In this story from last Thursday’s All Thing Considered, NPR focused on businesses that are starting to “forget” user data in an effort to avoid becoming targets for hackers. The idea is that businesses that ‘ditch the data’ instead of storing it reduce the potential for data leaks and users gain more privacy if sites and services don’t retain data about them.
The problem is, many businesses can’t ‘Ditch the Data’
For businesses that fall under regulations that require data retention, “ditching the data” would be very illegal. There are also a few other cases where no one would want to encourage ephemerality. For these cases, businesses need to use a secure email solution like Virtru to reduce the potential for data leaks, increase the amount of control they have over the sensitive information they share, and provide a mechanism to recover expired messages in case they are needed for the reasons outlined below.
Here are just some of the industries in which “ditching the data” wouldn’t work out so well for businesses, consumers, or the public:
- Banking and Investment – I’m talking about a big international bank, the kind of bank that gives you a mortgage and lends money to companies. Banks are required to keep track of communications, especially companies that trade on the public markets. If traders are able to use ephemeral messaging applications that just “ditch the data,” there will undoubtedly be a spike in insider trading. Also, our banks are regulated, and it’s important for government entities to be able to see emails and internal communications. There are regulations covering data retention, and to ignore them would be illegal.
- Health Care – Hospitals deciding to “ditch the data” to become less of a target for hackers seems counterproductive. It would make more sense for them to adopt a secure email solution like Virtru to allow doctors and nurses to expire messages related to patients so that only the sender can see them. That way, there is also a record of patient data and communications, but it remains protected.
- Law Firms – I do think that lawyers need to do a better job sending secure and encrypted email. This is another case where “ditching the data” might sound like a good idea, but in practice it wouldn’t work (legally, at least). The answer lies in email encryption for all messages and attachments using a tool like Virtru.
- Politicians and Public Employees – Remember the scandal about the New Jersey government closing a lane on the George Washington Bridge? Or how about the several governors of Illinois who were sent to jail on corruption charges? These stories broke because of archived email records of public officials. If these officials had been using ephemeral messaging applications like Snapchat we likely would never know about this story. There needs to be some sort of record there.
- Intelligence Agencies – Every government agency should be prohibited from using ephemeral messaging applications that don’t provide some capability for recovering messages to provide oversight. This is especially true for agencies like the CIA or the NSA. Even though they engage in sensitive work, Congress still needs to have the ability to oversee these agencies. If one of these agencies were to just “ditch the data,” that would make it much less likely that we’ll be able to hold them accountable down the road.
I could go on and on here, but the basic point is that encouraging businesses to “ditch the data” oversimplifies the challenge of both data privacy and data retention. If businesses want to reduce the potential for data leaks and increase security, turning to a secure email solution like Virtru’s easy encryption is a far better measure than letting go of information that may be needed in the future.