We can only predict what 2020 will bring for data privacy by taking a look at what we already know. Data privacy continues to be a hot topic because cyber-attacks are increasing in size, sophistication, and cost. The numerous attacks on personal and consumer data has raised privacy concerns around the world.
As a result, the EU’s GDPR (General Data Protection Regulation) had an important impact. Many states within the United States have since adopted their own privacy protection laws, such as the CCPA (California Consumer Privacy Act). We should expect more regulations and awareness in the future, as the U.S. currently is working to implement federal data privacy laws.
Now that the new year is upon us, let’s take a look at a few predictions that I have surrounding data privacy, and best practices for securing your data in 2020.
The Importance of Data Privacy
Data privacy is important to consumers because a breach of personal information can damage an individual’s fundamental rights and freedoms, including the risk of identity theft and other types of fraud. Data privacy concerns are also top of mind for organizations. Any unauthorized collection, careless processing, or poor protection of data can introduce multiple risks.
The main risk for organizations is failing to comply with security and privacy requirements. The result can mean steep fines, lawsuits, and other consequences. The CCPA, for example, grants the private right of action if a breach occurs and data was not encrypted or anonymized. GDPR fines can reach 20 million euros or 4 percent of a company’s global annual turnover for the preceding financial year. Authorities can even ban the business from processing personal data in the future.
These severe penalties for noncompliance may be the strongest driver for the rising privacy awareness among businesses. Businesses have to take privacy into account before they use an individual’s data. All organizations must implement security protections for healthcare records, financial data, and other personally identifiable information they process and store.
Apart from legal sanctions, enterprises face reputational risks if they fail to ensure data privacy protection. To maintain customer trust today, a company must demonstrate that data privacy is one of its core values. Indeed, while many businesses still view privacy policies as a set-and-forget legal routine, the consumer’s attitude has changed. According to PwC research, only 25 percent of consumers believe most companies handle their personal data responsibly.
Defending Data Against Tech Giants
The most interesting point for me is this tradeoff between free functionality that search engines and social media sites provide in exchange for all sorts of data about you. The data being collected tends to go way beyond the inherent use case of marketing research. If this information fell into the hands of a malicious actor, it could become worse than the dystopia of the book 1984.
What people seem to still be assuming is that they are anonymous among the masses. Yet, big data techniques allow millions of people to be monitored at all times. From that, key actions or data points are derived from this aggressive data collection, and they can produce frightening results.
Commercial and state entities have the resources to combine credit card data, search data, location data, subscription information, entertainment choices, political views, and real-time behavior to create what can only be described as a surveillance engine to track millions of user’s actions and intents.
Granted, most commercial entities are watching for buying indicators, but state or malicious actors can watch for interactions with other people, gather conversations and video, know location, and your most private actions and intentions. The main point I am making here is that you do not have to be targeted to be watched.
The technology has far surpassed our legal systems’ protections and is operating in an unregulated environment. The issue is real and inherent to all digital activities and user agreements today.
More Regulations and Awareness
It’s typically not until after a security breach is disclosed that users learn what can go wrong with their data. They may even start to wonder what will happen if their information gets into the wrong hands. That’s why new privacy laws will likely be implemented to empower users to better protect and control their data.
For example, the new California privacy law set to go into affect this month will allow consumers to instruct companies to delete their personal information and to opt-out of having their private data shared. These new regulations will allow users to better control their data and who has access to it.
On the other hand, stricter regulations create a more complicated landscape for individuals to navigate. You will start to see more consent requests attached to any online data collection. Therefore, it is important to pay attention to what you are agreeing to when you click “consent.”
With these new privacy laws, the method and level of transparency that organizations use to collect and store user data will likely come under scrutiny, particularly as data breaches become public. The more data a company has on a user, the more insight criminals have to infiltrate their life and trick them into sharing more information through phishing tactics.
What is Coming with CCPA?
You may start to notice links or buttons at the bottom of the page, reading “Do Not Sell My Personal Information.” This change is one of many going into effect this month thanks to the new data privacy law known at the California Consumer Privacy Act.
This law essentially allows users to access the personal data that companies have collected on them, and have it deleted to prevent it from being sold to third parties. Since it is a lot more work to create a separate infrastructure just for California residents to opt out of the data collection industry, these requirements will transform the internet for everyone.
The CCPA will only apply to businesses that earn more than $25 million in gross revenue, that collect data on more than 50,000 people, or for which selling consumer data accounts for more than 50 percent of revenue.
GDPR began pushing back and updating Europeans out-moded legal privacy protections, but enforcement still lags. Culturally, companies are not operating with privacy in mind. CCPA is the first formal foray into updating legal framework for privacy in the U.S. The CCPA will not produce immediate results.
The very business models that many companies rely upon are brazen exploitation of its user’s information. There is a robust market for selling and using that data in hundreds of ways that are not at all authorized or even known by users.
Data Privacy Best Practices
For the most part, to operate in a digital environment today, you are signing away your privacy by using any of these services. At this point, consumers seem to be choosing convenience and services over privacy, but that is mostly out of the intangible nature of the issue.
There is no immediate or direct consequence to giving up your privacy. The mass of data being collected about each individual which is typically in the tens of thousands of data points. These points can and will be used to pre-determine your actions and beliefs.
Insecure behaviors at work are starting to become grounds for termination. At what point do businesses also incorporate the mass of consumer data to determine employability?
There is no excuse not to encrypt all data at all times, whether at rest or in motion. In fact, there is no reason not to encrypt both the device’s storage and data. Encryption solutions can be damaged or hacked, but just as most burglars look for unlocked doors, most cyber thieves look for unencrypted data.
To protect data in motion outside the firewall, use encryption via a virtual private network and device management to enforce all other desired policies. Encryption is also available for network traffic inside the corporate firewall.
Whether an enterprise limits employee to company-supplied endpoints or permits bring-your-own-device policies, every device that is allowed to access corporate networks and data should be managed with device management tools that enforce all corporate security policies.
Like the saying goes, “you’re only as strong as your weakest link.” In this case, you’re only as strong as your weakest protected access point. As with encryption, there are methods to spoof two-factor authentication that might work, but the cyber criminals typically go for the open endpoints.
There are many inexpensive enterprise password management tools that should be used at every business. These tools can be applied along with mandatory password expectations, password updates every 60-90 days, and two-factor authentication. Though many users have adopted password management tools for their own devices, they should also be mandated on every device that is authorized to access corporate data.
As biometric authentication services using fingerprints, retinal scans, and activity patterns become more widespread, stronger and more user-friendly two-factor authentication services are available. Also, never keep system IDs and passwords in unprotected text files.
Many organizations have changed their policies to comply with privacy regulation, which is a positive initial step, but if an organization cannot enforce the policy, then no data privacy benefits will be experienced.
This policy change is usually considered a records management task, but businesses must start managing existing data, while understanding that volumes of new data will be consistently generated.
2020 Is the Year for Better Data Privacy
With the new regulations empowering users to protect their data, it is finally time for better data privacy. Let LightEdge help you safely and securely store your data. Whether you are looking for a top-tier colocation service provider or a world-class hosting and cloud provider, LightEdge has got you covered.
LightEdge’s highly-trained compliance and security experts take the guesswork out of keeping your business protected. Trust our expertise to ensure you are covered through our security and compliance services, including risk management, information security, audit preparedness, and support.
Our LightEdge facilities are more advanced than traditional data centers. We have created true Hybrid Solution Centers designed to offer a complete portfolio of high speed, secure, redundant, local cloud services and managed gateways to public clouds through our hardened facilities.
Customers turn to LightEdge to reduce risk of non-compliance, scale security, and for the predictably and cost-effectiveness. LightEdge provides customers with an extended team of experienced engineers and helps to focus resources on agility and differentiation. Are you curious how your current provider stacks up? No two businesses are the same. At LightEdge, we work with you to find the right mix of control, security, and cost for your Cloud Hosting and IT service needs. Contact us today for your free security assessment.
- The Importance Of Data Security: Understanding The True Cost
- How To Mitigate And Respond To Data Breaches
- Why Insider Threats Are The Biggest Danger To Your Data
- Top Network Security Threats And How To Prevent Them
- Cybersecurity Break Through Infographic
- Your Business Needs A Cybersecurity Break Through
- The Future Of IT Security: What To Know And How To Survive
- Here’s How To Develop A Cybersecurity Recovery Plan
- What Is Disaster Recovery As A Service (DRaaS)?
- How To Determine If Your Business Is PCI Compliant
- What All Healthcare Companies Need To Know About HIPAA Compliance
- PCI DSS Cloud Compliance: Your Guide to a Smooth Cloud Migration
- 6 Best Practices for Data Security in the Cloud Infographic
- The Best of Both Worlds: Colocation and PCI DSS Compliance
- Ultimate Guide to a Highly Compliant Cloud Environment