[BreachExchange] Data is fast becoming more valuable than gold

Audrey McNeil audrey at riskbasedsecurity.com
Tue Apr 17 18:49:38 EDT 2018


http://www.cityam.com/284106/data-fast-becoming-more-valuable-than-gold

Data is the new gold, but we do not value this precious commodity, giving
our data away too freely.

Data protection is the new hot topic. On 25 May 2018, data protection laws
are undergoing radical reform.

The EU’s General Data Protection Regulation (GDPR) will shakeup the
imbalance of power which organisations have on individuals and their data.
You only need to look at the Facebookand Cambridge Analytica scandal to
realise people are finally waking up, with concerns about how their
personal data is being used.

But individuals need to take responsibility. We use sites all the time
expecting no cost, and adverts regularly pop up which closely mirror our
searches on unrelated sites.

We think we cannot be manipulated. But in the age of technology, the
ability to analyse patterns means that organisations know us better than we
know ourselves, and we are at risk of being exploited.

Headlines about the GDPR make tough reading for organisations. Maximum
fines for data breaches will increase from £500,000 (under the Data
Protection Act) to €20m, or four per cent of an organisation’s global
annual turnover (whichever is higher).

Recent high-profile fines by the Information Commissioner’s Office include
£400,000 to both Carphone Warehouse in January 2018 and TalkTalk in 2016,
after customers’ data was hacked.

Data security is now pivotal. Data breaches can occur either externally or
internally, and safeguards are needed to protect IT systems which hold
personal data.

The GDPR enhances individuals’ rights over their data. It introduces new
rights (such the right to have personal data removed or amended), as well
as strengthening existing rights.

Where individuals consent to their data being processed, they may later
challenge any processing and withdraw their consent.

It must be as easy to withdraw as it was to give. But individuals need to
carefully consider the consent they are giving and be aware of the risk.

All of us must be mindful of what we are putting out in the public domain,
as the ability to analyse swathes of information from various sources is
the real gold mine.

If businesses have lawful grounds to process personal data, these must be
made clear to individuals before the data is processed.

While the days of secretly gathering information for an organisation’s own
means are supposedly coming to an end, that is unrealistic, as the
capabilities of technology and malignant forces means there will always be
risks.

Unless there is a global code of protection, transferring data overseas
will become more challenging.

The GDPR sets the benchmark, and will generally require data that is
transferred outside the EU to have adequate levels of local data
protection. The UK is currently drafting a new Data Protection Bill to
largely mirror the GDPR for this purpose.

The GDPR places severe financial sanctions on organisations who fail to
comply. The reputational damage for major breaches could be even more
costly. While it is not too late, organisations that have not yet
considered GDPR need to wake up and act fast.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180417/abfa1042/attachment.html>


More information about the BreachExchange mailing list