EncryptionBeyond Encryption: Protecting Privacy While Keeping Survey Results Accurate
Consumer data is continuously being collected by various organizations, including local governments, marketing agencies and social media companies. These organizations assure anonymity and confidentiality when collecting this data, however, existing data privacy laws don’t guarantee that data breaches won’t occur. Data privacy laws require encryption and, in some cases, transforming the original data to “protected data” before it’s released to external parties, but experts say this is inadequate.
It comes as no surprise that consumer data is continuously being collected by various organizations, including local governments, marketing agencies and social media companies. These organizations assure anonymity and confidentiality when collecting this data, however, existing data privacy laws don’t guarantee that data breaches won’t occur. According to a recent report, more than 2,000 confirmed data breaches occurred in 2019 alone, with 34 percent of those executed by internal actors such as employees. To add to that, city and state agencies collect sensitive data that they are required by law to share with the public — courtesy of Open Data movements and the Freedom of Information Act.
Data privacy laws require encryption and, in some cases, transforming the original data to “protected data” before it’s released to external parties. But for researchers like Matthew Schneider,an assistant professor of Decision Sciences and Management Information Systems at Drexel University’s LeBow College of Business, this isn’t adequate.
“Encryption definitely helps, but it does not prevent a data breach,” he said. “It’s similar to safeguarding your email password. An internal actor with access to the encryption key could easily cause a data breach. It’s more conservative from a risk perspective to assume that all data will eventually get out and should be transformed prior to sharing anywhere within the organization.”
In a recent paper published in the Journal of Marketing Analytics, Schneider and Dawn Iacobucci, of Vanderbilt University, proposed a new methodology that permanently alters survey datasets to protect consumers’ privacy —when data is shared— while still preserving a level of reasonable accuracy for these datasets.
Drexel says that according to the authors, survey data is often held within organizations and used for purposes beyond the original reason for collecting the data. “Databases and customer information have become a contemporary asset that makes one business attractive to another when forging alliances,” Schneider said. “Even firms with high standards of data security can find it challenging to protect the privacy of consumer data.”
Another less common, but all-too-real, threat, according to the authors, are cases where employees have illegally taken data from their former companies to a position with a new employer — for reasons ranging from gaining a favorable impression with the new company, to harming the old company, to even having to provide the data as a condition of the job offer.
