Business

With the recent implementation of the General Data Protection Regulation (GDPR) by the European Union (EU) and a steady stream of news about data privacy, it’s no surprise that a SAS survey found that US consumers are increasingly concerned about their personal data. Of 525 US adult consumers surveyed, almost three-fourths (73 percent) said their concern over the privacy of personal data has increased in the past few years.

What is perhaps surprising: US consumers appear ready for regulation. Sixty-seven percent of survey participants think the US government should do more to protect data privacy. And the new Congress seems poised to explore federal regulation.

“The survey results clearly show that consumers value their data privacy and are greatly concerned about potential misuse. Companies need to reexamine how they handle data and analytics in all aspects of the business,” said Todd Wright, Global Lead for GDPR Solutions at SAS, a leader in analytics. “It’s clear that in this age of increased data privacy concerns, even without a more stringent data privacy law in the US, organizations that treat their customers’ data with care will be rewarded, and those that don’t risk the loss of reputation and customers.”

Taking action
Though consumers seem to want the US government to do more to protect their data privacy, they are also taking action. The majority (66 percent) of respondents have taken steps to secure their data, such as changing privacy settings (77 percent), changing or not accepting cookies (67 percent), declining terms of agreement (65 percent), deleting an app from a mobile device (56 percent) or removing a social media account (36 percent).

More than one-third of survey participants (38 percent) reported using social media less often because of data privacy concerns.

Does the US want GDPR?
GDPR took effect May 25, making organizations that gather data on EU residents accountable for personal data protection and giving EU residents significant new rights over their personal data. These include the rights to access, query and erase personal data held by organizations.

Do US consumers want these rights? Of survey participants who think the US needs more data privacy regulation, a large majority (83 percent) would like the right to tell an organization not to share or sell their personal information. Eighty percent of these consumers also want the right to know where and to whom their data is being sold. Seventy-three percent said they would like the right to ask an organization how their data is being used, and 64 percent would like the right to have their data deleted or erased.

US states are already reacting to this wave of concern from citizens, and Congress is starting to take note. California recently passed legislation similar to GDPR that will take effect in 2020, and Vermont became the first state to enact a law regulating data brokers who buy and sell personal information. In September, the US Senate held its first committee meeting on how lawmakers can protect consumer privacy, and in early November, Sen. Ron Wyden proposed the Consumer Data Privacy Act, a bill similar to GDPR that would penalize CEOs in addition to the companies.

“These state laws are likely the beginning of US legislation,” said Lisa Loftis, a thought leader on the SAS customer intelligence team. “Organizations are still wrestling with existing regulations like GDPR, and new regulations like a US government data privacy law could prove challenging.”