Home » Future of Work » How Poor Data Security Hurts Consumer Privacy
Future of Work

How Poor Data Security Hurts Consumer Privacy

Collective data security practices are necessary to meet consumer expectations of privacy and business obligations for protecting customer data.


Henry Bagdasarian

Founder and President, Identity Management Institute; Author, “Identity Diet

With the rise of data security breaches, there is a growing concern that consumers are not adequately protected from privacy violations and identity theft. Privacy is a rapidly growing area of concern for consumers and businesses who are increasingly aware of data security risks, including disclosure and abuse of personal information in an expanding digital world. 

There are many data security challenges facing consumers and businesses. Consumers continue to wittingly share personal information on social media without much concern for privacy, while expecting businesses that collect their information to protect their personal data and privacy. 

On the other hand, organizations must balance data collection with security spending and compliance efforts to meet their business obligations and regulatory requirements. Often, information protection is an afterthought when decisions are made regarding data creation, collection, sharing, and storage. 

Consequences of poor data security

The consequences of poor data security practices include identity theft and fraud which can impact consumers’ credit worthiness, time spent on fraud resolution, stolen account balances, and locked accounts. For businesses, the consequences can include lawsuits, fines and penalties, lost productivity due to investigations, loss of revenue, reduced customer loyalty, and reputational damage.

Security practices for consumers

While consumers increasingly work remotely and interact online, they must take precautions to protect their personal information and files. They must share the minimum necessary amount of information for conducting business and while socializing online. They must take advantage of password management tools and multi-factor authentication whenever possible, properly configure device settings, and install security software to protect their mobile and internet-connected devices, which are also under constant attacks from outside their homes.    

Security practices for organizations

To avoid data breach incidents, organizations must establish data security policies and budgets, deploy the right technologies and technical resources, manage outsourcing vendors, and collect the minimum amount of data needed to conduct their business.

Government’s role

Governments are responsible for protecting consumers and guiding companies by providing a legal framework to ensure they are doing their part. As regulators around the world have taken an interest in privacy issues due to the rising data security threats and consequences of poor data protection practices, they have introduced many redundant and overlapping data security and privacy laws that organizations must comply with to protect customer data.


One of the major risks arising from poor data security management is the loss of privacy for consumers who use various online services, mobile devices, and internet-connected appliances. Consumers of these digital services, such as social media platforms, are often unaware of the risks and consequences of their actions while excessively sharing personal data and lacking the knowledge about data security practices to protect themselves from identity theft, fraud, and disclosure of private information. Adequate computer or device security and password management must be on the top of the data security list.

Businesses also accept a great deal of responsibility when they collect consumer information as part of their business processes. There are several ways companies can collect, store, and share customer information responsibly to avoid creating unnecessary privacy concerns for their customers. They must avoid excessive collection of data that does not serve the business, allocate appropriate data security budget and resources, and be aware of the regulatory requirements.

It’s in the best interest of both consumers and corporations to have adequate data security awareness and controls that protect personal information from unintended disclosure. By implementing balanced and measurable data security practices, companies can ensure they meet customer expectations of privacy and regulatory compliance.

Also, enforcement of data security regulations by various government authorities is important if we want to preserve privacy. A strict regulatory oversight and enforcement will align consumer expectations of privacy with a corporate data security governance and ethical business practice that protect consumers and businesses.

Internet users must make good choices when interacting online if they expect privacy, and businesses must take data security seriously to protect their business and customers. Data security is a shared responsibility between consumers, device manufacturers, regulators, and businesses.

Next article