When thinking about Data Protection, it is difficult to think of this topic without automatically thinking about the technology that we use to process information. Everything from the collection, storage and sharing of information has been made possible by technology. And 'technology' has changed. It isn't just the home or work computer we use; it's the mobile phone, the tablet and it's also a plethora of other devices, such as CCTV, building access control, heating and ventilation systems. We carry devices which report on our heart rates, exercise patterns and sleeping habits. Even our cars have been described as 'computers on wheels', as they monitor engine performance, and track our driving styles.
Our digital universe is therefore no longer 'out there', we are living in it and we seem to have accepted this situation without any real consideration of the downside.
The downside of course is the ongoing risk of becoming a victim of cybercrime or suffering a data breach, and as we increasingly depend on our digital universe to survive, the likelihood of falling-foul of these risks is also increasing.
So, what should we do?
Clearly the role of the technology vendor (supplier) is to ensure their devices/systems are designed in a secure manner. To this end, the new General Data Protection Regulations (GDPR), which comes into force in May 2018 outlines what is required in "Data protection by design and by default" (Article 25). Vendors have a responsibility to consider how technology could be used in a negative context, and should put in controls to reduce the risks. A simple example here would be manufactures of 'Wifi' enabled devices requiring passwords to be changed on first use. Vendors have a big part to play in data protection. But the story doesn't end there.
The customers' role
Increasingly vendors recognise the importance of data protection and cyber security, and they have put in place steps to ensure security is maintained. However, as customers (aka consumers), we are often impatient and irritated by these controls, and subsequently disable security features or don't heed the requests of vendors, who might suggest "change your password on first use. Here's how...". As customers, we often place convenience over security, and this is leaving us vulnerable.
So what needs to happen?
Both vendors and customers have a job to do. They both must take responsibility for good data protection and cyber security, but I feel the customer has the biggest journey to make. Vendors recognise that they have an obligation to protect their customers, so they offer the tools to enable the customer to do so. However, if the customer fails to take these measures they are leaving themselves vulnerable and cannot blame the vendor. This is akin to driving recklessly and then blaming the car manufacturer because you had an accident. Using technology in a reckless manner may not result in a loss of life-or-limb, but it can hurt. Both vendors and customers have a role to play, so let's hope both begin to understand the important parts they have to play.