As consumers catch on to the dangers, protection could become a major topic for legislative bodies.

Todd Moore, Vice President, Encryption Products, Thales

December 1, 2022

4 Min Read
Data privacy
Source: Egor Kotenko via Alamy Stock Photo

It's no longer a case of if but when a data breach will occur — and consumers are catching on. In the age of digital services, this is a critical development because it means the average US consumer is now demanding the power to make more informed decisions about the way their data is used, stored, and processed. And for US legislative bodies, it means data protection could soon be a major topic on the ballot.

According to the latest Thales Consumer Digital Trust Index, almost half (48%) of US consumers report being victims of a data breach — higher than their global counterparts, at 33%. The sheer volume of cyberattacks in the US has brought data security to the mainstream eye, and consumers are tuning into the legal fallout from breaches affecting millions, including T-Mobile's 2021 cyberattack and Drizly's 2020 hack. Now, they are starting to make more informed decisions about how they want their data handled going forward.

The Public Is Taking Data Security into Their Own Hands

Breaches and ransomware attacks have dominated headlines and news cycles, and one in 20 victims reported first hearing about a breach affecting them on the news. Eleven percent of those companies took up to six months to inform consumers about a data breach — a failure on the part of the companies in question.

This pattern of weak transparency has driven consumers to take security matters into their own hands, as they realize inaction is not an option. Just over a fifth have stopped using a company that suffered a data breach, with a large portion of those requesting the company delete their information altogether, while others are keeping a closer eye on their accounts for suspicious activity (21%).

These actions show that data security is a priority for consumers, and it's good practice for organizations to enable them to share this responsibility, in part. Allowing for extra security measures on digital accounts, such as two-factor authentication (2FA), gives consumers more of a sense of control over their information — and that peace of mind is a key element in building trust.

Paying a Fine Is Not Enough

As for what they expect from companies that fail to keep their data secure, financial compensation is a natural consequence. Of surveyed consumers, 53% believe companies should offer compensation to victims, but, when it comes to overseeing regulations, only 31% believe companies should receive large fines for breaches, meaning it is far from the biggest priority from a consumer perspective. What more consumers want is better data security measures — not big payouts.

However, the methods consumers believe should be used differ. More than half believe companies should be forced into mandatory data protection controls following a breach. This includes encryption and 2FA, which have long been favored options. And just under half believe companies should be subject to more stringent regulation — for example, being monitored for 12 to 14 months post-breach. Others believe companies should be required to employ more cyber specialists — but the reigning feeling is that regulatory oversight would be a major improvement.

We're Looking to the Future of US Data Privacy and Security

One possible contender for that oversight is the American Data Privacy and Protection Act (ADPPA). Similar to the European Union's General Data Protection Regulation (GDPR), which put in place necessary guidelines for European consumer data, ADPPA is a landmark US federal privacy proposal that could potentially meet sweeping demands for security and privacy. Proposed in July 2022, it could also face a number of barriers, including tension between federal and state privacy rights and blowback from tech giants.

While we wait to hear about the progression of this legislation, it is increasingly clear that if it does not become law in the near future, something will have to provide that modicum of oversight. To fully realize what kind of change will be effective, it is important to understand consumer perceptions around data security in the US, and for organizations to provide more visible safeguards in their digital services, in the meantime.

In a digital world, data privacy and security cannot take a backseat. With GDPR leading as example, there is not only a need for similar federal legislation in the US, but a calling for it from US consumers who are tired of finding out they are victim of another breach, leak, or attack. They are ready to take data protection seriously, and it is time we see some federal defenses put in place.

About the Author(s)

Todd Moore

Vice President, Encryption Products, Thales

Todd Moore is a respected cybersecurity professional, with over 28 years’ experience in helping organizations protect their most sensitive data. In his role as Vice President of Encryption Solutions, Todd drives strategy for the company’s data encryption portfolio – bringing together a set of well-known security brands (SafeNet, Vormetric, and Thales eSecurity) together, into a single data protection business line that addresses existing and new customer needs. Todd joined Thales through a series of acquisitions from his prior roles, predominantly product leadership positions for SafeNet and then Gemalto. He had already gained deep understanding of security challenges and technologies within the defense industry, having spent almost two decades with Harris Corporation. Todd has a proven track record of developing business cases and market analysis for new security products and delivering them to market. He routinely develops strategies for new product development and execution, as well as negotiating strategic relationships and alliances.  

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights