Data Privacy Day is an annual international effort to raise awareness around the importance of respecting privacy, safeguarding data and enabling trust.
With this year’s event taking place last week, we spoke to some industry experts in order to get their thoughts on how businesses and consumers can keep themselves safe in the current climate. Here’s what they had to say:
Simon Marchand, Chief Fraud Prevention Officer at Nuance
Data Privacy Day acts as a reminder to businesses and consumers alike that cyber security solutions and fraud prevention tools are no longer optional, especially during this time of crisis. In fact, with the current, necessary shift towards remote working – it has never been more important to look to experienced security and fraud solutions providers that demonstrate a strong track record of protection against cyber threats to security.
The sad truth is that fraudsters don’t stop their crimes because of a pandemic. In fact, they often seize the immense change that comes with an event like this to ramp up their activity – targeting individuals and businesses whilst they are at their most vulnerable and least protected in order to manipulate their data and steal their personal information.
Whilst there is not and never will be one single silver bullet for fighting fraud, biometrics is a proven, effective authentication factor and fraud prevention tool. By layering it into a data protection strategy, businesses are able to identify whether a person really is who they say they are.
With voice biometrics able to leverage more than 1000 unique speech characteristics- from pronunciation to size and shape of your nasal passage- and behavioural biometrics measuring minute details- such as how a person holds their phone or even how they pause once they finish a task- systems that incorporate them are considerably less susceptible to hacking.
When it comes to fraud, prevention is always better than a cure. In today’s landscape consumers are more aware than ever of the importance to protect their own information, and they will hold accountable the organisations that don’t do enough to protect the information they share with them. Without question, businesses need to be one step ahead and education around the most effective security solutions- like biometrics- is key.
Nigel Hawthorn, data privacy expert, McAfee
“Our previous research found that 40% of large UK businesses expect to be cloud-only by the end of this year. This number is expected to accelerate because of the pandemic, which significantly increased the number of people working from home and as a result, the adoption of the cloud. With an increasing reliance on the cloud, companies need to ensure that they have complete visibility and control over data regardless of where it is, even when employees are using the same devices and services for both their business and personal lives.
“Businesses must also recognise that cybersecurity and data privacy compliance is not a cost – it’s an investment to not only protect against attacks but also enable greater innovation, resiliency and business growth. Recent statistics show that a total of €272m has been levied in fines by European data protection authorities since the introduction of the GDPR in 2018, with the majority of these fines issued in the last 12 months. Across the EU, the GDPR framework serves as a driver for organisations to revisit their current processes and take full responsibility for processing and storing personal data. Now the UK has left the European Union, it is important to remember that their legal responsibility around data privacy doesn’t go away. The UK government passed the Data Protection Act 2018 to provide an equivalent law to GDPR. As we step into the new year, we will continue to see a rise in the amount of data stored in the cloud and a clear focus on regulations which put internet users – and their data – first.”
Paul Wright, Managing Director, AppsFlyer UK, FR, ME & Turkey
“Data Protection Day is particularly notable for the mobile advertising industry this year, falling amid calls for more stringent consumer data privacy regulations and pending changes to advertising platforms, including Apple’s new IDFA rules. The iOS 14 update will have a significant impact on the industry, as its new App Tracking Transparency (ATT) framework will prompt users to opt-in or, more likely, out of data sharing. In doing so, it threatens to weaken the targeted advertising models that advertisers have come to rely on.
“In 2021, protecting consumers’ privacy and ensuring they have full control and ownership over their data that is collected and shared must be a priority. The latest developments will help to build trust and transparency between users, marketers and advertising platforms, if advertisers also adapt to a rapidly changing mobile ecosystem that increasingly prioritises data protection over reporting and sharing data. It’s imperative for marketers to ensure they adopt app solutions that comply with iOS end user privacy requirements while taking proactive steps to achieve continued success in mobile advertising.”
Charles Southwood, Regional VP – Northern Europe and MEA at Denodo.
“Over the last year, every business – regardless of size or sector – has faced challenges and needed to adapt in order to survive. With more interactions than ever before currently taking place digitally and the threat landscape continuing to grow, protecting personal data has never been more important or more challenging. This year’s Data Privacy Day, provides us not only with a chance to reflect on how far we’ve come, but also to look forward to how we can improve in the future.
“Since the introduction of the EU’s General Data Protection Regulation (GDPR) in 2018, we have seen many organisations continue to struggle to ensure the simple and transparent management of personal data. One of the main hurdles they face is that this data is usually distributed in different and separated repositories throughout an organisation.
“This is where modern technologies – like data virtualisation – can help. By providing easy and complete access to all repositories, through a single information layer, data virtualisation ensures that data can be traced and audited in real time, no matter where it is stored and without the need for duplication. It facilitates compliance with current legislation whilst enabling organisations to protect their most valuable asset; their data.”
Petter Nylander, CEO at Besedo
“After a year when digital services have played a more crucial role in our daily lives than ever, Data Privacy Day is a timely reminder that online service providers have a responsibility to keep their users safe, as well as connected and productive. There is room to improve how data is handled: although it’s been more than two years since its implementation, fines levied under the GDPR increased by 40% last year as companies work to meet its principles of responsibility and transparency.
As users look more closely at the behaviour and policies of services they have started using – or started using more – over the last year, it is on companies to implement and clearly communicate systems which guarantee users’ privacy. While the regulatory risks are growing, the potential reputational damage as a result of a privacy breach may be even more significant: many companies will be relying on retaining the customer base they have built up recently, and a breach can make that impossible. Over the next year, we should expect to see a consolidation of focus among online businesses and a reprioritisation of user privacy and safety.
Using automated systems which provide a backstop defence of users’ privacy – such as warning people when sharing Personally Identifiable Information – can clearly signal that safety is a key consideration in the company’s attitude. Businesses should also take great care to ensure that their partners and vendors have both appropriate policies in place and the technological capability to fulfil those policies. While expertise on privacy can be outsourced, ultimate responsibility for it cannot.”
Peter Lefkowitz, chief privacy and digital risk officer at Citrix
“This Data Privacy Day, there are a few clear themes we are compelled to consider: the effects of a remote work environment on system and data security, and how to provide a secure work environment while respecting the constraints of the pandemic.
“As a result of the abrupt shift to remote working over the past twelve months, sensitive data now exists outside of offices – specifically, in workers’ homes and on their personal devices, traversing untrusted networks and unsanctioned, or at least untrusted, cloud services. Yet unfortunately, most enterprise policies are designed to protect data and apply physical and technical safeguards within the enterprise, not the minimum-security environment of workers’ homes.
“To address the problem, organisations must evolve their capabilities beyond the current model of controlling sensitive data distribution, which is heavily dependent on access rights, workers’ actions (or inactions), and flagging compliance-impacting events after they’ve happened. And with IoT and analytics expanding our concept of sensitive data – by type, volume, depth and meaning – the need for a more encompassing approach is more urgent than ever.
“By applying risk-based protection and security analytics, organsations can tailor access to different files and systems based on where somebody is and how they’re working. This should, as always, be coupled with focus on the basics, including minimising collection, minimising data where possible, and managing user personas and credentials. In adapting their policies to accommodate a remote work model – which likely isn’t going away anytime soon – security and privacy leaders can help to secure the enterprise and ensure their systems, personal and other data, and workforce remain safe.”
Paul Farrington, EMEA CTO, Veracode
“Data protection takes on new challenges in 2021 with the rapid adoption of new technologies such as containers, microservices, and serverless functions. These technologies offer major business benefits in terms of automation, cost and scale, as well as rendering the logic to build and configure infrastructure as code (IaC). As IaC becomes the norm, infrastructure becomes immutable, paving the way for greater consistency, reliability and predictability.
While IaC makes it easier to develop apps, businesses need to be wary of potential security risks associated with IaC and not assume these new technologies are secured as standard by the vendors that provide them. To ensure data is protected, businesses must prioritise application security regardless of the infrastructure on which their apps are built. Since the introduction of GDPR in 2018, a reported total of €272m has been levied in fines by European data protection authorities. These fines have the potential to increase as the number of ways to violate the data protection rules multiply, so employing secure coding best practices from the outset is paramount.”
Andy Teichholz, senior industry strategist, compliance and legal, OpenText:
“In our new digital economy, people around the world are becoming acutely aware of how their information is being collected, stored, and used. The GDPR ushered in a new paradigm that elevated awareness about the importance of privacy and the exploitation of data. Some of the largest countries around the world have responded by enacting or augmenting their privacy protections to closely mirror the GDPR. We see this in Brazil and recently in California through the recent passage of California Privacy Rights Act (CPRA). Other countries are on their way too. Steps are being taken in Canada, China, and India to potentially modernize and augment their data privacy rights and protections.
“With stricter data privacy enforcement and consumers empowered to act on their rights, companies must be prepared to deploy technology and aggressively operationalize their data privacy programs to meet the most stringent standards. Beyond potential fines, any organisation that fails to comply with data privacy laws risks breaking trust with their customers. By investing in comprehensive privacy management capabilities underpinned by information governance and automation, organisations can achieve data protection by design and default – satisfying regulatory requirements, avoiding non-compliance penalties and more importantly, maintaining customer trust.”
Keith Glancey, Systems Engineering Manager at Infoblox:
“Data privacy has changed dramatically over the last few years. Starting with the implementation of GDPR in 2018, new regulations have codified the responsibility of companies to provide adequate protection to their customers. Data privacy is now a human issue and losing customers’ trust and loyalty can result in significant damage to organisations.
“Where things really got interesting was the overnight shift towards remote-working in 2020. This new requirement forced the network perimeter to expand as it accommodated for the explosion of devices connecting to a corporate network. With this comes significant security issues, from Shadow IT to staff using vulnerable home Wi-Fi networks, that open up the drawbridge for attackers to do anything from stealing sensitive data to taking down hospital networks.”
“As we approach Data Privacy Day after what has been an unprecedented 12 months in the cybersecurity realm, companies need to be considering how they can leverage their existing technology to increase their security posture. With solutions such as DDI (DNS, DHCP and IPAM), companies can use a technology they already implemented (for devices to communicate with each other) to glean enhanced insight into network activities, and ultimately provide a much stronger data privacy offering”
“We also remind ourselves of the work that IT and security teams do every day to help protect companies and individuals from attackers. Investing in sound security solutions will be key in helping these teams to continue better protect us all.”
Matias Madou, CEO and co-founder at Secure Code Warrior:
“Data privacy gets a lot of attention these days, and rightfully so. From GDPR to CCPA, regulatory frameworks have made it impossible for businesses to ignore the importance of protecting customer data. Whilst these regulations set out the basic requirements for organisations when it comes to data protection, they don’t necessarily address the root cause of the problem – that many breaches occur due to vulnerable code.
“This Data Privacy Day is one like no other. Organisations have faced unprecedented levels of cybercrime in the past year, from attacks targeting highly valuable vaccine data to taking advantage of the increased vulnerabilities brought on by remote-working. For many organisations, budgets are tight but risk levels are growing exponentially, so it’s important they focus on preventing security risk from the outset.
“A 2019 study found out of 32 web applications, 82% of vulnerabilities were located in the application code itself. That’s a lot of risk that can be mitigated by creating secure code in the first place. This is why teaching developers how to code securely from the outset is crucial in the fight to protect customer data.
“The most successful way to do this is through hyper-relevant and developer centric learning platforms, which are integrated into developers’ day-to-day tasks. This helps not just fix existing problems but gives them the skills to code securely in the future, creating a more robust data security posture customers and society at large.”