It’s been a big year for data privacy. The world’s strictest data protection standard to date, the European Union’s General Data Protection Regulation (GDPR), became enforceable in May 2018 and its reach stretches far beyond Europe’s borders. GDPR applies to any company that does business in Europe or serves European citizens, regardless of where it’s based. To date, the U.S. federal government has not passed any measures like GDPR, although several states have enacted privacy laws. The question remains, given how many websites, devices and social media platforms the average U.S. consumer interacts with on a daily basis, how can we ensure the privacy of our data?
Data Privacy Laws
The GDPR adds to the European Union’s general policy of protecting the data of its citizens. It establishes guidelines for the collection and processing of personally identifiable information (PII) for EU citizens. Organizations have had to rethink the way they transfer data, capture consumer details and collect and share data. Some industries and market segments have found GDPR compliance to be challenging. A survey by GlobalData indicated that healthcare R&D has been uniquely impacted by GDPR, likely due to the vast amount of PII that organizations within this market segment routinely process. The AdTech industry has also been significantly impacted by GDPR. Without being allowed to use first-party data, advertisers are largely unaware of consumer preferences and this can hinder their ability to serve up targeted ads.
Despite these challenges, GDPR is a good thing. At Attila Security, we believe that data privacy is an inherent right. In the wake of the Facebook-Cambridge Analytica scandal and frequent, high-profile data breaches, general public awareness of data privacy implications has grown dramatically. The result is that consumers outside of the EU are starting to demand protection of their right to privacy. Many U.S. states have recently passed legislation aimed at giving consumers more control over sharing personal data and providing them with greater transparency. The most aggressive of these is the California Consumer Privacy Act (CCPA), which requires companies to abide by strict data capture and processing operations. Alabama, Arizona, Colorado, Iowa, Louisiana, Nebraska, Oregon, South Carolina, South Dakota, Vermont and Virginia have also passed laws related to data privacy. It’s highly likely that additional legislative measures will be passed in 2019 at the state and possibly even at the federal level.
We all know that Facebook, Twitter, Snapchat and many other popular social media sites grab and store any piece of available data. Google does the same. eCommerce sites grab and store data too. What about the files you store on Google Drive or Dropbox, or the apps you use for business like Salesforce or Yammer? It’s your data, so you own it and control it, right? Not necessarily. If you read Facebook’s Terms and Conditions carefully, you’ll see that the company is allowed to gather and store photos, page visits, likes, and even your contacts list and your location. Since the data breach that exposed some 50 million users, Facebook contends that it has put measures in place to keep user data more secure. The verdict is still out on this one, but we expect that this topic of data ownership will continue to show up in the headlines in 2019.
Data Privacy for Mobile and IoT Devices
Mobile and IoT devices create a conundrum for many organizations. These devices can improve efficiency and allow for more flexibility, but they can also pose a serious threat to information security. IoT devices, in particular, often lack security. An unprotected or inadequately protected device could serve as easy access to an organization’s network, client or employee data or company IP. Given that Gartner forecasts that there will be over 20 billion IoT devices worldwide by 2020, we expect mobile and IoT related data breaches to remain a top data privacy concern in 2019.
Effective Data Privacy Measures
Attila Security’s GoSilent product works every day at protecting your data when using the Internet, something that should be a key component of any data privacy solution. Our innovative security technology protects all endpoints (e.g. desktops, laptops, smartphones, connected printers and IoT devices that are connected to corporate IT networks) from cyber threats. GoSilent’s technology keeps data private and helps organizations comply with data protection regulations – it works seamlessly even for non-technical users. Learn more about Atilla’s products and solutions.