Why Gig Economy Shouldn’t Take Sensitive Data for a Ride

Arti Raman, CEO of Titaniam, discusses how workers and consumers gladly share personally identifiable information(PII) with apps, to access personalized recommendations, just-in-time service delivery, and ultra-fast payment methods, among others. Yet, they trust app providers to protect this sensitive data, and the article goes into detail about why this trust may be misplaced. 

The gig economy has created the financial opportunity for millions of individuals who use services to build their businesses, work independently, or earn extra money. By 2023, there will be 915 million gig workers, 78 million of whom reside in the United States. These independent workers will earn a projected $298 billionOpens a new window in wages by next year.

Consumers have benefitted by gaining innovative services, convenience, and greater mobility. It’s amazing that the gig economy, a term coined by jazz musiciansOpens a new window in the 1900s, only took off in 2008. Millions of workersOpens a new window displaced during the recession took on part-time jobs, and Airbnb began its fabled rise. 

Yet, this exciting trend is creating significant data risks. Both gig workers and consumers share sensitive data with apps, ranging from freelance job sites to temporary lodging, ride-sharing, food delivery, and more. This personally identifiable information (PII) includes user demographics, account information, financial data, social media updates, location tracking, and more, making these apps a target-rich environment for cyber attackers. 

Workers and consumers gladly share PII with apps to access personalized recommendations, just-in-time service delivery, and ultra-fast payment methods. Yet, they trust app providers to protect this sensitive data, trust that may be misplaced. 

Similarly, merchants are connecting with gig economy apps, such as local restaurants that use food delivery services. These businesses also risk exposing sensitive data due to gig apps’ suboptimal data security and privacy practices.

Gig economy companies have a checkered data protection record  

Companies such as Uber, Lyft, and DoorDash have bad data privacy and security track records.  Uber’s most recent data breach should come as no surprise, as many of these companies have failed to have comprehensive data privacy and security programs in place over the years. Uber’s full data breach timeline reveals how company employees were able to use a “God View” to track the real-time location of users from 2011 to 2017, and how hackers stole personal data on 57 million consumers in 2016, which led to the recent 2022 breachOpens a new window where a hacker gained access to Uber’s internal systems. Similarly, DoorDash had a data breach in 2019, which exposed personal information on five millionOpens a new window customers, merchants, and drivers, and just recently were breached again. 

What’s next for gig app data privacy and security 

Gig economy companies have learned from data privacy and security woes and media fallout. Uber, Lyft, DoorDash, and others have implemented comprehensive data privacy and security programs, which spell out how data is collected, managed, stored, accessed, and secured. Data is typically encrypted on devices, in transit, and when at rest in files and databases.

That’s gone a long way to creating transparency about practices and bolstering consumer and partner trust. However, it’s not enough. All gig economy companies need better information risk management practices that are automatically enforced when data is in use. 

Despite implementing new security tools and practices, the reality is that gig companies’ data in use is still at risk. That’s especially true for apps that connect consumers and service providers in real-time, such as ride-sharing and food delivery. These apps must analyze massive volumes of rich personal data to provide the real-time services that customers covet. 

See More: Why Security Does Not Equal Privacy

How gig economy companies can protect data-in-use 

The alarming rise of data-related extortion and the resulting loss of security, privacy, and compliance tells us that the world is ready for a new approach. Companies must protect data-in-use, their customer base, partners, and revenues from a fusillade of ongoing cyber-attacks.  

Companies can do full-featured processing on encrypted data using the data security platform that provides high-performance encryption-in-use technology and nine privacy-preserving techniques in a single engine. This means that there’s no need to decrypt data to provide highly performant search and analytics. As a result, if cyber attackers penetrate networks, they are unable to access unencrypted data, even if they have highly privileged credentials, such as administrator keys. The same holds for high-level insiders, who also only see encrypted data. Gig companies will be protected from ransomware attacks and payments since data can’t be exfiltrated in clear. 

How do you think companies can secure personal data? Which technologies they can use? Lets us know on FacebookOpens a new window , TwitterOpens a new window , and LinkedInOpens a new window .

Image Source: Shutterstock

MORE ON DATA PRIVACY

• Default Setting: Privacy Protection and How to Achieve It
• Employee Data Rights With GDPR and CCPA: Data Privacy Day Special
• Connecting Customer Data in Today’s Data Platform To Deliver Personalized Experiences  
• How HR Can Manage the Evolving Data Privacy Landscape