• by Ray Schultz , Columnist, January 9, 2018

U.S. employees are ignorant when it comes to privacy. They have a rudimentary awareness of cyber threats, but most don’t know about the EU’s General Data Protection Regulation (GRPR) or important U.S. privacy legislation, according to MediaPro’s 2018 Eye on Privacy Report. 

Of 1,007 U.S. working people surveyed, 59% say GDPR is completely new to them; only 13% know the basics. 

They are more aware of the Health Insurance Portability Act -- with only 21% who see it as completely new -- and the Fair Credit Reporting Act, which is cited as new and unknown by 25%. 

In contrast, 49% admit they know little or nothing about the Children’s Online Privacy Protection Act, and 44% about the Electronic Communications Privacy Act.

GDPR awareness varies by industry. Those in the education field are most likely to see it as completely new (78%), followed by those in government (70%), retail (65%), healthcare (53%) and finance (52%).

In contrast, only 42% of technology workers are unaware. But that’s no small number, considering that these are the people on the front lines. 

Of greater concern, employees in this sector were least able to identify reportable privacy incidents and threats to private data, according to MediaPro. 

"The 2018 Eye on Privacy Report shows companies could be doing a better job educating their employees about how to handle sensitive data,” states Steve Conrad, MediaPro's managing director. “It's time to stop playing with fire when it comes to data privacy -- before it's too late."

So what worries consumers?

Of those polled, 89% rank Social Security Numbers as a five on a scale from one to five. Next is credit card data (76%), tax information (71%). Social media posts are seen as the highest form of threat by only 58%.

Of course, views depend somewhat on age: Older respondents are more sensitive than younger ones about SSN and tax data.

In one disturbing result, 8% say they are unsure whether they should report a cybercriminal stealing sensitive client data on the job. But don’t be too alarmed: Most will report it, along with other forms of data exposure:

• Learning that a cyber criminal has stolen the names, addresses and birth dates of several clients — 91%
• Spotting sensitive information left by the copier — 83%
• If staff installing software on work computer to track internet usage — 80%
• Being mistakenly sent an encrypted email by a coworker — 72%
• Noticing that security software on a shared workstation has been disabled — 72%
• 87% would store a project proposal for a new client and design specifications for a new product in a locked drawer
• 75% would destroy an old password hint, and 74% would shred an ex-employee tax form from three decades ago
• Most people are careful about apps
• Of those polled, 68% sometimes allow precise location data via GPS, but 69% never let apps read text messages and 56% will always reject access to browser history 

Again, this depends on age. Among those age 55 and up, 59% have answered “never” to an app permission request, compared to 52% of those in the 35-54 range and 42% of those ages 18-34. 

What should companies do to get their employees up to speed at work? 

"Data privacy is everyone's responsibility, and organizations can prepare their employees to protect against threats through year-round privacy awareness training programs that addresses privacy concerns at the root of employee culture," states Tom Pendergast, MediaPro's chief strategist for security, privacy, and compliance.