As we enter autumn, the weather is turning stormier, and it seems to be a similar story in the world of data security.
We are nearing the sixth month post the GDPR; and I thought it would be interesting to follow-up on a November 2015 blog I wrote about the future arrival of this legislation to see what the impact has been and where things currently stand.
In that article, I referenced the disastrous impact on TalkTalk, the communications company, following a very public data breach but despite GDPR, things have not improved. Indeed, it seems that data breaches are becoming even more common – or perhaps there is just more interest in the subject. According to the Breach Level Index, a global database of public data breaches, there were 945 data breaches worldwide in the first 6 months of 2018, leading to 4.5 billion records being compromised – an astonishing 133% increase over 2017! Most recently, the Facebook data hack, which affected the personal information of at least 30 million users, has come to the fore.
From a personal perspective we've all been bombarded by GDPR-related activities as individuals. There was a plethora of pre-GDPR emails seeking our approval for retaining our personal details and we now have an ongoing click- storm every time we visit a new website asking us to confirm we are happy with how 'they' use our data and to what purposes it will be put. How many of us simply click "ACCEPT" rather than read the detail?
If you follow me on LinkedIn you'll know that I'm interested in the truth behind some of the claims made about the use of Artificial Intelligence in legal tech. Whilst researching a couple of GDPR-focused AI tools, a more fundamental and immediate issue was highlighted related to data security. Two AI solutions had 'intelligently reviewed' the data privacy policies of some global companies and suggested that they are not fully compliant with the GDPR.
The fact that such large organisations are (allegedly) failing to tick all the GDPR boxes, serves to remind us of the enormity of our data security responsibilities and that it's virtually impossible to get everything right.
We know that the Information Commissioner's Office (ICO) is taking a pragmatic approach to policing data security, but whilst the UK Information Commissioner, Elizabeth Denham, has stated that "enforcement will be a last resort" she also identified that any breaches "will have a significant impact on companies' reputation and, ultimately, their bottom line". So, whilst there may not be immediate financial penalties, it's almost certain that any affected brand will suffer. It therefore makes sense to take advantage of any quick wins that allow you to show the ICO that you are taking your data security responsibilities seriously; not to mention giving your clients some comfort that their personal data is safe.
So, it's a timely reminder about the various data security elements that we have introduced into the recent versions of Visualfiles. Referring back to the Data Breach Index, it states that of the billions of data breaches, "only 4% were 'secure breaches' where encryption was used, and the stolen data was useless". We have solutions that allow you to securely encrypt your data, use flexible tools to search or mask copies of your data, install workflow solutions to improve your risk and compliance capabilities or 'education engagements' to help you understand how to use Visualfiles more securely and effectively.
If you would like to find out more about our data security options, please get in touch with your account manager.
- https://www.breachlevelindex.com/
- https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2018/04/data-protection-practitioners-conference-2018-ed/
- https://privacypolicycheck.ai/
- https://www.linkedin.com/in/nigelwilliamspm/