Information privacy could make a comeback in the modern, digital age with the help of global legislation and enterprise-level encryption.

Information privacy has reached the main stage in the United States—and the world over.

In light of the European Union’s General Data Protection Regulation (GDPR), the biggest set of digital information privacy laws to ever take effect, Facebook is asking users to review privacy policies and settings. That’s some opportune timing as the new legislation begins only a couple months after Facebook’s Cambridge Analytica scandal, which revealed millions of user profiles were misused without consent.

The GDPR has finally hit mainstream meme status, too, because every tech company from Apple to Twitter to Venmo has inundated the email inboxes of users all over the world with “privacy policy” updates. These companies have a global reach, and they collect user data, so they must comply with the GDPR or face possible fines up to 20 million Euros or four percent of their annual revenue. Thanks to the new rules, companies must provide easy-to-understand privacy policies, free of legalese. Thus, all the policy update emails.

Meanwhile, citizens in California are working to increase privacy protections for its own people. Besides HIPAA and a few other industry-related laws, the U.S. has no universal information privacy protection like the GDPR for its consumers. If the California bill passes, it could cause other states to follow suit or potentially spark ramifications at the federal level.

Obviously, digital information privacy is on everyone’s minds at this point in history, and it will likely occupy our anxieties for some time to come. Information on the cloud will continue to grow at a rapid pace, as our photos, health information from wearables (and hospitals), social media, and personal files are collected via data-driven products and services.

However, as our data is gathered, our confidence in the institutions and companies doing the gathering wanes. According to a 2016 poll, before the worst year for data breaches on record, roughly half of Americans feel their personal information is less secure than it was over a decade ago, and around 28 percent of Americans are not the least bit confident their personal data can be kept safe.

What can companies do to reinstall confidence that enterprise companies are capable of digital information privacy?

Adhering to the GDPR, which just took full effect, is a good start. The GDPR attempts to answer information privacy concerns by requiring companies to specify what collected data is going to be used for. It also asks companies to allow users to consent to the data collection, and to let users see exactly what kind of data is being collected, who it’s going to be shared with or sold to. At any time, users can request to have that data deleted.

GDPR also requires companies to protect that data. Thanks to the huge amounts of personally identifiable information gathered every day, it has become nearly impossible to remain private in the digital age. At the very least, users and employees of enterprise companies can remain unidentified thanks to strict personal data protection, which should include encryption solutions.

One such solution, eperi Gateway, offers pseudonymization, a powerful form of encryption that renders sensitive information unreadable, even if it’s leaked. The only way to read that data is with a set of encryption keys, which eperi Gateway ensures are always in the controller’s hands.

Does information privacy exist in the modern age? Not quite. So long as governments and organizations collect phone and hospital records, social media profiles, credit card histories, and more of our personal data our privacy will continue to erode away. But enterprise companies can commit, through encryption, consent, and transparency, to make our digital world better and safer for everyone. 

Further reading:

Data Protection by Pseudonymization