With the recent implementation of the General Data Protection Regulation (GDPR) by the European Union (EU) and a steady stream of news about data privacy, it’s no surprise that a SAS survey found that US consumers are increasingly concerned about their personal data. Of 525 US adult consumers surveyed, almost three-fourths (73 percent) said their concern over the privacy of personal data has increased in the past few years.

What is perhaps surprising: US consumers appear ready for regulation. Sixty-seven percent of survey participants think the US government should do more to protect data privacy. And the new Congress seems poised to explore federal regulation.

“The survey results clearly show that consumers value their data privacy and are greatly concerned about potential misuse. Companies need to reexamine how they handle data and analytics in all aspects of the business,” said Todd Wright, Global Lead for GDPR Solutions at SAS, a leader in analytics. “It’s clear that in this age of increased data privacy concerns, even without a more stringent data privacy law in the US, organizations that treat their customers’ data with care will be rewarded, and those that don’t risk the loss of reputation and customers.”

Download the full report, Data Privacy: Are You Concerned?

Taking action

Though consumers seem to want the US government to do more to protect their data privacy, they are also taking action. The majority (66 percent) of respondents have taken steps to secure their data, such as changing privacy settings (77 percent), changing or not accepting cookies (67 percent), declining terms of agreement (65 percent), deleting an app from a mobile device (56 percent) or removing a social media account (36 percent).

More than one-third of survey participants (38 percent) reported using social media less often because of data privacy concerns.

Does the U.S. want GDPR?

GDPR took effect May 25, making organizations that gather data on EU residents accountable for personal data protection and giving EU residents significant new rights over their personal data. These include the rights to access, query and erase personal data held by organizations.

Do US consumers want these rights? Of survey participants who think the US needs more data privacy regulation, a large majority (83 percent) would like the right to tell an organization not to share or sell their personal information. Eighty percent of these consumers also want the right to know where and to whom their data is being sold. Seventy-three percent said they would like the right to ask an organization how their data is being used, and 64 percent would like the right to have their data deleted or erased.

US states are already reacting to this wave of concern from citizens, and Congress is starting to take note. California recently passed legislation similar to GDPR that will take effect in 2020, and Vermont became the first state to enact a law regulating data brokers who buy and sell personal information. In September, the US Senate held its first committee meeting on how lawmakers can protect consumer privacy, and in early November, Sen. Ron Wyden proposed the Consumer Data Privacy Act, a bill similar to GDPR that would penalize CEOs in addition to the companies.

“These state laws are likely the beginning of US legislation,” said Lisa Loftis, a thought leader on the SAS customer intelligence team. “Organizations are still wrestling with existing regulations like GDPR, and new regulations like a US government data privacy law could prove challenging.”

SAS survey conducted just months before the onset of GDPR found that 93 percent of global organizations that participated in the survey were not fully GDPR compliant.

Baby boomers most concerned

When it comes to concern over data privacy, compared to a few years ago, age does matter. A majority of baby boomers (ages 55 and up) exhibited an increased concern over their data privacy (78 percent) and were the least willing age group to provide personal information in exchange for something in return, such as a discount or fewer ads. Two-thirds (66 percent) of millennials (ages 18-34) reported being more concerned about their data privacy than they were a few years ago. Despite that, almost half (45 percent) were willing to exchange personal information for something in return. The Gen Xers (ages 35-54) fell in the middle, with 72 percent expressing more concern about their data privacy, and 42 percent willing to exchange information.

Confidence by industry

When it comes to security of personal information, health care and banking are the most trusted industries, with almost half of participants reporting they were very confident or extremely confident that organizations in these industries are keeping their data secure.

Social media was the least trusted, with only 14 percent expressing the same confidence. Travel companies (16 percent), retail (18 percent), internet/cable providers (20 percent), energy companies (21 percent), and government agencies (29 percent) were also rated low.

For the complete survey findings, download the full report, Data Privacy: Are You Concerned?

Next Steps

Organizations must reassure customers that they are protecting data privacy. SAS® for Personal Data Protection includes industry-leading data management and analytics software that helps organizations achieve compliance and privacy goals while building a trusted data governance framework.

A SAS survey of 525 US consumers reveals big concerns about data privacy.