The General Data Protection Regulation (GDPR) went into effect in the European Union a year ago this month. GDPR, which gives EU citizens more control over their personal data by mandating how businesses must handle that information, has attracted great interest around the world. In addition, it has inspired government officials elsewhere in the world to develop laws addressing consumer data privacy concerns.
In recognition of GDPR’s first anniversary, nCipher Security conducted a survey to gauge American awareness of and sentiment about data privacy and security laws and issues.
The results illustrate that data privacy has become a hot-button issue for Americans. It points to a healthy distrust among Americans about data sharing. And it offers a look at how Americans view data privacy responsibility and what they know about data protection regulations.
Many Americans indicate data protection is key to their survival
The survey data indicates that protecting personal information has become of paramount importance for many Americans. More than half (52%) of Americans said data privacy is important to them. Forty-one percent said protecting their personal information is their top concern.
Thirty-two percent said safeguarding their personal data is as important to them as their own physical protection. Six percent said only protecting their family is more important than protecting their personal data.
People distrust how organizations handle their data
There’s a healthy amount of distrust among Americans today about how organizations are using their personal information.
Sixty-four percent said they don’t feel organizations are completely transparent with how they use their customers’ personal data. Almost half (49%) said they don’t trust companies to keep their private data secure. That may explain why 44% said they don’t want to share their personal data under any circumstances.
The research also revealed that:
- Only 4% of the respondents trust organizations to do what they say they’ll do when it comes to not sharing their personal data
- 28% said nothing makes them trust that their personal data will not be shared
- 61% of Americans are not OK with some organizations sharing their private data
Nearly half of Americans have no idea what GDPR is about
Although personal data protection is clearly important to many Americans, 41% were unable to discern what GDPR stands for, even when provided with General Data Protection Regulation as one of the answers. That’s despite the fact that GDPR – which is widely considered a step in the right direction in the battle to prevent data misuse – has been in the news recently, with French regulators’ move to fine Google $57 million for GDPR non-compliance grabbing headlines.
Many look to the government to address personal data privacy
When asked whether the U.S. should adopt personal data privacy laws similar to those in Europe, 33% said no. But that’s only a third. And the fact that they don’t want European-style legislation doesn’t mean they’re against data privacy laws entirely.
In fact, 44% of Republicans said the U.S. should create laws that fit American needs. Twenty-seven percent of Democrats surveyed said they feel the same way. The largest group (44%) of Americans said the federal government should be in charge of data privacy. About a third (32%) said the states should be in charge of data privacy regulations.
Broader data security requirements take hold at the state level
Many states are answering the call. Thirty-one U.S. states have established laws regulating the secure destruction or disposal of personal information, with at least a dozen states imposing broader data security requirements.
California is a pioneer on this front. Legislators there have passed the California Consumer Privacy Act (CCPA), which takes effect January 2020.
While this major initiative is only months away, there is a great need for education both nationally and within California, as about half (49%) of Americans nationwide admitted they don’t know what CCPA is, based on nCipher’s study.
Even among those who have heard of CCPA, there is a lot of confusion. Only 12% correctly said CCPA makes nationwide organizations protect California residents’ personal data.
Within California, the results look somewhat better. Forty-nine percent of Californians chose CCPA’s correct definition, although 42% of Californians admitted they don’t know what CCPA is.
Cindy Provin, chief executive officer at nCipher Security says: “Government mandates such as GDPR and the CCPA, which are fundamentally designed to discourage the misuse of data, give consumers the reassurances they want. There’s an unprecedented awareness of the importance of data security, with business customers and consumers alike demanding trust, integrity and control when it comes to how companies manage their data.
“The best defense is a proactive one, and the right mix of data security tools and internal education provides a firm foundation. Encryption, digital signing and key generation are critical components of any data security strategy, as properly encrypted data is useless to hackers even if a breach does occur.”