Author: Sixian Lyu
Privacy in the digital age
Smartphones, artificial intelligence, and social media… our lives are increasingly surrounded by technology. The data storage function of mobile phones, like iCloud, brings us a lot of convenience. When we replace the phone, the required data will be automatically imported to the new phone. The rapid development of Internet and mobile communication technologies has brought great convenience, but it also raises concerns about the security and privacy protection of personal data. In this context, the AT&T data breach further highlights the serious challenges facing the protection of personal data and privacy in the digital age.
Figure 1: AT&T faces lawsuits over data breach affecting 73 million customers
AT&T is one of the largest telecommunications carriers in the United States, with hundreds of millions of users worldwide. However, on April 3rd, 2024, the news “AT&T faces lawsuits over data breach affecting 73 million customers” got the public attention. The news raised privacy concerns and questions about AT&T’s data security practices. The compromised user information includes, but is not limited to full name, email address, home address, phone number, social security number, date of birth, AT&T account number, and password. Even a large telecom company like AT&T cannot completely prevent data breaches, which undermines citizens’ rights and makes us rethink the role and importance of digital policy in protecting customer data and privacy. Digital policies play a vital role in protecting user data and privacy.
Digital Policy and Data Privacy Security
The advent of the digital age brings new challenges to data privacy protection. In the digital age, the acquisition, transmission, and processing of personal data have become extremely frequent and complex. When we send information or use the internet to search for things, we are exposing data. So it is necessary to formulate corresponding digital policies to protect users’ privacy and data security. Digital policies play a crucial role in protecting user data and privacy. The digital policy provides the legal framework and guiding principles for data privacy protection. When users use software or participate in a project, they need to license and agree to a long term of agreement, the majority of users will not read it carefully. People are forced to consent to use the device or service. This limits users’ digital rights to a certain extent.
Figure 2: Electron Devices are Controlled by The Web
This behavior is tantamount to authorizing the user’s personal data information to the operator. In general, terms of service give operators a lot of power. Especially for large enterprise platforms like AT&T, these terms of Service are written in a way designed to protect their business interests. According to the reading, it said that “the terms of service are designed to give the company absolute discretion, thereby protecting the legitimate rights and interests of the company” (Suzor, Nicolas P. 2019. P11) When users are forced to agree to a treaty, they do not know whether its provisions will benefit them and whether their digital privacy will be affected. Therefore, the protection of users’ data privacy requires relevant government regulations, such as the EU’s General Data Protection Regulation (GDPR) and the US’s California Consumer Privacy Act. Both regulations make an important point in common, which is that companies are required to provide transparent data handling policies and establish standard data security measures. (Rosenblat, A., & Nagle, R. 2020) These laws require companies to comply with strict data processing rules, including informing users of the purpose of data use, obtaining user consent, and limiting data collection and storage. However, the AT&T data leak shows that AT&T did not comply with the regulations. Hackers broke into AT&T as early as 2021 and tried to sell the data, but AT&T didn’t admit until 2024 that the exposed data belonged to 7.6 million current AT&T account users and about 65.4 million former account users. (Bill Toulas, 2024) AT&T did not comply with state regulations to inform customers promptly. Since they have the right to know. The leakage of delayed messages and information data may have many effects on the user.
The Impact of AT&T Data Leakage
Data Privacy is an issue of great concern to the public. Many people keep a neutral attitude toward databases. In one survey, most people opposed allowing phone companies and Internet service providers to keep metadata about phone and web usage. 79% of respondents think keeping telephone information is an invasion of privacy behavior. (Goggin, G. 2017.P21) As a worldwide telecom company, AT&T’s data breach has attracted wide attention and highlighted the challenges and shortcomings faced by enterprises in data security. Despite AT&T’s vast resources and advanced technology, the data breach revealed the reality that even powerful enterprises cannot fully protect against data security threats. This makes the public wonder whether we can no longer use smartphones, and whether no matter how powerful the company and technology will affect our privacy rights and interests. According to the report, part of the AT&T customer data was leaked in an unauthorized access. This data includes customers’ personal information, correspondence records and other sensitive information. This incident has caused widespread concern and dissatisfaction among users, because their personal privacy has been seriously violated. The impact of this is unpredictable.
First, the disclosure of users’ personal information may lead to their information being stolen. Hackers can use the leaked personal information to impersonate users for fraudulent activities, opening fake accounts or applying for loans. Most users are middle class or lower income level. If this happens, they will be saddled with huge debts. Who will be responsible for this loss? Hackers may also be able to access users’ accounts to defraud their family and friends, inducing them to provide sensitive personal information such as account passwords and bank numbers. Many families will transfer money because they are worried about their safety, or to help them get through a difficult time, but it was a hoax. These behaviors not only violate users’ privacy but also cause them economic losses and credit damage. In addition, hackers may sell users’ data to third parties. This can cause problems such as targeting advertisement recommendation, spam, and phone harassment.This not only affects the user’s personal life and experience, but may also cause psychological stress. Data breaches result in a loss of user trust. Users will question the existence of security holes in the data storage system, which will damage the reputation of the enterprise. It also leads to legal liability and massive compensation.
Corporate Responsibility and Data Security
Companies have important responsibilities and obligations to protect user data. In the foreword to the White House report, it states: “Privacy protections are critical to maintaining consumer trust in networked technologies.” (Nissenbaum, H. 2018. P836) In the digital age, users’ personal information has become increasingly easy to obtain and exploit, therefore, enterprises must strengthen internal data security measures. For the user data stored in the server or during transmission, enterprises should adopt strong encryption technology for encryption processing to prevent the data from being leaked and abused during transmission and storage. This way helps to ensure that user data is properly protected. Just like the AT&T information leak incident, the follow-up treatment given by the enterprise is to provide one year of free credit monitoring and identity theft protection services to the affected customers. What’s more, the access rights of the enterprise should be divided by level. It tries to limit the access of employees and other relevant people to user data, thereby ensuring that only authorized people can access the data. It is important that employees need to be trained in data security awareness to avoid data breaches caused by manual operations. In both two aspects, intelligent technology and human work, enterprises need to be tightly regulated to ensure the privacy of user data security.
Government Regulations and Suggestions
To ensure user data and privacy security, governments and regulation institutions play a vital role in strengthening the supervision and management of corporate data security. Government departments or regulatory agencies can regularly check and review the data security management of enterprises, and try to fix the existing problems. This also avoids the lag of information leakage and ensures that organizations are careful about managing their data security. Moreover, if a company has problems with data protection, a series of penalties such as fines can be imposed according to the degree of violation, to improve the supervision of digital data privacy. Also, many enterprises may not have experience in information regulation, thus causing problems. The government and relevant agencies can organize expert teams to guide enterprises in data security technology to help enterprises solve data security problems. The government plays a vital role in regulation of the digital data privacy.
Figure 3: Government Regulations on Digital Privacy
The government acts as a balance between businesses and users. The government can make more perfect and practical laws and policies to protect users’ digital privacy. At the same time, the government can also provide relevant legal advice and policy guidance to help both enterprises and users have a certain understanding and emphasis on regulations to protect the interests of both parties. The government should pay more attentions on data privacy and find more effective ways to foster the development of data security.
Conclusion
In modern society, personal information has become much more valuable, containing a user’s identity, financial information, and other sensitive data. Protecting personal information is the basic requirement to protect the rights and interests of users, but also the key to build user trust. When users feel that their privacy is respected and protected, they are more willing to share data with a company and use the company’s products and services. The AT&T data breach has caused people to reflect deeply on data security and personal privacy protection. This thing clearly shows that protecting user data and privacy has become an extremely important challenge and responsibility in the digital age. Digital policy, enterprise responsibility, and government regulation play a vital role in this. To maintain the security of user data and privacy, all parties need to work together and take effective actions.
No matter how big an organization or how technologically advanced it is, it needs to take data privacy seriously.Once data security is compromised, the enterprise will lose the trust of users. User trust is the foundation of business success. “Water can carry a boat, but it can also capsize it.”Therefore, enterprises must ensure the security and privacy of user data from both technical and personnel aspects. The government also plays a role in regulating behavior throughout the process, whether it is in the technical level, the legal system or the economic aspect.
All in all, protecting user data and privacy is a complex and important task, which requires the cooperation and joint efforts of government, enterprises and all sectors of society. Only ensuring that personal data and privacy are fully protected can promote the healthy development of digital society and the long-term interests of human society. In the future, we should further strengthen cooperation and work together to build a safe and trustworthy digital environment.
Reference List
DeVries, W. T. (2003). Protecting Privacy in the Digital Age. Berkeley Technology Law Journal, 18(1), 283–311. http://www.jstor.org/stable/24120519
European Union. (2016). General Data Protection Regulation (GDPR). Retrieved from https://eur-lex.europa.eu/eli/reg/2016/679/oj
Goggin, G., Vromen, A., Weatherall, K., Martin, F., Webb, A., Sunman, L., Bailo, F. (2017) Executive Summary and Digital Rights: What are they and why do they matter now? In Digital Rights in Australia. Sydney: University of Sydney. https://ses.library.usyd.edu.au/handle/2123/17587
Nissenbaum, H. (2018). Respecting context to protect privacy: Why meaning matters. Science and Engineering Ethics, 24(3), 831-852
Rosenblat, A., & Nagle, R. (2020). The dilemmas of privacy regulation: A study of the California Consumer Privacy Act. Berkeley Technology Law Journal, 35(2), 285-338
Sarathy, R., Robertson, C.J. Strategic and Ethical Considerations in Managing Digital Privacy. Journal of Business Ethics 46, 111–126 (2003). https://doi.org/10.1023/A:1025001627419
Suzor, Nicolas P. 2019. ‘Who Makes the Rules?’. In Lawless: the secret rules that govern our lives. Cambridge, UK: Cambridge University Press. pp. 10-24
Be the first to comment