By Eva Velasquez, President & CEO of the Identity Theft Resource Center
When the ITRC released its data breach report for the most recent quarter with a year over year comparison that showed a decrease in the overall number of reported breaches I felt the internet breathe a collective sigh of relief.
Our followers, including the media, collaborators, and others actively engaged in monitoring data breach trends were asking us questions that demonstrated their deep desire to see a decline. Could this be it? Are we finally seeing and end to these dramatic year over year increases? I hate to be the bearer of bad news but the answer is a resounding no.
In fact, the data indicates the trend will continue and we will see an increase in the total number of data breaches at years end. How can we make this prediction this early in the year? It’s because we’ve been here before.
This is a complex issue, and the ITRC data breach report is the tool that we use to disseminate accurate information to the public. However there are many internal conversations, on daily basis within the ITRC regarding this ever changing issue.
The ITRC data breach reports capture information/disclosure on publicly reported breaches. In order to predict long term trends and outcomes, one must realize the numbers on the data breach report are dynamic. The unfortunate reality is that we are solely dependent upon the sources of truth, such as the various Attorneys General Offices, and the DHS to disseminate this information in order for us to aggregate it, categorize it, and source it before it’s placed in our data base and ultimately shared with the public. Not all entities that are the recipients of these data breach notices publicly disseminate them, or do so according to a set schedule. Translation: Throughout the year, ITRC will learn of data breaches that occurred much earlier, and those numbers will be added to our reports. Therefore the numbers released for the first quarter year to date, will not remain the same at the end of the year.
Not all incidents of data abuse are data breaches. We are creating enormous amounts of data on a daily basis, and as the value of that data continues to increase, so too will the desire for those with nefarious intent to gain access to that data.
The ITRC experts have continuous conversations regarding the definition and categorization of data breaches, and as such, we determine which compromises fall under our reporting methodology and subsequently become a part of the public data breach report. As the scope of breaches grows, and the amount of data available increases, the way that data is compromised and misused will also change. Not only do we need to accurately assess and report data breaches, we need to expand our definitions and categorization of these events. During these conversations we have acknowledged that people have a fundamental misunderstanding about their data. They are the subject and often the creators of that data, but not the owners of said data. Additionally, when they willingly grant a third party access to their data, they often do not review or fully comprehend the scope of the permissions they are providing.
Data breaches, and data abuses remain a significant societal challenge in need of solutions; solutions that require involvement of all stakeholders. While the industries that house, store, and share our data bear a tremendous amount of responsibility for safeguarding it, and providing transparent and clear disclosures about how they are using it, consumers have a personal responsibility for understanding what permissions they are granting when they actively create data. Too often we hear from consumers that feel powerless and helpless, or frankly, fatigued when it comes to their role in this discussion. Just as we should not allow industry to abdicate their responsibilities in providing solutions, we cannot suggest that consumers abdicate all responsibility either.
This problem is not coming to end, or slowing down, as some people would like to posit when they reviewed our most recent quarterly report. We have only just begun on this journey, we must all work together for appropriate, manageable solutions, and appropriate levels of shared stakeholder responsibilities.
About the Author: Eva Velasquez
Eva is the President/CEO of the Identity Theft Resource Center. She has a passion for consumer protection and educating the public about identity theft, privacy, scams and fraud, and other related issues and is recognized as a national expert on these topics.
CyberScout proudly provides financial support to the Identity Theft Resource Center.