The following column is the opinion and analysis of the writer.
Every week we read about a new data breach and it starts to feel like privacy doesn’t matter. But it should matter, not just to privacy attorneys like me, but to all of us, because it affects all of us.
Last month, Customs and Border Patrol disclosed that unidentified hackers stole license-plate images and identification photos collected from travelers. Experts caution the breach could extend to any other information collected at border checkpoints, too.
Last year, more than a billion people were affected by corporate data breaches, according to Fortune. The incidents affected people who stayed at Marriott hotels; flew British Airways; rode with Uber; used Twitter, Facebook, or Google+; tracked their fitness information with My Fitness Pal; or researched family history with MyHeritage.
The threat comes not only from information being leaked, but from what others can do with that information.
As an attorney, I’ve worked with clients whose private medical information was disclosed, which can lead to medical identity theft or fraud. Imagine being denied medications you need because someone already filled the prescription. I work with clients who were targets of stalking and abuse. Imagine someone accessing your home security cameras, setting up a tracking app to follow you, and reading your emails.
In the U.S., we think of and legislate privacy rights in specific areas like finance, health care, education, and employment. That leaves many industries to self-regulate. But it also means companies can be responsive to demands about how data is collected, by whom, and for what purpose.
Other countries with more comprehensive privacy laws can also hold international organizations accountable.
This week, the U.K. announced it intends to fine British Airways nearly $230 million for the 2018 breach that affected about 500,000 people and Marriott $124 million for the massive breach discovered last year.
Hopefully, the combination of consumer demand and others’ enforcement actions will eventually lead to fewer and less damaging data breaches.
In the meantime, there are things we can do to help protect ourselves.
My colleague and local forensic technology consultant, Brian Chase, offered some tips after someone tried to gain access to his bank account last summer.
• If you get suspicious calls or emails about your credit cards or bank accounts, don’t open the emails or give any information. Instead, he says, “manually go to the bank’s website and get contact information,” and call your financial institution directly.
• Chase also says to “always turn on two-factor authentication,” to make it harder to access your accounts.
• Use strong passwords. Use a unique password for each site. You can use a password manager, “like LastPass, Dashlane, or 1Password to store your passwords,” he said, and generate hard-to-guess passwords.
• Set up a personal identification number for your cellphone account.
• Set up theft alerts with your credit-card companies and at least one major credit agency.
• Be aware of the companies you interact with and how they collect and use your data.
As Apple’s CEO Tim Cook said recently: “If we accept as normal and unavoidable that everything in our lives can be aggregated, sold and even leaked in the event of a hack, then we lose so much more than data. We lose the freedom to be human.”
To be sure, there’s some irony in the statement coming from a company that, like its competitors, profits from users’ data. The message, though, is a good one. Privacy should matter to all of us, because it affects all of us, not just those of us with something to hide.