Enhanced Privacy as a result of strong Cybersecurity
Cyber Security Awareness Month has been observed annually in the month of October since 2004. The aim of the above has been to highlight the importance of cybersecurity and aid individuals to protect themselves and their information especially given the frequency and intensity of online threats. While cybersecurity month was brought about in the US, it has naturally gained traction around the world, since cyber-attacks are not confined to any physical space.
However, cybersecurity continues to gain traction for a reason, which is the monumental intensity and frequency of breaches today and the personal liability that comes with it. Not only is personal data compromised, but the repercussions will be faced by the CISOs and data security professionals in question. Such was the case of Joe Sullivan, the former head of security for Uber, who was charged with obstruction of justice and witness tampering for hiding a data breach from the relevant authorities. He now faces up to 8 years in prison. This case highlights the enormous weight that cybersecurity, its implementation, and effects carry. The campaign theme for this year, as highlighted by the Cybersecurity and Infrastructure Security Agency (CISA) is ‘See yourself in Cyber’ wherein the emphasis is placed on people themselves, giving people a sense of power and accountability over their data and online presence. Further, the theme calls on the people within the privacy and security industry to bring out operational changes and work towards protecting the infrastructure on which the world today runs.
Why is cybersecurity vital
Cybersecurity is gaining importance for several reasons. To start with, there is little predictability with cyber-attacks, whether we are talking about malware, phishing, or thefts and scams. These attacks do not discriminate between MNCs and smaller enterprises, or organizations from one continent over the next.
Secondly, there is a surge in the collection, processing, analyzing, and sharing of personal and sensitive information. These processes, if not done correctly and in compliance with the required regulations, stand vulnerable to attacks. The repercussions of this have the potential to be very damaging, unsafe, and intrusive. Not to mention that the aftermath of a cyber-attack and rectifying the mistakes of the same are financially costly, time-consuming, and arduous and can shatter the reputation and the trust placed in organizations, both of which can further be costly. On top of it, if the cyber-attack causes a personal data breach, organization will be faced certain obligations and enforcement.
Intersection of Privacy and Security
GDPR defines a personal data breach as a breach of security leading to accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of or access to personal data transmitted stored, or otherwise processed. Similarly, under CCPA, the fundamental definition of a data breach is the unauthorized access and exfiltration, theft, or disclosure of personal information. GDPR, US federal and state laws mandate data breach notification requirements. The FTC has brought legal actions against organizations that have violated consumers’ privacy rights, misled them by failing to maintain security for sensitive consumer information, or caused substantial consumer injury. The CCPA also allows consumers to bring a private legal case against a business in the event of a data breach.
Efficient security furthers privacy efforts immeasurably. Privacy, as we know is much more than a key factor in the success of businesses today. Today’s data-driven world calls for privacy to stitched into the fabric of the business, the default setting. This requirement has led to the creation of the concept of Privacy by design. This is a relatively new approach that inculcates a proactive stance as compared to the more commonly utilized reactive stance. This is achieved by incorporating data privacy protection measures into the systems, products and services by default.
The concept covers 7 fundamental principles, which are
1. Proactive not reactive; preventive not remedial 2. Privacy as the default setting 3. Privacy embedded into design 4. Full functionality – Positive-sum not zero-sum 5. End-to-end security – Lifecycle protection 6. Visibility and transparency – keep it open 7. Respect for user privacy – keep it user-centric
Data being managed effectively throughout its lifecycle in a Privacy by design environment means that right from its collection to its eventual destruction (according to the legal requirements) the data will be in compliance with the regulations and be stored/ processed in a secure manner at every step. Privacy being the key factor that it is, is dependent on efficient security, which can be understood as a subset of the former. One cannot have privacy without security. While the two can conflict with each other, privacy is not possible unless security is achieved. How Security and Privacy can work together There are several ways in which organizational security can be improved. Effectively, there are tools that improve security and privacy at the same time, letting the positive effects of heightened security strengthen the privacy program.
Building robust tolls and processes to develop and maintain a detailed DataMap and practicing data minimization not only tackle the immediate and high liability security challenges but simultaneously build stronger and scalable privacy programs for the long run.
Data mapping involves tracking of data and its processes across the organization, it involves a detailed and curated understanding of how the data is collected, how it is classified, stored and its movements within and outside the organization. Having such an extensive understanding and control over the data allows the organization to implement privacy protection measures at every level and ensure appropriate access and accountability. Another notable benefit of a robust data map is its ability to track and subsequently manage risks around data and data flows.
Embracing data minimization, as one of the most important tools in the toolbox for privacy and security shows an organization’s commitment to privacy. Furthermore, the value of data diminishes with time. Deleting obsolete data on a regular basis will ensure the availability of current and accurate data for analytics.
Incorporating robust security measures have benefits that penetrate all aspects of a business including a strengthened and effective privacy program. Meru Data’s solutions include everything from a scalable data lifecycle management program to comprehensive data mapping to intensive PIAs. This Cybersecurity Awareness Month, invest in efficient security measures and witness the benefits to your overall privacy efforts.