More than 533 million Facebook users now have a concern more worrisome than the posting of an embarrassing photo or silly cat meme. Their personal information was stolen from the social media site and recently leaked on a popular hacker forum.
The leak, which was first confirmed and reported by Insider, provides users’ full names, phone numbers, email addresses, and biographical information to hackers of all abilities to leverage for ill-gotten gain. Security pros believe the personal data will fuel hackers’ fraud efforts and strengthen their attempts to impersonate unsuspecting people.
Once again, Facebook and other digital platforms seem less appealing and useful because of their inability to protect the privacy of users. It’s not the first time the personal and sensitive information of users and organizations was put at risk, and it certainly won’t be the last time. As CISOs and other security-minded business leaders continue to wrap their heads around the so-called SolarWinds hack—a massive cyberattack last year that the U.S. government believes was the work of Russia—they last month also had to contend with a second intrusion on a popular cloud service: Microsoft email.
At least 30,000 Microsoft Exchange customers might have had digital assets compromised in a security hit that is suspected to have originated in China. When added to a long, running list of such breaches over the past two decades—a roster that includes many household names—the SolarWinds, Microsoft, and Facebook hacks are yet more reminders of the value and importance of data privacy.
THE NEXT BREACH IS A MATTER OF “WHEN” AND NOT “SHOULD”
Data privacy isn’t a software function, a button you can press to make everything right. No, data privacy requires the creation of a top-to-bottom culture of data security that’s reinforced by a data-protection platform that simplifies the work of policy management and administration. When organizations can make sense of all the data they create and share, and then have a clear perspective on which data is sensitive and needs to be protected, only then can data truly be called private—and, thus, effectively useless should it ever be accessed in a breach.
Unfortunately, it isn’t actually a matter of “should”; it’s the reality of “when.” A Dell survey in 2020 showed that 63 percent of businesses had suffered a breach within the past year. And in a tacit admission that cyberattacks are hard to stop, the U.S. government is rethinking how it conducts cybersecurity. With intelligence agencies failing to detect the SolarWinds and Microsoft hacks, some government officials are considering asking private cybersecurity firms to help anticipate attacks on the digital assets of American businesses and consumers.
In the meantime, organizations need to understand cybersecurity truly is their responsibility and that no two breaches are alike. How well an organization survives a breach depends on how well it protects sensitive data and ultimately respects the privacy of its customers, clients, and employees.
With data privacy as a top priority, businesses can no longer ignore their obligation to preserve sensitive information. Data privacy is not just a matter of due diligence—it is just plain good for business.
DATA PROTECTION, AND PRIVACY, CAN BOOST THE BOTTOM LINE
The sharing of data, when it’s properly protected, can lead to gains in retail, finance, healthcare, academia, energy, and other industries. Public data helped deliver COVID-19 vaccines, for example. A laboratory in China sequenced the novel coronavirus and publicly released the data, allowing laboratories around the world to develop vaccines based on the genome sequence. Protected data has also enabled retailers, such as Walmart, expand online sales to homebound customers who don’t yet want to venture into stores.
When properly managed and protected, data transforms organizations from engines that could to engines that can innovate, satisfy customers, lead markets, and command the attention of Wall Street. Organizations that have been ahead of the privacy curve can testify to the gains they’re making with data because of the confidence they have in its protection. Seventy percent of organizations surveyed by Cisco said they have seen “significant” business benefits—including operational efficiency, agility, and innovation—from prioritizing data privacy. Cisco also found that GDPR-ready companies have shorter sales delays—roughly three weeks as opposed to more than five weeks for those that aren’t compliant—because they’re actively addressing data-privacy concerns.
COMPLIANCE SETS THE TONE
The underlying thread to that success is data protection and, thus, data privacy. The demand for data privacy has never been greater and it will only continue to grow.
Consumers don’t mind sharing their personal information for sales, marketing, and other commercial purposes, as long as the organization that uses their data respects individual privacy. Governments, meanwhile, are ensuring data privacy becomes a way of business. More than a dozen U.S. state governments are currently drafting or are about to vote on compliance legislation that codifies privacy, building upon a foundation of established regulations such as GDPR, HIPAA, PCI DSS, and Sarbanes-Oxley. One of those states, Virginia, in February passed a data privacy law, the Customer Data Protection Act (CDPA), that experts say hews mostly to the California Consumer Privacy Act—a widely applauded privacy initiative that took effect in 2018—but differs from California’s law in that only the Virginia attorney general can enforce violations, leaving consumers in that state no private right of action.
Those distinctions are among the maybe thousands of differences between privacy laws. It’s a lot to keep track of. By partnering with a data-protection provider, companies are relieved of the burden of compliance. A comprehensive data-protection platform continuously classifies and discovers data so that sensitive data within the scope of regulations does not go undetected. Such a platform centralizes the management and enforcement of data-security and privacy policies to ensure sensitive data is consistently protected and aligned with regulations.
PROTECT THE POWER OF DATA
Much is made of the power and potential of data, so it’s no surprise there is widespread support for codifying how it is used and secured. Protected data allows organizations to pursue—without worry of running afoul of regulations—AI-supported analytics and machine learning, DevOps and containerization, IoT, and many traditional digital applications for sales, operations, customer satisfaction, development, production, employee productivity and engagement.
Indeed, the need for a comprehensive data-privacy plan is here to stay, both because it’s both the right thing to do and it is good for business.