This is how we regain control over our digital identities.

The data count has arrived. We are already very familiar with the gap holders: Equifax, Under Armor, Target. But in 2018, social media brands also stood out: Half a million account data was inadvertently exposed on Google+, and another Data from 29 million users. In the Facebook breach this fall.

The repercussions of these breaches go beyond a single service because social authentication is used with thousands of connected applications. How often have we clicked “Sign in with [insert social media platform]For convenience, rather than creating a new account?

While social media companies are unlikely to become custodians of millions of people’s personal data when they started, after recent revelations, it’s clear that’s what Facebook, Google, and LinkedIn are doing today. Consumers were quick to reset passwords, disconnect Facebook services, and even close their social media accounts. And Google+ no longer exists in its old form.

Amid the chaos a host of questions arises: what is our digital identity? Who is the custodian of that information? And what rights do we citizens of the digital world have?

These are the real issues that consumers urgently need to control.

What makes up your digital identity.

To begin with, we must fully consider what defines personal information. Is it your credit card number? Not so: your credit card number is an identifier, a number that matches your bank information. You won’t freak out about losing your shipping tracking number (for most things, I’ll let your mom’s birthday gift slip anyway). Identification numbers like driver’s licenses, social security numbers, and more should be treated like that shipping number.

Instead, as people engage in more complex interactions online and share how they think and interact with the digital world, we have entered a different era than the one where social security numbers were first printed on business cards. paper that couldn’t even be laminated. and passwords or PINs were the only necessary door to protect our information.

Today, software companies understand what you like; collect biometric information such as your fingerprint or heart rate; they listen to your voice commands and learn your cadence. They have a wealth of knowledge that goes beyond identifying numbers to getting to the crux of who we are as individuals. You should care much more to protect this information.

The dual responsibility of identity custodians.

Data (including data about you) is proliferating at incredible speed: 90 percent of the world’s data was generated. just in the last two years, and 2.5 quintillion bytes of data are created every day.

Companies need to understand what information they are collecting, especially when other services might be collecting it for them (all companies that are scared about GDPR are examples of those that did not have a good handle on this), and are required to clarify what information about you that they will share as part of the consent process.

Establish and publish a robust data privacy policy that includes consent to personal information, strict scopes for what it can be collected, what it can be used for, and how long it can be kept (and to purge data that is no longer are needed) is the core of this.

The consent process also recognizes and assigns equal value to the two main parties to this social contract: the person who decides who can access the information and the recipient who uses that information for commercial purposes.

A company should also not be able to exclude you from their services unless you say yes to their terms; Closing this “loophole” is another key necessary to ensure that consumer protections are upheld with significant consequences for not doing so.

Know (and fight for) your data rights

Social media organizations are not, and never have been, in the business of protecting your identity. For them, their data is their business model. Whether personal data is disclosed or data stolen, neither is acceptable.

Consider the large amount of personal information that different services hold for us, and consider what other organizations give you access to. Consent with caution and consider alternative identity stores as the core of your connected digital ecosystem (full transparency, my company is in the business of enterprise identity).

The stakes are high when it comes to our online identities. The dangers of not protecting our information are staggering, growing by the millisecond. We need to take action, as consumers, as technology companies and as a global community, to have a serious conversation about the ramifications of who has our personal information and with whom it is shared.

Take back control before it’s too late.