By Thomas F. Kelly
January 31, 2019 at 5:00 am ET
2018 was, in many ways, a tough one for social media companies facing the court of public opinion. Facebook took the most heat, thanks to its massive September data breach and the Zuckerberg hearings that dominated the news cycle. But the online question-and-answer platform Quora was also hacked, at the beginning of December, with 100 million accounts exposed. And Google shut down its Google+ service after news got out that the company had exposed nearly 500 million users’ data – and then failed to let users know about the breach.
Data theft and data privacy gained renewed attention as new laws, such as the EU’s General Data Protection Regulation, endeavored to limit the data harvesting and protect the privacy rights of users.
2019 will be an important and possibly challenging year for social media companies, as Americans seriously consider how these platforms might affect their identities, privacy and even finances. Here are my predictions for what the next year will look like – for these companies, for their users and for the nation:
Identity theft will explode
Identity theft will continue to grow rapidly in 2019. All of the data that was exposed over the past year is out there for the taking, and thieves will not hesitate to make the most of it. We believe identity theft will reach a new all-time high, costing millions to individuals and companies alike.
According to a recent study conducted by IBM and the Ponemon Institute, the United States lost more business due to data breaches than any other region across the globe. Each personal record that a company lost to a data breach costs, on average, between $141 and $148, and the average total cost to a company comes out at $3.86 million each. In 2019, these numbers will be even higher – which will in turn make consumers, if possible, even more fired up and ready to bring these companies to account.
Many people don’t realize that privacy breaches in social media lead directly to identity theft. Bad actors are using social media for phishing and malware attacks, rather than more conventional means, like email, because while people are on the lookout for email hackers, they aren’t as aware of threats in the social media environment. Social media phishing jumped 500 percent during 2016 alone, and according to an FBI bulletin, phishing scams cost U.S. victims approximately $500 million dollars a year.
Consumers will demand accountability
Don’t get me wrong: I don’t think social media companies are an inherent evil – and neither do most Americans. According to data from Pew Research Center, almost three-quarters of Americans say tech companies’ products and services have been more bad than good, and almost two-thirds say they’ve been a net improvement on society as a whole.
And it makes sense: Social media companies play a critical role in our economy, enabling companies to reach the consumers who will benefit from their products and empowering workers to find new opportunities. What’s more, they shape not only how we do business, but the way we make our most personal choices and how we build our lives.
But the flimsy privacy protections that they’ve been permitted to use for years now are simply not enough. Consumers have the right to know the data companies have about them and how it’s being used. In the coming year, we think that consumers will start to demand these rights – and we predict they will be heard.
Federal and industry leaders will work toward a standard privacy framework.
Democrats have retaken the House, and some sources say that they will prioritize data privacy laws. Additionally, California’s Consumer Privacy Act will go into effect, forcing any company – no matter what state it operates out of – to adhere to rigorous privacy standards when handling the data of a California resident. The time is ripe for legislative action, and we anticipate steps being taken to create a comprehensive framework for privacy law that will standardize digital commerce across all 50 states.
What’s more, though it is not our prediction, it is our hope that data security experts will play a role in shaping the conversation on social media and privacy. Consumers need advocates who understand how these tech platforms operate and can identify concrete ways to strengthen their privacy and security. By forming an industry group and determining key principles to guide privacy law, data experts can help craft a solution that protects users’ personal information and preserves the benefits of these platforms.
We also hope that consumers themselves will begin to take steps to defend their own privacy. Legislative action is important, but it takes time – time that thieves are more than willing to exploit. Increasingly, innovators and legislators are recognizing that breaches aren’t a matter of “if,” but rather a matter of “when.” It’s time for consumers to recognize this as well. By working to improve your digital hygiene, you can rest in the knowledge that, even should a thief get a hold of your identity, you’ve got a plan to get it back.
Thomas F. Kelly is president and CEO of ID Experts, a Portland, Oregon-based provider of data breach and identity protection services, such as MyIDCare.
Morning Consult welcomes op-ed submissions on policy, politics and business strategy in our coverage areas. Updated submission guidelines can be found here.