Data and privacy: Exploring the pros and cons of doing business in a digital world
IN BRIEF
- Ticketmaster sold more than 620 million tickets in 35 countries last year. Its recent data breach impacted some 560 million people worldwide — 6.25% of the world’s population.
- A Pew Research Center survey of U.S. adults found 81% were concerned about the data companies collect about them and 71% are concerned about the data the government collects about them.
- The challenges are complex: AI and other emerging technologies will impact data security and privacy in ways we’re not entirely sure of just yet; and shifting state, national and global regulation complicate compliance policy and governance.
These days, data breaches happen so often that they feel like they are just the cost of doing business in a digital world. The worst ones involve credit card payment data, which could result in fraudulent charges to your account. Caught early enough, this will not impact your credit rating, and your bank will issue you a new card number. Because this happens with such regularity, I keep a list of web sites and passwords handy so that I can easily change all my credit card automatic payment info
In July, I received a letter saying that Ticketmaster, more specifically its parent company Live Nation Entertainment, had suffered a breach and my personal data had been compromised. Ticketmaster, which sold more than 620 million tickets in 35 countries in 2023, sent that same letter to some 560 million members (6.25% of the Earth’s population). Maybe you got one, too.
Exposing the personal data of half a billion people to malicious hackers is astounding news, but my first reaction wasn’t “wow” but “meh.” I’ve been breached before and I will, undoubtedly, be breached again, so I initiated the routine damage control sequence.
The latest, but not the worst
The Ticketmaster breach is just the latest, and not nearly the worst. That distinction belongs to CAM4, which exposed more than 10 billion records in 2020; Yahoo in 2017 with 3 billion ; and Aadhaar and Alibaba, which exposed more than a billion users each in 2018 and 2022. And household names like LinkedIn (2021) and Facebook (2019) have also had bigger breaches.
Thankfully, Ticketmaster says more crucial information—such as U.S. social security numbers, which are required for users who want to sell their tickets on the site, were not compromised, but phone numbers, e-mail addresses, home addresses and encrypted credit card payment data was—a hacker’s paradise. (Ticketmaster did offer free credit and identity report monitoring, which I gladly accepted.)
Thankfully, nothing bad has come of it for me… at least not yet. But who knows who has access to my personal data on the dark web? And what can I—and 560 million others—do about it? The truth is, absolutely nothing.
And, perhaps foolishly, I have resold tickets on Ticketmaster, so my social security number is currently sitting in a Ticketmaster database—secured for now. Should I be worried? My bank has it. My tax software has it. And probably a few other for-profit businesses I’ve forgotten about have it too. It’s funny how we rationalize where danger to our privacy and most sensitive data lies and where it doesn’t. And how nonchalant we’ve become about the possibility, or probability, of it being exposed.
Big data means big worries
It’s been five years since Forbes declared data privacy would be the biggest issue facing businesses and consumers over the next decade. That was in 2019, before the pandemic accelerated our mass digitization. In many ways, that prediction has come to fruition. Fast forward to more recent Forbes findings that indicate 86% of Americans are more concerned about their privacy and data security than the state of the U.S. economy, and two-thirds either don't know or are misinformed about how their data is being used, and who has access to it.
86%
of Americans are more concerned about their privacy and data security than the state of the U.S. economy, and two-thirds either don't know or are misinformed about how their data is being used, and who has access to it.
- Forbes 2024 Global Threat Report
A Pew Research Center survey of U.S. adults found 81% were concerned about the data companies collect about them and 71% are concerned about the data the government collects about them. Globally, the numbers are similar: A 2023 IAPP survey found 68% of respondents say they are very concerned about their privacy online.
Meanwhile, in Protiviti’s Executive Perspectives on Top Risks 2024 and 2034 survey, cyber threats are increasingly on the minds of global executives, moving from the 15th ranked risk in 2023 all the way to the third ranked risk for 2024. And when we asked them to identify risks a decade from now, cyber threats climbed to the top as the biggest risk anticipated in 2034.
The challenges are complex: AI and other emerging technologies will impact data security and privacy in ways we’re not entirely sure of just yet; and shifting state, national and global regulation complicate data policy and governance. Executives are aware of the problems, and probably many of the solutions, but implementing them in a measured way in an ever-evolving digital data and privacy landscape is incredibly difficult.
Exploring the future of privacy
That’s why VISION by Protiviti is embarking on a months-long journey to explore the future of privacy. Organizations are experiencing unprecedented change, and the regulations that govern how personal information from consumers and clients is collected, used, stored and archived are evolving.
In addition, the roles of the chief privacy officer (CPO), as well as the chief information security officer (CISO) and chief technology officer (CTO), are evolving day by day to match the external pressures of maintaining data privacy. Too many data breaches also have eroded customer trust, and consumers—undoubtedly growing tired of the “we regret to inform you…” letters—are demanding more say in the management of their data.
To take a 360-view of the topic, VISION by Protiviti’s Future of Privacy content includes interviews with experts and leaders in the data privacy and protection space, including:
-
Jules Polonetsky, CEO of the Future of Privacy Forum, speaking with Protiviti’s Tom Moore about navigating the road ahead, the AI opportunities that will emerge and why we absolutely cannot get this wrong
-
Sarah Armstrong-Smith, Microsoft’s Chief Security Advisor for EMEA, sitting down with Protiviti’s Roland Carandang to discuss what steps business leaders should be taking to build out a strategic data security plan
-
The Economist’s Dexter Thillien discussing how privacy is in peril in the digital economy, and ways the private sector will play a significant role in the future of data privacy
-
Sue Bergamo, executive advisor, author and former CISO highlighting what boards are getting wrong about data protection and privacy
-
Mauro Guillén, futurist and vice dean of the Wharton School at University of Pennsylvania, writing about the effect of AI on the availability and use of personal data
-
Protiviti’s senior managing director Tom Moore’s take on the evolving role of the chief privacy officer and its uncertain future.
In addition, VISION by Protiviti will be publishing its own research on the topic in collaboration with the University of Oxford. Look for our Global Executive Outlook on the Future of Privacy, 2030 at the end of October. We’ll be taking a closer look at the survey findings in a Protiviti webinar on November 5, 2024. And VISION by Protiviti will be hosting two privacy-focused live events in New York in mid-November. Stay tuned for details.
And while I’m in New York, maybe I’ll take in a Broadway show or a concert. And yes, I will probably buy those tickets through Ticketmaster.
81%
of U.S. adults are concerned about the data companies collect about them and 71% are concerned about the data the government collects about them.
- Pew Research Center Survey