External hackers and insider threats. Customer expectations and government mandates.
Data protection is a complex challenge, and it demands attention at every level of an organization. PKWARE's in-house experts are here to help you stay up to date on best practices, emerging trends, and new resources for enterprise data security.
The last two years have been challenging ones for organizations that do business in the UK. Last spring, when the UK was still part of the EU, the European Parliament adopted the General Data Protection Regulation, marking a fundamental shift in Europe's rules for collecting and processing personal data. Just two months later, UK voters passed the Brexit referendum, leaving companies and individuals in confusion as to which data protection laws would apply.
Now, with the recently-announced Data Protection Bill, the UK government is taking steps to define the country's post-Brexit approach to data protection. As expected, the new law will implement most of the GDPR's provisions regarding individual rights and corporate responsibilities. However, the UK will deviate from the GDPR in at least a few areas, potentially creating a second set of requirements for companies that operate both in the UK and on the continent.
These are exciting days at PKWARE.
On July 11, we launched Smartcrypt Data Discovery, one of our most significant product releases in recent history. With this enhancement, our already-unique Smartcrypt platform now lets customers take an entirely new approach to protecting their sensitive data.
Even as data breaches go, this one was ugly.
Deep Root Analytics, a data analysis firm hired by the Republican National Committee to profile voters during the 2016 presidential campaign, left sensitive information on nearly 200 million American citizens on an unsecured web server. The data—more than a terabyte in all—included potential voters’ home addresses, phone numbers, and birthdates, as well as details on their religious preferences and ethnic backgrounds. Anyone with the URL for the server could download the files without needing to enter so much as a password.
A complicated—and ultimately unnecessary—lawsuit is winding its way through the California courts this year, as Waymo and Uber clash over stolen trade secrets. Here are a couple of undisputed facts: a Waymo employee stole 14,000 documents from Waymo servers pertaining to self-driving car technologies, and Uber hired the former Waymo employee. Now Waymo accuses Uber of using those stolen documents, and wants the courts to shut down its self-driving car research. Unfortunately for Waymo, the courts ruled that the stolen documents don’t meet the standards for trade secrets—and that Uber can keep moving forward on self-driving car research.
Before it has funding, a marketing campaign, customers, or even an office, a startup has one all-important asset: information. In fact, you could say that every startup begins its existence as information itself, in the form of a codebase, a blueprint, a business plan, or some other form of intellectual property. As a company grows, it will collect vast amounts of new information in a variety of forms—customer data, transaction records, plans for additional products—all of which are critical to its survival and success.
Unfortunately, few startups recognize just how much protection their data requires. A strategy based on network and device security, no matter how sophisticated it might be, simply isn’t enough to keep data secure. Companies that fail to encrypt their data are taking an unnecessary risk that can rob them of their ability to grow and compete.
After months of delays, the Trump administration has issued its first executive order on cybersecurity, signaling the direction that the federal government’s new strategy will take. The order addresses three broad topics: the security of federal networks, protections for critical infrastructure, and cybersecurity for the general public. Among its calls to replace outdated technology and to create a more capable cybersecurity workforce, the order contains one directive that will make an immediate difference in how the government manages its cybersecurity programs.
Data protection is no longer the domain of the IT manager.
Enterprise organizations are dealing with larger data volumes, more data-dependent business models, and more unpredictable cyber threats than ever before. These pressures, along with new regulations passed in response to them, have moved the conversation about data protection from the IT department to the boardroom. One of the most visible signs of this shift is the emergence of a new role at corporations and government agencies: the data protection officer.
When it rains, it pours.
After the European Commission adopted the GDPR in April 2016, businesses around the world scrambled to make sense of the new data security law and the obligations it imposed. And then, less than two months later, came the Brexit referendum and the UK’s decision to leave the EU.
Organizations who hadn’t yet come to terms with the GDPR were suddenly faced with the prospect of creating not one, but two new data protection strategies—one to meet the EU regulations, and another to comply with whatever rules would apply in the UK after its exit from the EU was complete. It was hardly surprising when companies in North America and elsewhere began to consider leaving the European market entirely, rather than dealing with the complexity and uncertainly that the legal developments had created.