Protection Regulation that is already in place in the European Union, California’s Consumer Privacy Act is set to take effect in July 2020. This act allows consumers to know what kinds of information a company has collected about them, where the information came from, how it’s being used, if it’s been disclosed or sold, and to whom it was disclosed and sold.

Consumers can also “opt out” of allowing businesses to sell their personal information and request their profiles be deleted entirely. Companies who receive these requests have an extremely limited window of time to comply with customer requests or face hefty fines.

These laws are meant to protect consumer data, and are well-intended. But they do nothing to stop companies that would misuse consumer data in the first place. Instead, they only add another hoop to jump through, as well as fines and corporate pain to companies that were most likely complying and properly securing the data they were collecting.

Where the conversation should be directed instead, is putting consumers in control of their data through a technical solution, such as blockchain. This would enable individuals to drive their own data train and determine who’s using it, for how long and what happens when they’re done.

I’ve talked at length about the importance of blockchain for a more fine-grained approach to data governance than what is currently available. As a decentralized technology, blockchain can be shared across multiple devices. What’s promising about using this so-called “digital ledger” for data privacy is that it essentially eliminates the single point of failure—data repositories—that criminals target and hack, resulting in the aforementioned data breach catastrophes.

Better yet, blockchain technology stores any type of virtual asset like legal documents, payment or identity information, health care records, and so on. Once these data points are in the blockchain ledger, there is absolutely no way to copy, duplicate or hack into that information unless the owner specifically gives permission.

And the most beneficial part? Revoking access to use or review data can be completed through the click of a button, which is far less complicated than the solutions outlined in GDPR and the California Consumer Privacy Act.

If legislators can come together to create laws that impose nearly impossible demands on companies that want to do the right thing, I see no reason why we can’t instead shift focus and work together—legislators and tech leaders—to find a simpler way of handling consumer privacy that works for everyone.

As part of my role with the Indiana Technology and Innovation Association, these are the types of discussions I’ve encouraged industry leaders to have with our legislators. Such discussions, and enacted legislation, would let Indiana pave a way for other states and companies around the country to follow suit.•

__________

McDonald is the CEO of Fishers-based ClearObject and chairman of the Indiana Technology and Innovation Policy Committee. Send comments to ibjedit@ibj.com.

Click here for more Forefront columns.