Last week it was revealed that Facebook exposed data on 50 million of its users to Cambridge Analytica, a U.K.-based data analytics firm which worked for the Trump presidential campaign. With Facebook being such an integral part of the social media experiences of more than a billion people worldwide, there was a sense that this latest (but not the first) breach of trust would finally result in serious efforts to better protect the privacy of individuals using such services.
As Reuters reporters Salvador Rodriguez, David Ingram, and Douglas Busvine pointed out in their article, “Privacy Issues Emerge as Major Business Risk for Facebook,” Facebook faces substantial business risks from new European Union privacy rules set to take effect in May. This looming reality came into stark relief following the revelations that the controversial political consulting firm had improperly obtained personal data on 50 million Facebook users.
Big internet companies and small software developers alike are now likely to face scrutiny over how they share customer information in the wake of the scandal involving Facebook and Cambridge Analytica, according to Reuters reporter Paresh Dave in his article, “Facebook Scandal Could Push Other Tech Companies to Tighten Data Sharing.”
In their opinion piece for The Guardian, “The Facebook Breach Makes it Clear: Data Must Be Regulated,” Roger McNamee and Sandy Parakilas recommend that companies be ready for stricter data privacy regulations that are likely on the way following the Facebook scandal. McNamee, co-founder of Elevation Partners and Center for Humane Technology, also said in a segment on CNBC that companies like Facebook and Google, if they are smart, “will adopt GDPR practices globally because in the long run protecting users is the best thing for the business."
It’s clear ethics don’t scale, and it’s not just Facebook’s problem, according to an opinion piece by Paul Ford in Bloomberg BusinessWeek, “Silicon Valley Has Failed to Protect Our Data. Here’s How to Fix It.” He believes it’s time for a data protection agency in the U.S. like there is in Europe.
How do you think the Facebook scandal will impact your business? We would love to hear from you. In the meantime, here’s a roundup of other top data security stories making headlines or providing insights for the week ending 23 March 2018:
“Beware Marketers, the Consumer Data Collection Blowback is Just Starting,” by Larry Dignan in ZDNet: Deloitte found that 93 percent of consumers would want to delete their personal data held by various companies. Why? These consumers have little faith that service providers can secure it.
“Tech Firms are Driving Force Behind Investments in Cloud Data Security,” by Bob Violino in Information Management: Research found that 80 percent of technology and IT businesses get support from top management for cloud #security initiatives, more than any other industry surveyed.
“How Europe's New Privacy Law Will Change the Web, and More,” by Nitasha Tiku in Wired: Consumers have long wondered just what Google and Facebook know about them, and who else can access their personal data. But internet giants have little incentive to give straight answers — even to simple questions like, “Why am I being shown this ad?” On May 25, however, the power balance will shift towards consumers, thanks to the General Data Protection Regulation, a European privacy law that restricts how personal data is collected and handled. GDPR focuses on ensuring that users know, understand, and consent to the data collected about them.
“The Cost of GDPR Non-Compliance,” by Jacqueline von Ogden in Cimcor Blog: General Data Protection Regulation (GDPR) requires additional steps that data processors and data controllers must take to protect personal data, and disclose any data security breach to the public. GDPR regulators can impose large, monetary fines for those in non-compliance.
“Selling the Fear: Is GDPR the Next Y2K?,” by Matt Fawcett in JD Supra: Too many companies are focusing entirely on the specific issues of GDPR compliance, missing the bigger and more important challenge: the need for a new approach to data governance, including data security, sovereignty, and privacy.
“Fat Data: Get the Skinny on GDPR and Test Data Management,” by Jeff Hughes in SD Times: It’s time for organizations to take a close look at how their development teams are using sensitive data when testing. If a security breach occurs with any of your databases, even those used for testing, you’re going to attract the attention of regulators from all sides of the globe.
“Regulating for a Digital Economy: Understanding the Importance of Cross-Border Data Flows in Asia,” by Joshua P. Meltzer and Peter Lovelock in Brookings: While the economic and trade opportunity from connectivity and data flows are significant, governments are increasingly introducing measures which restrict data flows for privacy and security.
“Combining PCI into a GDPR Program,” by Michael Hill in Infosecurity Magazine: It may be a good idea to draw synergies between existing payment card industry (PCI) standards and the forthcoming GDPR to deliver a more holistic information security privacy framework.
“Crafting a Cybersecurity Strategy that Protects Revenue as Well as Data,” by Jeff Lagasse in Healthcare IT News: In the age of consumerism, how you react to a breach, relay information to patients, and interact with people can mean the difference between customer retention or an expensive mass exodus.
“Orbitz Hit with Data Breach, Info on 880,000 Payment Cards at Risk,” by Doug Olenick in SC Media: The online travel company suffered a major data breach possibly exposing the personal information associated with the owners of up to 880,000 payment cards.
“Breaches Missed, Companies Don't Know What They're Looking For,” by Phee Waterfield in Infosecurity Magazine: Less than half of IT professionals (48%) would be fully confident knowing a data breach had even happened, meaning that more could have taken place without their knowledge.
“Cybersecurity Challenges for the Boardroom: What Publicly Traded Companies Should Consider,” by Christopher P. Skroupa in Forbes: A Q&A with Steven Grimberg and Mark Ray, Managing Directors at Nardello & Co., a global investigations firm that, among other things, specializes in cybersecurity consulting, internal investigations and incident response.
“The Top 10 Digital Quality Engineering Trends Of 2018,” by Pradeep Govindasamy in Forbes: In the overall digital transformation phase, data security will continue to be a growing concern and dominate corporate decisions, high-level discussions and development strategies.
What was your favorite data security story this week?