One In Four People Would Be Willing To Buy Back Their Private Information From The Black Market

There’s an interesting paradox in this report. With the average respondent willing to pay close to $30,000 to recover their information, why aren’t they willing to invest a similar sum in protecting their information rather than assuming data collectors are actively protecting their personal information? This question goes far beyond just implementing better passwords, or using password management tools, but extends to asking hard questions to any organization with personal data. Key questions would be:

What data do you have on me?
What have you done to protect it?
Have you ever at any point in time transmitted it to a third party? If so, who were they and if something goes wrong are you going to protect me?
What is the process you have to detect when unauthorized access to my information occurs?
How do I go about ensuring you’ve deleted all my information if I decide I don’t want to be your customer anymore?
While it might seem unreasonable to ask these questions, in asking them you are signaling just how serious you take protecting your data. Interestingly enough, these are the very types of questions which form the basis for the GDPR concepts of “Right of Access”, “Right to be Informed” and “Right to be Forgotten”. At a high level, they boil down to a core principles of “you can’t secure what you don’t know you’ve collected” and “a data breach will only ever include data which is retained” which for the consumer means “you can’t monitor for privacy issues when you didn’t know a given company had your data”. The really interesting thing about these five questions is that while any answer received might be full of technical details, you’ve also signaled to the organization that you take protecting your personal information seriously. That in of itself could trigger improved security outcomes for everyone.