Recently, I started filling out paperwork for my 3-year-old and 5-year-old while in the process of opening up two 529 accounts for their future college education. To complete the process, I needed to provide a critical piece of information: my children’s social security numbers. When I first received their social security cards shortly after they were born, I physically locked the cards in a safe. This is where they have been ever since. In my mind, that data was (and still is) priceless and needs to be kept secured at all times.
At the mere thought of sharing my kids’ social security information with a third party, I started thinking about the consequence of a child’s personal identifier being breached. So, I stopped in my tracks. I stopped filling out the paperwork and returned the social security cards to the safe. The idea of potentially exposing their SSNs to a data breach felt far too risky for me and a far greater threat than not securing college tuition. Crazy? Maybe not.
This is the reality we now face. How much risk are we willing to take when it comes to our identities? Or how about the identifiers that reveal who we are? And perhaps even more importantly, are those identifiers still valid anymore? As adults, we can all be certain that our social security numbers can be found on the darknet. Identifiers include not just our social security numbers but potentially also biometric data: our fingerprints and even our facial features via facial recognition tools.
So, if our social security numbers have been breached, is it game over? It has now become near impossible to fully trust that any transaction made using our personal data is legitimate and not an act of fraud. We have lost our identities if any criminals can grab and use them for their own nefarious means.
The data breach landscape has reached too far and wide at this point to expect that our own data has never been breached. So what is the answer if our identities are no longer safe? Can biometrics be a way forward as an identifier that will prove that we are who we say we are before a transaction is completed on our behalf? As U.S. Office of Personnel Management breach victims can attest, biometrics clearly are not foolproof, either.
From a business perspective, organizations are struggling with the right solution to safeguard customer data. Regulations like the General Data Protection Regulation (GDPR) in Europe, which includes the ability for consumers to request the "right to be forgotten," are trying to force change at the business level. But companies, as they prepare for the regulation to take effect in May 2018, are currently not equipped to adequately respond to their customers' requests to be forgotten. Being able to see and understand where all personal data lives across all of their IT systems, either structured or unstructured ones, is a huge challenge for organizations at the moment. There is just too much data, and most companies do not have full visibility into where it all lives, let alone the ability to find and remove it should a consumer request it.