We hear of new data breaches almost everyday, so many that we have reached the pinnacle of “breach fatigue.” A feeling where consumers are tired of hearing about theft of personal information due to carelessness on part of a company. From Equifax, Yahoo!, to Cambridge Analytica, our personal, sensitive information is out on the public internet. Poor cyber security practices is just one of the main issues of data theft among organizations. The second is how companies respond after a breach occurred.
Google is now part of a long standing problem we see today and that is hiding information from consumers with regards to a data breach. This latest breach affecting the Google+ platform, exposed half a million user records through a flaw in their API. A flaw in which the company knew about since 2015. To make matters worse, Google knew of the breach in March of 2018 and yet it did not disclose this information until October 8.This is not the first time a company failed to disclose a data breach. Yahoo! was fined $35 million for not disclosing its breach which occurred in 2014. Why was there such a delay in the announcement and why do law makers allow this to continue?
The U.S. does not have a federal law which protects consumer privacy. This need for protection has been left up to the states to enact privacy laws, which most states have done. However, more oversight is needed to ensure better transparency between companies and consumers. Without additional oversight, this unfortunate practice of withholding breach information will only continue.
So what is next for Google? The typical, “…the implementation of better privacy and security protections.” We have heard this story before. The surprising action is that Google is now shutting down Google+ for good. Google+ could have been a great platform though the market is saturated with social networking sites. Hopefully Google will make true to their word and congress will have a wake up call.
For more information on Google’s breach head over to the Wall Street Journal – Google Exposed User Data, Feared Repercussions of Disclosing to Public