“We regret to inform you that a vendor was hacked, exposing our customers’ personal information.”

For many, this sentence has become all too familiar. As technology becomes more deeply integrated into every aspect of our lives, the rising tide of data breaches threatens the security of personal information. The startling reality is that one in three Americans has experienced a data breach. But these numbers don’t tell the full story. These violations disproportionately affect disenfranchised communities—often with less access to resources or tools on digital safety.

As we mark Cybersecurity Awareness Month this October, this issue is timelier than ever. The increasing frequency and impact of high-profile data breaches demand that businesses, consumers, and policymakers act swiftly to protect sensitive information.

Data Breaches: A Threat to Disenfranchised Communities

Disenfranchised communities already face systemic barriers, and the rise of high-profile data breaches only exacerbates their vulnerability. When personal information is compromised—whether it’s healthcare data, financial details, or other sensitive identifiers—the impact on these communities can be devastating. Take, for example, the Grindr hack that disclosed the HIV status of LGBTQIA+ users. This kind of targeted breach doesn’t just threaten financial security—it exposes individuals to profound personal and societal risks. For these communities, breaches can lead to increased financial burdens, identity theft, and even discrimination.

Why Encryption is Essential to Cybersecurity

Encryption is one of the most valuable tools in the fight against cyber threats. By converting data into a secure format that can only be accessed with the correct encryption key, businesses and consumers can prevent unauthorized access to sensitive information. However, with growing regulatory discussions surrounding encryption, there’s a need to strike a balance between securing critical infrastructure and fostering innovation. The catastrophes that could ensue if policymakers mandate backdoor access to encrypted data are not theoretical. Congress’s mandate in the 1990s for broadband providers to enable law enforcement agencies access to encrypted communications on their networks led recently to China-backed hacker group Salt Typhoon gaining access to all of it. Because the legally mandated backdoor opened to more or less any information traversing the carriers’ network, Salt Typhoon’s access to it was also unlimited, as far as we know. The episode is perhaps the strongest evidence that mandating similarly unfettered access via backdoors to encrypted devices or data in transit would eventually result in that access falling into the wrong hands. Experience here demonstrates that weakening encryption would expose businesses to more frequent breaches, creating an even greater risk for those already marginalized.

The Role of Policymakers in Supporting Encryption

Effective cybersecurity efforts rely not only on technology but also on sound policymaking. Policymakers have the power to protect encryption standards, ensuring they remain strong enough to safeguard our digital infrastructure without creating loopholes that compromise security. At the same time, any regulatory measures must avoid stifling innovation or placing undue burdens on small businesses trying to comply with complex cybersecurity requirements.

Taking Action Now

Cybersecurity Awareness Month is a reminder that protecting personal information isn’t just about technology—it’s about protecting people, especially those who are most vulnerable. With cyber threats becoming more sophisticated and frequent, immediate action from the public and private sectors is needed to bolster our defenses. Data breaches aren’t going away anytime soon, but by enabling the strongest encryption measures, educating businesses and users on cyber-hygiene, and advocating for smart policies, we can work to protect our digital future.

Continuing the Conversation

During SXSW 2025, ACT | The App Association is excited to present our panel, “IMMEDIATE ACTION REQUIRED: Data Breaches and Encryption,” where we’ll continue conversations around these themes with our members and explore the significance of encryption as a foundational piece of critical infrastructure and how robust cyber-hygiene practices can mitigate risk.

During the panel, our experts will highlight encryption’s critical role in keeping data safe, especially for businesses that handle sensitive consumer information. We’ll also share actionable steps that companies of all sizes can take to strengthen their cyber-hygiene practices—steps that can go a long way toward preventing data breaches before they happen.

Our panel will also dive into policy challenges, emphasizing how governments can support both security and innovation by creating a regulatory framework that protects critical infrastructure, like encryption, without compromising the growth of small businesses.

Stay tuned to learn how you can join the conversation at SXSW 2025! In the meantime, check out our expert lineup of member companies and privacy experts:

Meet the Panel: