The True Cost of Not Architecting for Complete Data Privacy

Storj
November 4, 2021

How building for data privacy now will avoid significant cost in the future

Data privacy regulations are here. Companies that operate in Europe or California are scrambling to ensure compliance with the GDPR and CCPA, respectively. Smaller US companies that are below the $25M revenue threshold of the CCPA are quietly watching as large companies are being fined hundreds of millions of dollars. The GDPR alone has fined an estimated 1,000 companies in the past 2 years with cumulative fines of $1.25 billion.

So smaller companies that aren’t yet being subjected to fines are diligently putting together GDPR approved privacy policies and trying to minimize personal data collected to ensure the spotlight doesn’t shine their way. But is it enough?


Small companies need to take a zero-trust approach to data privacy

The reality is that data privacy regulations are being drafted into law at state and federal levels at a rapid pace while early lawsuits, like Schrems II, are making the existing regulations even more restrictive. Small companies can’t take a wait and see approach to data privacy. They need to build a zero-trust architecture to ensure that data and metadata are completely protected.

Data security and data privacy tend to overlap for people. But at the base definition, data security is about protecting the data and data privacy is about limiting and protecting the metadata collected. Abstinence is always the safest policy—not collecting the data. However, some metadata is needed for the business model or the application features. This is where security once again overlaps with privacy as you then need to figure out how to keep that metadata secure. A zero-trust approach to this involves implementing security measures that assume no one can be trusted.

Data storage is an area that hasn’t traditionally accomplished this. If you’re using centralized cloud storage, those providers have access to your metadata—particularly if you’re not paying extra for encryption. The only truly zero-trust data storage option that exists today is decentralized cloud storage as the entire system is built with a zero-trust architecture. Here is a great explanation of how decentralized cloud storage works.

The potential costs of not having a zero-trust approach to data privacy

Decentralized cloud storage is still new so some companies are once again taking a wait and see approach. The problem with that is they are leaving themselves vulnerable to data privacy issues that could impact them today with customer pushback. Additionally, they are setting themselves up for potential future fines or difficulty in switching cloud storage later in order to avoid fines. Here’s a breakdown of the risks and corresponding costs involved:

Risk 1: Customer backlash from perceived lack of data privacy

Consumers are getting more educated (and outraged) about the topic of data privacy. They want all the great features of your application, but they don’t want it at the cost of their data being shared with others. They don’t even want you to see their data. So if your happy users discover you are doing any of the above, you have the potential to lose customers.
A great example of this was WhatsApp, a secure messaging app. An Apple security and privacy update shed light on the fact that WhatsApp was collecting much more metadata than competitors. Furthermore, they were sharing this metadata with Facebook. The end result was millions of users abandoning the app for competitors like Signal.

Risk 2: Data breach causing fines, customer loss and costly “repairs”

Again, data privacy and data security tend to overlap and a data breach is a great example. If your data is not protected with a zero-trust cybersecurity model, then you have a higher risk of malicious attackers stealing and possibly exposing your data. This results in upset customers who feel their privacy has been violated. Customers may leave your application completely and regaining their trust is not easy.

Besides losing revenue, a data breach is incredibly costly in terms of making sure the attacker is out of your system, in paying ransomware, and in PR damage control. The more you can approach data security in storage with a zero-trust policy, the better you can lower the risk of having customer’s data privacy violated in this way.


Risk 3: Data privacy regulation fines for non-compliance

The data privacy regulations that are out of their grace periods are for the most part not applicable to startups and smaller companies. This will not always be the case. Either your company will do great and grow your revenue above the thresholds or the regulations will catch up to include smaller companies. It’s just a matter of which happens first.

While Amazon or Google may be able to get hit with hundreds of millions in fines and survive, this will not be the case for smaller companies operating in a high-growth, low profit environment. Even the smallest of fines would be crippling. Early-stage companies need to plan for this by incorporating zero-trust into every aspect of their application.


Risk 4: High costs for switch cloud storage later

For those companies that still want to take a wait and see approach to data privacy, they are at risk of getting hit with outrageous egress costs when they are “ready” or forced to switch. In other words, when your customers or the regulations push you to reconsider your cloud storage strategy and move your data to a zero-trust storage solution, this can be a costly move.

Centralized cloud storage providers like Amazon, Google and Microsoft give you lots of incentives to utilize them, but penalize you heavily if you want to leave. The more data you accumulate with them, the higher your fees to switch. As a smaller company planning on growth, it just makes sense to avoid this fee and start with a zero-trust cloud storage provider.

Get ahead of data privacy costs onzero-trust decentralized cloud
Start for Free

Share this blog post

Put Storj to the test.

It’s simple to set up and start using Storj. Sign up now to get 25GB free for 30 days.
Start your trial
product guide