Data Privacy and Protection Recap: February 2019 Edition
It is 2019 and it’s time that IT departments drive innovation for their organizations rather than holding them back. Here are some of the latest trending data privacy and security stories, which help support this need.
Ron Mehring and Axel Wirth Discussed Health Data Security
Several technologies are playing increasingly critical roles in mitigating the potential impact of security incidents in healthcare, said Ron Mehring, CISO at Texas Health Resources, and Axel Wirth of Symantec.
In the interview, Mehring and Wirth also discussed:
- The increasing threat of nation-state and other cyber-attacks on the healthcare sector
- How automation and orchestration will improve incident detection and response
- Top response challenges and incident detection in healthcare
In addition to analytics, artificial intelligence and machine learning offer great potential for helping battle security breaches due to the volume of attacks, their sophistication, and their changing nature, Wirth says in the same interview.
GDPR Data Breach Survey by DLA Piper Stated That 59,000 Data Breaches Occurred in EEA
European companies have experienced thousands of data breaches since data protection laws were brought in the past year, as per a survey of a law firm DLA Piper. In the GDPR Data Breach Survey, DLA Piper specified that about 59,000 data breaches have been reported across the European Economic Area (EEA) by the private and public organizations since the General Data Protection Regulation (GDPR) came into effect on May 25, 2018.
Of these 26 EEA countries, Netherlands topped the list with about 15,400 data breach notifications, followed by Germany and the United Kingdom with 12,600 and 10,600 reported breaches, respectively. The lowermost breaches were made in Iceland, Liechtenstein, and Cyprus with 25, 15 and 35 respectively, the survey also revealed.
Recently, the European Commission (EC) said that data protection regulators in Europe have received over 95,000 complaints about potential data breaches, after the implementation of the General Data Protection Regulation (GDPR). The commission also said that most of the complaints were because of promotional emails, telemarketing, and video surveillance.
Customer-First Approach vs. Security-First Approach for Businesses
Being customer-first basically means listening to your customers’ needs and requirements. It requires you to swiftly adjust and react to meet those needs or at least anticipate them to offer solutions proactively for the customers’ issues. The benefits of a customer-first business approach are simple and clear: It is aimed to increase loyalty to the brand, revenue gains, and more. It is also obvious why security is so important as no organization wants to suffer the consequences of a data breach.
How to develop a strong security culture?
- Build Security Muscle Memory
- Shift Your Perspective
A customer-first approach is, arguably, the business initiative which impacts your bottom line the most. Understanding and proactively addressing the customers’ security and privacy concerns shows that you’re not just trying to sell a product or a service, but you are also responsible for their data and operate with integrity. In an era where brand integrity matters, security-first is the best way to grow the businesses.
All About Biometrics and Why Consistent Updates in Technology Are Needed
Biometric authentication uses physical or behavioral human characteristics to digitally identify a person for granting access to systems, devices, or data. Examples of these biometric identifiers are facial patterns, fingerprints, voice, or typing cadence. Each of these identifiers is considered unique to the individual, and they might be used in combination to ensure greater accuracy of the identification. However, companies need to be extremely careful about how they roll out their biometric authentication systems to avoid infringing upon an employee or customer privacy, or wrongly exposing any sensitive information.
Here, the experts recommend that companies operate with multiple types of authentication simultaneously and escalate quickly if they see any of the warning signs. This is because this data can also be abused by repressive government regimes or criminal prosecutors overstepping boundaries. Foreign powers may also use the information in an attempt to influence the public opinion. Unethical marketers and advertisers might do the likewise. The security of the biometric authentication data is extremely important, even more than the security of passwords, since passwords can be easily changed if they are exposed.
Alternative approaches to allowing new devices to identify existing authorized users include tokenization, one-way encryption, or hashing functions. Biometrics has the likelihood to make authentication faster, easier, and more secure than the traditional passwords, but with the advent of new techniques companies, need to be careful about the biometric data they collect.
Compliance or Security: Which Path to Choose First?
In spite of the implementation of data protection laws, the news of organizations suffering from data breaches has still not curbed. By the end of 2018, a wave of highly publicized attacks made the headlines that included top names like Facebook, British Airways, Amazon, Vision Direct, Dell, and Marriott Hotels. And now transitioning to 2019, even Google is facing a $57 million fine for violations of the GDPR.
Due to the cybercrime world becoming more sophisticated, diverse, and complex, it has made it impossible to completely eradicate the risk of being attacked/breached, leaving many organizations to operate in distress. Unfortunately, compliance does NOT equal security. This perception fuels a false sense of security in companies. As an alternative, meeting compliance must be seen as a stepping stone in the correct direction to security.
Organizations are unsure on what should be taken on priority—compliance or the security—and they need to start by making sure that security and privacy are truly amalgamated within systems, along with the objectives to reduce risk and unlawful access to critical data. To meet more advanced and dynamic needs and threats, enterprise security architecture should meet unique organizational management objectives as well as risk challenges.
We Can’t Hide from Digital Sleuths Anymore
New privacy laws like the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) promise to provide people with control over their data. But these laws won’t actually protect us from the privacy harms. In today’s data-rich world, the information people reveal about themselves reveals their secrets, even if they have full autonomy over their own data and use the most careful privacy hygiene.
Privacy laws need to opt for a new direction and concentrate on safeguarding people from real harm. New national privacy laws must be established and tough consumer protection rules against the use of information to harm people should to drafted. Of course, these rules mustn’t stop companies from using information about terrorists, fraudsters, and members of hate groups to further expose the evil interests of these bad characters. And companies must be able to use the information to see if people are suitable for mortgages, jobs, insurance, and consumer credit. But generally, companies shouldn’t harm the legitimate interests of users who provide them with their personal information, and new laws should uphold this consumer right.
Facebook under German Regulator’s Scrutiny
Germany’s anti-monopoly watchdog has asked Facebook to not to combine the user data from its WhatsApp, Instagram, and Facebook apps without user consent, after a three-year investigation into potentially anti-competitive actions. The federal cartel office announced that it would be giving the technology company 12 months to change its data policies.
After the ruling’s implication, Facebook will need “voluntary consent” from users before it can combine data from WhatsApp, Instagram, and Facebook (known internally as the “blue app”). Facebook’s intention to fully integrate the technology underpinning its three main services so that users can send messages between them will take a blow against the ruling. The plan was widely seen as a pre-emptive move to make it difficult for competition regulators to force the company to spin off one of its subsidiaries.
The social network was criticized by activist groups for not enabling users to decline consent without also forcing them to delete their account. In the end, users only had the choice to delete the account or hit the “agree” button, and that’s not a free choice.
PKWARE can help with your data privacy needs. Find out how with a free demo.