GDPR went into effect in the European Union a year ago last month. The regulation, which gives EU citizens more control over their personal data by mandating how businesses must handle that information, has attracted great interest around the world. As U.S. brands and businesses are aware, government officials around the world have developed similar laws addressing consumer data privacy concerns.
In recognition of GDPR’s first anniversary, business information and applications protection firm nCipher Security conducted a survey to gauge American awareness of and sentiment about data privacy and security laws and issues.
The results illustrate that data privacy has become a hot-button issue, pointing to a healthy distrust among Americans about data sharing—and offering a look at how Americans view data privacy responsibility and what they know about data protection regulations.
Many Americans indicate data protection is key to their survival
The survey data indicates that protecting personal information has become of paramount importance for many Americans. More than half (52 percent) said data privacy is important to them, with 41 percent in fact saying protecting their personal information is their top concern.
Meanwhile, 32 percent said safeguarding their personal data is as important to them as their own physical protection, and six percent said only protecting their family is more important than protecting their personal data.
People distrust how companies handle their data
There’s a healthy amount of distrust among Americans today about how organizations are using their personal information—64 percent said they don’t feel organizations are completely transparent with how they use their customers’ personal data. Almost half (49 percent) said they don’t trust companies to keep their private data secure—which may explain why 44 percent said they don’t want to share their personal data under any circumstances.
The research also revealed that:
- Only 4 percent of the respondents trust organizations to do what they say they’ll do when it comes to not sharing their personal data
- 28 percent said nothing makes them trust that their personal data will not be shared
- 61 percent of Americans are not OK with some organizations sharing their private data
More urgently, nearly half of Americans have no idea what GDPR is about
Although personal data protection is clearly important to many Americans, 41 percent were unable to discern what GDPR stands for, even when provided with General Data Protection Regulation as one of the answers. That’s despite the fact that GDPR—which is widely considered a step in the right direction in the battle to prevent data misuse—has been in the news recently, with French regulators’ move to fine Google $57 million for GDPR non-compliance grabbing headlines.
Many look to the government to address personal data privacy
When asked whether the U.S. should adopt personal data privacy laws similar to those in Europe, 33 percent said no. But that’s only a third—and the fact that they don’t want European-style legislation doesn’t mean they’re against data privacy laws entirely.
In fact, 44 percent of Republicans said the U.S. should create laws that fit American needs. Twenty-seven percent of Democrats surveyed said they feel the same way. The largest group (44 percent) of Americans said the federal government should be in charge of data privacy. About a third (32 percent) said the states should be in charge of data privacy regulations.
Broader data security requirements take hold at the state level
Many states are answering the call. Thirty-one U.S. states have established laws regulating the secure destruction or disposal of personal information, with at least a dozen states imposing broader data security requirements.
California is a pioneer on this front. Legislators there have passed the California Consumer Privacy Act (CCPA), which takes effect January 2020. While this major initiative is only months away, there is a great need for education both nationally and within California, as about half (49 percent) of Americans nationwide admitted they don’t know what CCPA is, based on nCipher’s study. Even among those who have heard of CCPA, there is a lot of confusion—only 12 percent correctly said CCPA makes nationwide organizations protect California residents’ personal data.
Within California, the results look somewhat better. Forty-nine percent of Californians chose CCPA’s correct definition, although 42 percent of Californians admitted they don’t know what CCPA is.
“Government mandates such as GDPR and the CCPA, which are fundamentally designed to discourage the misuse of data, give consumers the reassurances they want,” said Cindy Provin, chief executive officer at nCipher Security, in a news release. “There’s an unprecedented awareness of the importance of data security, with business customers and consumers alike demanding trust, integrity and control when it comes to how companies manage their data. The best defense is a proactive one, and the right mix of data security tools and internal education provides a firm foundation. Encryption, digital signing and key generation are critical components of any data security strategy, as properly encrypted data is useless to hackers even if a breach does occur.”