Industry reactions to Data Privacy Day 2019
The purpose of Data Privacy Day is to raise awareness and promote privacy and data protection best practices. Data Privacy Day began in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe. Data Privacy Day is observed annually on Jan. 28.
Cindy Provin, CEO, nCipher Security
These high profile policy developments are sending a signal that the days of using personal data for commercial advantage without offering consumers some level of transparency are waning.
It’s time for technology companies to become vigilant about building consumer trust, both because regulators are watching and because consumers are increasingly invested in how their data is being used. Ultimately, it’s a smart business strategy. Trust takes years to build but only an instant to destroy.
Andrew Filev, CEO, Wrike
Trying to maintain your privacy online is a little bit like trying to maintain a healthy diet. Everyone has opinions about what the biggest risks are, and conflicting approaches to mitigating them. The way that we work is changing and as a result, so are security risks. Today’s workforce is increasingly mobile, remote and connected to work through the cloud and devices – so your security measures should reflect that.
Ever noticed someone peering over at your phone screen or newspaper when on the tube? Most people look over their shoulder when at an ATM to protect their pin and the same threat exists when you’re sitting in a cafe, shared workspace, or on public transport. Despite its simplicity, a privacy screen that stops wandering eyes from viewing your screen should not be overlooked as a critical piece of the puzzle in protecting your personal data and the data of your employer, clients, or partners. Some apps even have built in blurring features to hide information within them.
Think about it – most apps use your email account to verify your identity. That means if someone can access that account, they have everything they need to reset passwords for your banking, cloud, and even enterprise apps you use at work. Two-factor Authentication (2FA) puts an extra layer of security between your data and would-be threats, to help ensure only you can access it. It’s critical to use 2FA when available on all of your apps to prevent a breach of one app spreading to others. Unfortunately, according to Google engineer Grzegorz Milka, less than 10 percent of Gmail users use 2FA as of 2018.
When you’re collaborating with people outside your organization, convenience may tempt you to store a document in the cloud and turn on link-sharing to give them access. I strongly recommend resisting this temptation. Instead, keep files password protected with the ability to revoke access and in a platform that provides a record of who has accessed it and when.
Rusty Carter, Vice President, Product Management, Arxan
Data privacy has been in the news a lot lately, from the EU’s General Data Protection Regulation (GDPR) to California’s Consumer Privacy Act (CCPA) – but do these laws do enough to actually protect consumers? In short, no. The new privacy legislation still isn’t doing enough because there’s very little that’s explicit about data security, using vague language defining ‘reasonable security’ and opening the door for confusion and misinterpretations. You really can’t have privacy without security.
As we’re seeing, user credentials are already for sale on the Dark Web. From the dozens of large breaches we saw in 2018, we’ve learned that many enterprise backend systems and databases are vulnerable because of the applications accessing them. Companies can’t simply protect their networks to keep consumers safe, they must also implement strategies that include strong detection and reporting of the health and status of applications both inside and outside of their networks. Consumers need to increase their concerns and expectations of vendors around security; and security vendors must adopt a security by design (and by default) approach for the end-to-end data journey.
Protecting data doesn’t just fall on a company’s shoulders either – legislators play a critical role too. Laws must provide specific penalties for data protection violations, similar to what the EU enacted last year. France recently fined Google $57 million for a European privacy rule breach, resulting in Google’s largest penalty ever. Suddenly we’re putting a real price tag on data protection, or least trying to do so. The U.S. needs to create similar privacy laws to help protect consumers. CCPA is a good first step, but augmenting it with specific penalties will force compliance. Compliance will inevitably force protection which will lead to both security and safety.
Simon Harman, Project Lead, Loki
Digital privacy is the responsibility of the individual. Each one of us has the power to signal to companies that we are concerned about our privacy through our choices online. Through the usage of common security techniques, such as VPNs, SSL encryption, and 2FA, whilst also limiting the amount of information we put up on websites and social media applications, we can greatly reduce the chances of being negatively impacted by hacks, or being watched by companies and state level actors.
Further still, we should realise that the cloud, while convenient, puts all of our personal information into the hands of others, and should act accordingly. I can see that the utilization of public key authentication is going to become much more prevalent, and that companies are developing products that perform more of the work client-side instead of in the cloud as a measure to protect the user’s privacy. A popular example of this design would be WhatsApp or Signal. If users are willing to try out and advocate for these kind of apps, the trend could be massive.
Jesper Frederiksen, UK GM, Okta
With 81% of data breaches as a result of weak or stolen user credentials (according to Verizon), Data Protection Day should mark the advent of a new modern identity system to better ensure safety over our personal information. Convenience over privacy has reduced our abilities to control our personal identities, especially with the daily threat of data breaches. Now a trip to the dark web can turn up the information many of us still hold precious: Social Security numbers, bank accounts, health insurance details, and whatever else a criminal may desire.
To achieve this, blockchain technologies are emerging to help mitigate risk. Blockchain is built to ensure data exchanges cannot be erased or adapted without leaving a record, making it very difficult to hack. It is also excellent at controlling information and avoiding duplication, which is key in an area with such serious consequences. And while this idea of self-sovereign identities in the blockchain is promising, there’s still a lot to figure out to make it a workable backbone for identity management. As the technology develops and garners more understanding, Data Protection Day is here to remind us that we have a chance to make privacy a standard, not a thing of the past.
Leo Taddeo, CISO, Cyxtera
Privacy and security go hand in hand. Most cyber-attacks start with some form of social engineering. The more cybercriminals know about you, the more likely they can convince you to trust them.
Be on guard. Learn the privacy policies of the organizations you do business with and don’t share your sensitive personal information with any organization that doesn’t value your security and privacy.