Absolutely. These are issues in almost all our reports. In our recent TikTok report, half of the top issues were consent and information, understanding what information is being used, why it's being used and how much, etc.
I think in the context of breaches, it's also relevant. If you know what you're giving, are you aware of the risks of a privacy breach and the safeguards? We ask questions and we challenge. In the 23andMe joint international investigation I did with the United Kingdom, we challenged the security methods. Do you have multifactor authentication? Do you require strong passwords? Sometimes organizations are doing it with perhaps good intentions. They told us that people don't like complex passwords, because they're challenging and hard to remember. We said we understand that, but they need to insist on those; otherwise, they're exposing themselves to these terrible harms that are sometimes impossible to undo. That collaboration has to happen.
You also mentioned retention. We need to challenge organizations, government and the private sector to not keep information, personal or otherwise, longer than they need to, because that increases the risk.