Data privacy is no longer an option – it’s a requirement. And in honor of this clear requirement to strengthen security efforts, today marks the annually held international effort known as Data Privacy Day – led by the National Cyber Security Alliance (NCSA). For those who may not be familiar, the NCSA is a nonprofit public-private partnership dedicated to promoting a safer, more secure and trusted Internet.
For enterprises, regulatory compliance initiatives, large-scale data breaches, protecting intellectual property and maintaining brand reputation are driving IT departments in every industry to adopt data-level controls for all sensitive information.
In the spirit of Data Privacy Day, and for your reading pleasure, we’ve assembled reflections from several Vormetric executives on current developments in data privacy. As you read, we encourage you to share your thoughts with us in the comments section below, or feel free to tweet us @Vormetric.
Alan Kessler, CEO and President on the Safe Harbor Decision
In 2015, one of the most notable and longest-standing data privacy agreements was overturned by the European Union. The agreement – known as “Safe Harbor” – was a treaty between the EU and U.S. government, which allowed any U.S. entity complying with its principles to be certified. Once certified, these entities were permitted to process personal data which had been transferred from Europe.
The European Court of Justice’s decision to strike down Safe Harbor puts power back in the hands of EU member countries and opens the door to much tougher and more restrictive data security regulations. Although it wasn’t a surprise, this is still an extraordinary ruling given the agreement has governed data flow between the U.S. and EU for some fifteen years.
In light of the Safe Harbor Decision, in 2016 security executives must take the time to understand the data residency conundrum, do their due diligence in researching encryption solutions that best fit their needs and deploy solutions that allow their companies to stay both compliant and safe. This will require time and patience – two words C-level executives aren’t fond of. But, the potential ramifications that have historically stemmed from cutting corners absolutely aren’t worth any type of perceived short-term benefits.
Once upon a time, cybersecurity was rarely discussed and we paid mild attention to the content we shared online. However, large scale breaches like those at Target, Anthem and Home Depot opened Americans’ eyes to the information we release in the cyber world – even Obama spoke to the need to balance American safety with privacy. Apple also increased security so that only the user could unlock data. Other popular messaging services followed in Apple’s footsteps by encrypting user devices.
While tech companies embraced encryption, some government officials started seeking the right to use secret keys to track terrorists and other criminals. They felt encryption could render information government officials claim is vital to national security invisible. And while the government’s reasoning for creating a backdoor is sound, opening a door for the government means that same door is open for hackers.
Regardless of how you feel about the topic, there are some things we all should have learned. Far more users are being impacted by businesses not encrypting data than they are by the government not having access to their data. While a backdoor to encryption might help identify the run-of-the-mill perpetrator, it is not going to stop the truly dangerous people.
With the ever increasing list of high profile data breaches coupled with multiple uneven local data protection regulations in Europe, it comes as no surprise that a single EU-wide regulation, the General Data Protection Regulation (GDPR), was agreed upon on 15 December, subject to final endorsement by both the European Parliament and EU member states.
Severe fines of up to four per cent of global turnover for non-compliance and a change in scope brought about by the GDPR ensure that there will be legislations in place that are relevant to the new cloud, mobile, social, and collaborative era of business. Hopefully this means, that finally, organisations will be forced to get their security in order and sensitive data will be made safer through encryption with access control.
Time is ticking away and the sooner companies start understanding and implementing adequate security measures and transparent data encryption, the sooner customers’ minds can be put at rest, knowing that necessary precautions are being taken to keep their personal information out of the wrong hands. The GDPR is a step in the right direction and will hopefully bring about a much needed wakeup call to organisations currently sleeping on essential security requirements.