With the recent implementation of the General Data Protection Regulation (GDPR) by the European Union (EU) and a steady stream of news about data privacy, it’s no surprise that a SAS survey found that US consumers are increasingly concerned about their personal data. Of 525 US adult consumers surveyed, almost three-fourths (73%) said their concern over the privacy of personal data has increased in the past few years.
What is perhaps surprising: US consumers appear ready for regulation. In fact 67% of survey participants think the US government should do more to protect data privacy. And the new Congress seems poised to explore federal regulation.
“The survey results clearly show that consumers value their data privacy and are greatly concerned about potential misuse. Companies need to reexamine how they handle data and analytics in all aspects of the business,” said Todd Wright, Global Lead for GDPR Solutions at SAS, a leader in analytics. “It’s clear that in this age of increased data privacy concerns, even without a more stringent data privacy law in the US, organisations that treat their customers’ data with care will be rewarded, and those that don’t risk the loss of reputation and customers.”
Though consumers seem to want the US government to do more to protect their data privacy, they are also taking action. The majority (66%) of respondents have taken steps to secure their data, such as changing privacy settings (77%), changing or not accepting cookies (67%), declining terms of agreement (65%), deleting an app from a mobile device (56%) or removing a social media account (36%).
More than one-third of survey participants (38%) reported using social media less often because of data privacy concerns.
Does the US want GDPR?
GDPR took effect May 25, making organisations that gather data on EU residents accountable for personal data protection and giving EU residents significant new rights over their personal data. These include the rights to access, query and erase personal data held by organisations.
Do US consumers want these rights? Of survey participants who think the US needs more data privacy regulation, a large majority (83%) would like the right to tell an organisation not to share or sell their personal information. Eighty per cent of these consumers also want the right to know where and to whom their data is being sold. Seventy-three per cent said they would like the right to ask an organisation how their data is being used, and 64 per cent would like the right to have their data deleted or erased.
US states are already reacting to this wave of concern from citizens, and Congress is starting to take note. California recently passed legislation similar to GDPR that will take effect in 2020, and Vermont became the first state to enact a law regulating data brokers who buy and sell personal information. In September, the US Senate held its first committee meeting on how lawmakers can protect consumer privacy, and in early November, Sen. Ron Wyden proposed the Consumer Data Privacy Act, a bill similar to GDPR that would penalise CEOs in addition to the companies.
“These state laws are likely the beginning of US legislation,” said Lisa Loftis, a thought leader on the SAS customer intelligence team. “Organisations are still wrestling with existing regulations like GDPR, and new regulations like a US government data privacy law could prove challenging.”
A SAS survey conducted just months before the onset of GDPR found that 93% of global organisations that participated in the survey were not fully GDPR compliant.
Baby boomers most concerned
When it comes to concern over data privacy, compared to a few years ago, age does matter. A majority of baby boomers (ages 55 and up) exhibited an increased concern over their data privacy (78%) and were the least willing age group to provide personal information in exchange for something in return, such as a discount or fewer ads. Two-thirds (66%) of millennials (ages 18-34) reported being more concerned about their data privacy than they were a few years ago. Despite that, almost half (45%) were willing to exchange personal information for something in return. The Gen Xers (ages 35-54) fell in the middle, with 72% expressing more concern about their data privacy, and 42% willing to exchange information.
Confidence by industry
When it comes to security of personal information, health care and banking are the most trusted industries, with almost half of participants reporting they were very confident or extremely confident that organisations in these industries are keeping their data secure.
Social media was the least trusted, with only 14% expressing the same confidence. Travel companies (16%), retail (18%), internet/cable providers (20%), energy companies (21%), and government agencies (29%) were also rated low.
Organisations must reassure customers that they are protecting data privacy. SAS for Personal Data Protection includes industry-leading data management and analytics software that helps organisations achieve compliance and privacy goals while building a trusted data governance framework.
In July 2018 SAS conducted an online survey of 525 US adult consumers for their views on data privacy to better understand their opinions on data privacy and how it affects their behaviours and trust toward companies. Respondents from across the United States represented a broad range of socioeconomic levels. They shared views on government regulation regarding data privacy, their internet attitudes and behaviours regarding data privacy, and their level of trust in organisations to keep data safe.