Personal data is literally everywhere. People routinely submit personal information to organizations of all kinds, often without questioning or understanding why or how it will be used – or the unknown third parties it will be shared with.
We’ve all scrolled to the end of a vague End User License Agreement (EULA) and clicked ‘Agree’, without really knowing what will happen to our data. By making service conditional on doing this, many organizations effectively force users to take the risk that their data could end up in the wrong hands. Unfortunately, it often does.
While the majority of organizations do their best to protect the data they gather, it’s often done without any real sense of purpose beyond vacuuming up information that ‘might come in handy.’
With the best will in the world, a lack of established processes, combined with limited awareness of the accompanying risks and responsibilities, often means data is collected and stored without any security precautions. Worse still, it’s often shared with (or sold) to third parties without implementing any data protection agreement – or the data subject’s knowledge or explicit consent.