Data Privacy Laws – Getting Secure
Why are hackers after your data? You can only accord something the required security if you know its value. This knowledge will help you get your network security priorities right as you build your cybersecurity defenses. While most organizations put all efforts in safeguarding the most sensitive data in their custody, hackers are also interested in what you may not imagine. A risk analysis helps to identify specifics and using a risk management plan can aid you in accounting for and addressing each ranked threat.
Most people or system users are aware that personal data is always under threat. If your organization handles such information, it is crucial to employ stringent cybersecurity measures for data protection. Most people assume that invaders are only after crucial information like pins, passwords, bank details, credit card numbers, social security numbers, among others, to use in financial theft. The fact is that less common information like an individual’s favorite pet name, parent’s full names, place of birth, schools attended, and favorite teams are equally sought after by hackers. Such information may help intruders access people’s accounts.
Personal data in the wrong hands can be used for spam, scams, and data mining, apart from the apparent financial theft.
Recent FBI reports indicate healthcare information is a thriving business among criminals as a single record fetches about $50. Though not often thought as of interest to hackers, health information is valuable to intruders just like personal data and trade secrets. It is more lucrative than the selling of social security numbers. If you collect, handle, or keep employee or client healthcare information, ensure the data is secured with the latest security protocols.
Your business blueprint: business plans, business methods, business markets, marketing plans, marketing analysis, and other operational details are deep secrets and of interest to your competitors. Hackers would love to get the information and make a kill by selling to them. While employing cybersecurity strategies and plans to safeguard threats from external intruders, consider internal enemies. Employees can pose a danger as well if the data falls in the wrong hands. Your security measures should safeguard the company business blueprint from all possible threats.
All Your Data
Ransomware is a common threat to organizations and businesses. Here, hackers hold all your data ransom for exorbitant fees via encryption. Keep your version of encrypted data regularly, both offline and online. Off-site back up are crucial as they offer a seamless way to recover in case of an attack, which is an indication of an effective cybersecurity strategy.
Once aware of what the intruder is after, you can find ways to safeguard it adequately. Data security is a primary concern among organizations across the globe. In 2018, hackers made some of the boldest and most scary attacks in cyberspace history. British Airways hacking affected bookings made on the airplane’s app and site. 380,000 users and cards were affected on the two weeks attack. Between Jan 2016 and December 2017, hackers accessed Orbitz travel bookings affecting about 880,000 users. Another major attack on SingHealth affected 1.5 million people, and Marriot Starwood Hotels also fell victim to hackers, where 500 million people were affected.
All these attacks, and many more not mentioned, is any institutions nightmare. Such incidences have shown the need to have data privacy laws. In recent years, states have made remarkable developments in the implementation of data security measures. For example, after a two-year implementation period, the GDPR took effect. Here are some of these significant achievements:
CCPA- California Consumer Privacy Act
In 2018, California passed the CCPA act, which is the first of its kind, to take effect from 1st January 2020.
California Consumer Privacy Act applies to every establishment that collects California resident’s personal data, whether employees or customers to meet the set threshold. This is regardless of the location. One of the requirements is that the company should collect about 50,000 consumers personal data annually. Considering that the IP address is personal information, the threshold is low. The other requirement is $25 million in annual revenue. A business that operates websites will meet the former threshold with ease, even though they miss the later.
Through this law, residents of California enjoy privacy rights like the right to know how a business collects and handles your personal information, rights to access and deletion, right to opt out of ‘sale’ of personal data, among others.
GDPR- General Data Protection Regulation
The EU set the pace by effecting GDPR, and most of the member states are introducing laws that protect data at local levels, to supplement the baseline position under GDPR. Germany and Spain took the law further beyond the specific derogation areas.
Other Global Developments
Bosnia, Ukraine, North Macedonia, Malaysia, and Monaco are in the process of passing their data protection laws to align to GDPR. In Hong Kong, the New Ethical Accountability Framework urges establishments within Hong Kong to take privacy impact assessments that are like the requirements under GDPR. Brazil’s General Data Protection Law is set to take effect in 2020. This law, like the GDPR, applies outside the country’s territory. Though data threats are on the increase, countries are becoming aware and putting to effect data privacy across the globe; which is ultimately a good thing for everyone.
Ken Lynch is an enterprise software startup veteran, who has always been fascinated about what drives workers to work and how to make work more engaging. Ken founded Reciprocity to pursue just that. He has propelled Reciprocity’s success with this mission-based goal of engaging employees with the governance, risk, and compliance goals of their company in order to create more socially minded corporate citizens. Ken earned his BS in Computer Science and Electrical Engineering from MIT. Learn more at ReciprocityLabs.com.