Everybody who uses a smartphone or a tablet and has downloaded apps, has exchanged personal data. The average user – which is most of us – will not know where their data is processed or even what data has been collected. The regulators are doing all that they can to tighten up the regulation but the reality is they will always be a few steps behind. There are now so many headlines of security breaches that it would appear it has numbed a users’ concept of the severity of these breaches.
We, the current generation of professionals still remember a time before everything could be done online - before Facebook and Twitter and Snapchat. And it is this generation that is fighting to ingrain information security and privacy in virtually everything that we do and use. This is because we know what it is like not to have our data or identity stolen by a faceless criminal on the other side of the world. We know what it's like to be able to control who we pass our personal data to and what data is appropriate to give. We know what it was like to still be able to live our lives - a healthy social life at that too - without having to give our personal data to an organisation.
The next generation however will be so used to 'living online' that a lot of their personal data will be easily searchable and obtainable. Having this data online will be the norm and you would not be able to take part in society if you weren't living online - you may not even be able to get a job if you didn't have an online presence. We are already seeing the beginning of this type of lifestyle, where an individual's online presence is now a real factor in progressing through to the next phase of the recruitment clearing process. Many organisations now, when looking for potential candidates will review the candidate online first. The organisation will go through the candidate's LinkedIn pages or review the Twitter feed, even go through their Facebook pages.
There is an argument, with all this personal data online there will be a heightened sense of protecting privacy. This is a strong argument. However I believe what is considered personal data and data that needs to be protected under regulation and technical controls will evolve and change.
As a result what we consider to be personal data today, the next generation may not consider it to be personal data or may not put the same value on it that we do today. So I am not too sure the next generation will care or worry too much if they have had their e.g. names and addresses stolen as a result of a hack, because that data may be so easily obtainable that there may not be a value to it.