As Facebook’s Mark Zuckerberg testifies during Congressional and Parliamentary hearings about his company’s business practices and consumers begin to wake up to the reality of how much of their personal information has been collected and mishandled, privacy researchers and developers are finally being listened to.
In her New York Times article, “After Cambridge Analytica, Privacy Experts Get to Say ‘I Told You So’,” Nellie Bowles writes how the scandal swirling around Facebook and Cambridge Analytica has ushered in a new era for this once-ignored community of privacy researchers and developers. “After years of largely disregarding their warnings about exactly what companies like Facebook were doing — that is, collecting enormous amounts of information on its users and making it available to third parties with little to no oversight — the general public suddenly seemed to care about what they were saying.”
That’s why “Privacy by Design,” a decades-old application design and development strategy, is now being discussed as a foundational strategy for entire organizations, according to Heidi Maher in her Forbes article, “Privacy by Design is Important for Every Area of Your Business.” It’s also why some companies, like Apple, are using their reputation for being very protective of their customers’ private information as a differentiator in the market, as pointed out by Engadget reporter Richard Lawler in his article, “Tim Cook Outlines Apple’s View on Privacy, Encryption in MSNBC Interview.”
“The only way to protect your data is to encrypt it,” says Apple’s Tim Cook. “If I were you, I would do business with no one that wasn’t doing that.”
With privacy becoming such a prominent topic in both our personal and professional lives, it couldn’t hurt to learn more about the “digital privacy paradox,” in which people express concerns over their privacy but then act in ways that undermine these beliefs. In “Data Security: Research on Privacy in the Digital Age,” Chloe Reichel from Journalist’s Resource reviews research on this topic — consumer attitudes toward digital privacy — as well as studies of the supply-side — that is, research on the practices of app developers and other tech companies that shape data collection and use policies.
What are you doing to get a better handle on the privacy debate? We would love to hear from you. In the meantime, here’s a roundup of other top data security stories making headlines or providing insights for the week ending April 13, 2018:
“IT Teams Take Big Data Security Issues into Their Own Hands,” by Craig Stedman in TechTarget: Data security needs to be addressed upfront in deployments of big data systems — and users are likely to find they have to build some security capabilities themselves.
“Data Integrity Protection Spurs Greater Security Spending,” by Ron Karjian in TechTarget: As hacking, ransomware and malware attacks mount, companies place big data protection and integrity among the primary reasons for increased spending on security software.
“Cloud Adoptions are Surging, and So are Related Data Threats,” by Bob Violino in Information Management: According to a new study, the top three cloud security challenges are protecting against data loss and leakage (67 percent), threats to data #privacy (61 percent), and breaches of confidentiality (53 percent).
“Businesses Calculate Cost of GDPR as Deadline Looms,” by Kelly Sheridan in Dark Reading: New research highlights the steps organizations are taking to adhere to GDPR regulations, how much work they have left, and what this wave of changes is costing them.
“Facebook Urged to Make GDPR its ‘Baseline Standard’ Globally,” by Natasha Lomas in TechCrunch: Facebook is facing calls from consumer groups to make the European Union’s incoming GDPR data protection framework the “baseline standard for all Facebook services.”
“Zuckerberg Hearings Get Congress Weighing EU-Style Privacy Regulations,” by Laura Hautala in CNET: Congressional hearings with Facebook’s Mark Zuckerberg get lawmakers talking about European-style regulations for companies collecting and using consumer data.
“Countdown to GDPR: Part 1 — Essential Structures for GDPR Compliance,” by the IAPP in its Privacy Advisor blog: Nine data protection experts from Germany, Belgium, The Netherlands, Italy, U.K., U.S., Luxembourg, Sweden and France discuss how they are helping their clients reach GDPR compliance and emphasize some of the structures businesses should put in place to avoid a crippling fine.
“FTC Punishes Children’s App Company for Not Playing by the Rules,” by Michael Barry in SC Magazine: Along with the $650,000 fine, the FTC ordered VTech to take additional corrective measures and implement a comprehensive data security program that will be subject to independent audits for the next 20 years.
“Security Attacks are Rising in Sophistication and Effectiveness,” by Joseph Goedert in Health Data Management: An annual cross-industry survey by Verizon shows that the sophistication of cyberattacks from outside the walls of institutions continues to rise, and the results can be particularly devastating to healthcare organizations.
“Virtua To Pay NJ $418,000 for HIPAA Violation,” by Fred Donovan in Health IT Security: Virtua Medical Group has agreed to pay a $418,000 fine in a settlement with the New Jersey government over allegations that it failed to protect patient data of more than 1,650 individuals, resulting in a HIPAA violation.
“GAO Raps CMS for Lax Healthcare Data Security in Medicare,” by Fred Donovan in Health IT Security: The Centers for Medicare and Medicaid Services (CMS) is lax in its oversight of healthcare data security when it comes to Medicare beneficiaries, particularly for sharing data with researchers, warned a government watchdog agency.
“TED 2018: Technology Reveals Fear and Other Emotions,” by Jane Wakefield in BBC News: While many are considering cutting down their digital footprint, one researcher is urging the opposite approach to create empathetic technologies that can respond in a more human way and improves our lives.
“Mark Zuckerberg’s Congressional Testimony Reflects the Importance of Data Security,” an editorial by the Dallas Morning News: Whether consumers give data to social media companies or as part of an application for a credit card or checking account — or provide required information for a surgical procedure — the companies that possess and use the data have a responsibility to make sure that it remains protected.
“Oyster Cards, Passengers’ Privacy and Data Protection Laws,” in a letter to the editor of The Guardian, Transport for London’s chief data officer Lauren Sager Weinstein explains what happens to its customers’ information.
What was your favorite data security story this week?