In our internet-based society, it is nearly impossible to go through daily life without engaging with technology in some form. “Digital exhaust” is how some refer to the byproduct of online activity. Specifically, it refers to all the data collected by various parties as a result of one’s online activities. Advances in technology, both in the public and private sectors, make it continually easier to collect, store and analyze consumer data for various purposes; some innocuous, while others can be harmful. In order to realize the full potential of the internet in our everyday lives, consumers must feel comfortable going online without fear of exploitation. To this end, companies and public entities must act proactively and responsibly to protect consumer data.

How is consumer privacy being compromised?

Understanding the threats to consumer privacy is the first step in coming up with a comprehensive solution to the problem. Once consumers better understand the many ways in which their data is vulnerable online, they can begin to take action to protect their personal data and online identity. Moreover, understanding the threats to consumer privacy highlights the steps that private and public sector entities can take to better inform and protect consumers, and ensure a safe and rewarding online experience. It is useful to think of two types of threats to consumer privacy online: (1) a lack of consumer control over the collection and use of personal data; and (2) unauthorized and unintended disclosures of personal data (“data breaches”).

Lack of Consumer Control. Data collectors of all types, including online retailers, social media sites, and others, are able to gather and track personal information, especially demographic information, across internet browsers and devices. In many cases, consumers — knowingly or unknowingly — provide their personal data in exchange for a service being offered (e.g., email, access to a news article, social media, etc.). With few, if any, structured guidelines or regulatory framework in place to protect consumers, that personal data can be used (in individual or aggregated form) by these online entities, or sold to data brokers and undisclosed third parties, for a wide variety of uses largely, if not completely, unintended on the part of the consumer who is unwittingly giving up their personal data. These uses range from geo- and demographic-targeted advertising, behavioral analytics, and as a way to influence political outcomes. Even seemingly innocuous online activities can be used to learn about and possibly manipulate the behavior of consumers.  Simply put, consumers have lost control over how their personal data is being used by online companies that they interact with every day.

Data Breaches. Privacy vulnerabilities do not stop at the collection and use of personal data.  Once collected, personal data needs to be kept secure. Unfortunately, data breaches are becoming commonplace. Despite making headlines in recent news, many people living in the U.S. do not fully understand how data breaches happen and the full extent of the danger. A data breach, like the recent breach at Capital One bank, occurs when an unauthorized individual gains access to customer records and personal data being held by an entity authorized to hold that information. Unfortunately, in the hands of a criminal, customer records and personal data can be used for a wide-range of conduct harmful to consumers — e.g., opening of unauthorized credit cards, fraudulent loans, unauthorized online purchases and other forms of fraud and identity theft.  Recent high-profile data breaches include:

• Capital One data breach
• Equifax data breach
• Facebook data breach

What can consumers do to protect themselves when going online?

Protecting one’s identity online starts with the individual consumer. While the internet provides immense opportunity, going online also has certain pitfalls and challenges that put users and their personal data at significant risk of harm.

Below are some steps that can be taken by consumers to protect their information when going online. Unfortunately, many of these steps require time, effort, and/or money on the part of the consumer, which results in many consumers choosing to not take the necessary steps to protect themselves and their personal data. This is a problem that ALLvanza wants to help solve. The suggestions below are simple solutions that can lead to a safer online experience for consumers.

• Install (and continually update!) anti-virus software on all internet-enabled devices
• Monitor bank and credit card accounts daily or weekly
• Enroll in a credit monitoring service to ensure no new fraudulent accounts are opened
• Do not click on email links or attachments from unrecognized senders
• Avoid clicking on pop-up windows and turn on pop-up blockers available within internet browsers
• Use a Virtual Private Network, if possible
• Do not save financial information on shopping or bill payment sites
• Configure browsers to delete cookies
• Periodically clear browser’s cache and history
• Beware of social media “overshare”
• Create unique, strong passwords and change them often

Another action a consumer can take is to contact the company in question as soon as a data breach occurs and use the resources that are provided (either by the company or a government agency) after a breach. Many times, during these situations, organizations provide tools and resources to protect consumer information, including free credit monitoring, information about specifics of the breach, and other services. It is wise to leverage these services, many times offered for free, to help prevent or mitigate identity theft.

What Can Companies do to Protect Data?

To protect consumer data and adequately inform consumers, companies should make sure that their data and privacy policies are transparent, consistent, comprehensive, understandable and accessible for all users. Without policies that are transparent and that clearly express how a company collects and uses a consumer’s personal data, consumers will not understand the true terms of the “bargain” they are making when they use a company’s products or services. Rather, consumers will be at the mercy of companies, which may not have the consumer’s best interests in mind. If consumers are afraid to use online medical resources, it could impact their health. If they are afraid to use LinkedIn, it could impact their professional prospects. If they are afraid to use an online college application, it could prevent a person from applying to college (or at least make it more difficult to meet the application deadline). Using these internet resources helps enhance our lives in countless ways and it is crucial that companies do their part to ensure that consumers are protected and have a sense of comfort with how their information is being used by online entities.

What can Congress do to protect consumers?

While there are steps that consumers and the private sector should take to ensure that consumer data is adequately protected, it is becoming increasingly clear that a baseline set of rules are needed to protect consumers online. Regardless of where they live and which company a consumer engages with online, consumers should have confidence that their personal data will be protected. Without the right guardrails, users will continue to fall victim to scams and other online threats.

While there is considerable debate over the details of what a new privacy law should entail, ALLvanza believes that the principles of uniformity, parity and security should inform any new privacy law. First, we firmly believe that any law governing privacy and data protections should be applied fairly and evenly to all players in the internet ecosystem. Whether a consumer is dealing with a website, a data broker or an Internet Service Provider (ISP), the same privacy and data protections should apply. This helps to minimize consumer confusion, maximize consumer confidence, and it creates a level-playing field for online companies. Second, a new privacy law should be enacted at the federal level, not the states. Consumers should not have to guess which privacy law and protections apply depending upon which state they happen to live, visit or work or where the company is based. A federal privacy law would bring much needed uniformity and consistency to the protection of consumer data online. Third, a federal privacy law should place enforcement authority (and adequate resources) in a single federal agency, such as the Federal Trade Commission (FTC). Concentrating enforcement authority into a single federal agency will allow for consistency in application of the privacy law, which will benefit consumers. Finally, companies should have an obligation to keep consumer’s personal data secure. While laws need not dictate the precise technical methods to be employed, companies entrusted with personal data should be required to maintain a baseline level of security to ensure that personal information is adequately protected and data breaches are avoided.

It is important that Congress work together now to pass permanent, comprehensive, pro-consumer internet protection legislation. Technology has had, and will continue to have, an impact on privacy and Congress must ensure that policies governing privacy and online safety are developed in a way that comprehensively protect all adopters. ALLvanza urges Congress to move quickly on this key issue and stands ready to work with Congress and provide advice and guidance on how to establish a fair and comprehensive legislative response to this issue in a way that has the greatest positive impact on underserved communities and all internet users.

We are at a pivotal point where the future of the Internet, and the ability of future generations to take advantage of the full benefits of the Internet without the risk of exploitation, hangs in the balance. With this in mind, it is crucial not only that Congress act, but act responsibly and in a bipartisan way, to ensure the best possible solution is reached.