GDPR goes live this week, which is the first real salvo against corporate data creep (as in both expansion, and creepy). Companies these days tend to keep every bit of information that they can, because they might possibly need (or be able to exploit) it someday. Is it worth the risk?
A lot of companies make their money using and exploiting user data, with varying degrees of disclosure. One large social media company recently has been doing a lot of tapdancing around their business model, and the fact that the more privacy controls they provide their users, the less information they have to sell to their customers. They care about user privacy only to the extent that it jeopardizes people’s willingness to provide the data they need to sell their services. It’s a bit disingenuous to pretend otherwise.
But this is more insidious than overt, intentional data collection – many companies capture and retain data just because it’s there. Here’s one example:
You’ve done everything right. You’ve disabled the default password on your router. You’ve created a new SSID. You’ve set a good wifi passphrase. Then you discover your cable provider has captured that information and stored it on an insecure site. That happened this week: Comcast Bug Made it Shockingly Easy to Steal Wifi Passwords. My first question after reading it was why did Comcast even capture that information to begin with? Even if it was to make it easier for customers to configure their networks (doing it via a web portal rather than on the device), that’s no reason to retain the information, let alone put it on a publicly accessible server. That’s just sloppy and lazy.
More importantly it violates something I call the Principle of Least Data. Organizations should only collect information for current business, legal or regulatory purpose. They should only retain that information as long as required to complete those purposes and should actively dispose of data as soon as permitted. If it’s not there, it can’t be leaked or stolen.
GDPR changes the risk equation, which is why Facebook just moved all non-EU citizen profiles outside the zone. Many other organizations are doing something similar, and adopting two-tier policies for EU and non-EU data collection. Some are making life easy and just adopting it worldwide. But the truth is that we will see breaches and disclosures of GDPR subject information. That’s inevitable. The stakes are just much higher now. So the best defense is simply to get rid of the data you don’t need anymore (or never really needed it to begin with).
So when you launch a new project, make sure someone asks the question ‘why are we collecting it, and when do we get rid of it’. “Because we might need it someday” isn’t a valid option – keep the least data you need to do your business.
P.S. The story above is why I strongly recommend that people purchase their own cable modems and wifi-routers – and not use any of the hardware provided by an ISP. These should be two separate devices (not an all in one), as the carrier controls the modem, while you have full control over your network. Bonus: You’ll save a ton of money over the life of the device. Just make sure you change that default password and update the firmware on a regular basis!