Facebook, Equifax, and the Coming Data Wars


By: R. Scott Raynovich

Data is money. Data is power. These are lessons from the developments at Facebook (FB) and Equifax (EFX) and the rising number of questions about how companies and organizations are handling data.

Equifax is under fire for its poor security practices enabling a security breach compromising the data for as many as 143 million consumers. Facebook is under pressure because of its role as a fake news vehicle for Russian organizations that influenced the U.S. Election with ads. Facebook is also receiving criticism for its capabilities to target audiences based on race and hate speech.

Put all of this together, and it paints a grim picture of the current state of data privacy and sovereignty. Your data is not safe -- apparently it is in the hands of incompetent credit agencies and nefarious Russians.

Next, we enter the phase of public handwringing and Congressional hearings, which will probably yield -- nothing. The government, typically behind the curve in technology, will attempt to come up with new regulations. Then private enterprise will find the loopholes.

What's needed is better data governance and security in the private market, as well as more awareness from consumers. Private corporations need to take more responsibility, and the public needs to put pressure on the to be responsible. The current system is broken.

This represents a huge opportunity for the startup community, especially in the security and finance markets. Innovation can help protect consumers and secure data.

It's clear from the Equifax breach that legacy credit agencies are behind the curve in protecting consumer data. The banking industry, which has an oligopolistic relationship with credit agencies and questionable data practices of its own, needs to move forward and find better solutions.

Technologies such as endpoint security, facial recognition, artificial intelligence, and blockchain will be used to build more sophisticated authentication networks. There is no reason why a bank's authentication algorithm should be required to rely on your social security number and the city in which you were born. In the future, it should use physical authentication and AI-driven analytics to confirm that it is, in fact, you.

In the end, the companies with the most secure data will win, because if the data is insecure they will lose their customers. And the solution will come in the form of security innovation, not regulation, because the regulators are always fighting the last war.