Privacy benchmarks: past trends, future opportunities and reasons for optimism 

Students in classroom with computer monitors

Jan. 28, 2019 will mark 28 years since the signing of Convention 108, the first legally-binding treaty to address data privacy and protection for individuals. The last 30 years have been a whirlwind of information security development and so much has already changed in less than a decade.

The three largest data breaches in history each took place over the last six years. The Yahoo data breach impacted three billion accounts in 2013,  and Marriot’s leak of 500 million customers’ personal information was just exposed in late 2018. In the first half of 2018 alone, an estimated 4.5 billion data records were exposed. In September Chegg, a leading textbook rental company, confirmed a data breach had affected 40 million customers.

The rapid speed of change in information security events, challenges and innovations necessitates a look at shorter-term data privacy benchmarks. What can privacy benchmarks in recent history teach us? Here are five key facts about past trends, future opportunities and reasons for optimism in data privacy protection:

  1. Humans still have a role to play in preventing data breaches, and we’re rising to the challenge! In 2014, 11 per cent of users targeted in a phishing campaign clicked the malicious link versus four per cent in 2017, according to the 2018 Verizon Data Breach Investigation Reports (DBIR).
  2. In data breaches affecting the higher education sector, variety is the one true constant. Phishing remained common over the last five years, but the scams are always changing and the attack types are becoming more varied and sophisticated.
  3. People are continuing to advocate for data privacy and seek to empower themselves as consumers. In a recent poll, 75 per cent of respondents said they are more concerned about cyber security than they were five years ago. A further 75 per cent said they would not purchase a product from a company that could not be trusted to protect their data. As public awareness is growing, so is action.
  4. In 2018, the General Data Protection Regulation (GDPR) gave individuals in the European Union (EU) unprecedented control over how their personal data is used and stored by organizations. Data privacy experts believe that GDPR will set a new global standard for data privacy regulation – a huge win for personal data!
  5. Education sector data privacy attacks are on the rise, but people and organizations are becoming more knowledgeable about information security practices. In 2014, Verizon noted 165 recorded security incidents in the education sector, while 2017 had 292. However, 39 per cent of the incidents resulted in confirmed data loss in 2014 compared to 34 per cent data loss in 2018 –that’s a decrease.

“By understanding the past in relation to the present we can better anticipate the future of data privacy,” says Chief Information Security Officer Isaac Straley at the University of Toronto. “While cyber security attacks are on the rise and growing in complexity, we’re also seeing a rise in informed individuals who are empowered to take control of their personal data as advocates and consumers. That’s a major step forward.”

Interested in learning more about how to take control of your personal data? Jan. 28 is Data Privacy Day — read related news and find out about special events taking place this month by visiting Security Matters.