After watching this video of a Singaporean Politician’s Scathing Smackdown of a Facebook Executive for Trying to Evade Questions, business leaders would be excused for believing that governments around the world are done giving companies that profit off their users' personal data the benefit of the doubt when it comes to data privacy. The message is clear: better protect user data or be regulated out of existence.
That may be the wrong way to look at the current state of affairs. As Conor Sen argues in this Information Management opinion piece, “Data Regulation Could Power a New Era of Tech Growth,” part of the maturation process of any industry is regulation that suits its activities, and the gains from a safer, more trusted technology sector could quite plausibly outweigh any losses.
Take the growth of the credit-card industry decades ago as an example. “The industry fought regulation that imposed limits on how much cardholders could be liable for in the case of fraud or theft, but after the industry lost that fight and consumers had some protections, plastic became the coin of the realm,” said Sen. “This would not have happened if the credit-card industry had remained a Wild West.”
A regulated tech sector will be different, but there’s no cause to assume it will be worse, argues Sen. “By curtailing some actions, regulations will encourage the public to go along with everything else the companies do — ultimately supporting this dynamic sector toward continued growth.”
Some may already be taking a more innovative approach to addressing increased regulations. As Help Net Security reports in “Compliance Functions Make a Turn Towards Innovation-Fueled Strategies,” many financial institutions expect to increase their compliance investments as they seek new approaches to strengthening compliance capabilities. An Accenture study revealed that the top spending priority for compliance officers over the next 12 months is technology transformation. Investments will be led with the implementation of new surveillance tools, with 49 percent of respondents planning to deploy these technologies this year.
Is your organization looking at data regulation as a drag on growth or as an opportunity to innovate? We would love to hear from you. In the meantime, here’s a roundup of other top data security stories making headlines or providing insights for the week ending March 30, 2018:
“Facebook Woes Continue as FTC Opens Data Privacy Probe,” by Lindsey O'Donnell in Threat Post: The Federal Trade Commission is launching an investigation into Facebook’s data privacy practices, bringing more fallout from a scandal where data from the social media platform leaked through a third-party app.
“The Facebook Privacy Breach: What it Can Teach Us About Privacy Threats Before GDPR,” by Sue Poremba in Security Boulevard: The Facebook/Cambridge Analytica situation has almost everyone re-evaluating several important cybersecurity issues. What constitutes a data breach? How do we exert more control over third parties and their access to data? And what are the GDPR implications?
“Privacy: Do We Need a National Data Breach Disclosure Law?” by Dallas Bishoff in Dark Reading: In recent weeks, both retailers and financial services firms have called on the U.S. Congress to create a federal data breach disclosure notification law that supersedes state data breach notification laws. They contend a federal standard would simplify compliance and make the threshold for disclosure clear to businesses and consumers alike.
“6 Steps for Organizations to Better Protect Customer Data,” by Constance Bommelaer in Information Management: Society needs higher standards for transparency and ethics when it comes to the handling of our information. Anyone who collects data must be accountable to their users and to society.
“3 GDPR Blind Spots to Avoid,” by Sarah Lahav in Venture Beat: Most companies today are at risk of non-compliance with GDPR, since few, if any, actually have full control over their customer’s data.
“How Measuring Security for Risk & ROI Can Empower CISOs,” by Vikram Phatak in Dark Reading: As we move to the future, CISOs and their teams will be asked to incorporate more data science, empirical evidence, and metrics to demonstrate the effectiveness of their security programs. CISOs must refocus on the right types of insights and data to drive effective decisions and actions.
“FTSE 100 Firms Fail to Share Security Plans,” by Phil Muncaster in Info Security: Most FTSE 100 companies are not being transparent with their board or the wider public about security strategy, according to new Deloitte research.
“Cloud Security Concerns Surge,” by Tara Seals in Info Security: While adoption of cloud computing continues to surge, security concerns are showing no signs of abating. After several years of a downward trend, 90 percent of cybersecurity professionals confirm they are concerned about cloud security, up 11 percentage points from last year’s cloud security survey.
“New York is Quietly Working to Prevent a Major Cyber Attack that Could Bring Down the Financial System,” by Brennan Weiss in Business Insider: With a lack of leadership from the federal government, New York is one of the first states to implement new cyber regulations. But even with the strictest cybersecurity regulations in the country, experts warn these efforts may still not be enough.
“Digital Innovation Held Back as IT Teams Firefight Security Threats,” in Help Net Security: A survey of over 200 IT executives working in capital markets, wealth management and corporate banking reveals that although 89 percent agree implementing a cybersecurity strategy is a top priority, budget cuts and staff shortages make implementing cybersecurity strategies difficult.
“Under Armour Admits 150 Million Myfitnesspal Accounts Were Hacked,” in Venture Beat: Under Armour said that data from some 150 million MyFitnessPal diet and fitness app accounts was compromised in February, in one of the biggest hacks in history. The stolen data includes account user names, email addresses and scrambled passwords.
“UK Govt Aims to Export Country’s Cyber-Expertise Globally,” by Phil Muncaster in Info Security: The UK government is aiming to capitalize on the rise in online threats to sell the nation’s cybersecurity expertise worldwide, despite heavy criticism in the past for its own security failings.
What was your favorite data security story this week?