How To Protect Your Business Against Privacy Invasions
In the past, corporate espionage and theft of intellectual and physical property were among the top security concerns for businesses, now the Internet of Things has its own security threats, and with net connectivity championing most of today’s business functions, the risk is high.
This week CEO Today hears from Hamza Khan, Founder and CEO of Suburbia, on the potential considerations to make when protecting your business or organization’s private data and operations.
As data breaches grow in scale and severity, they have become the priority in every business’ security agenda. A raft of recent and ongoing data breaches that have slammed corporates and technology companies, such as British Airways, Marriot, Google and Equifax demonstrate that companies which collect and store user data – even with the best intentions and technology – are struggling to conduct proper due diligence, and failing in their responsibility to protect the personal information of users from malicious intent.
However, it’s not only protecting against the event of a data breach which could help prevent your company from ending up in trouble. The use of data by unregulated third parties has resulted in a new way that companies, whether knowingly or unknowingly, could end up on the wrong side of the law.
Traditional data gathering biggest threat to a corporation
Traditional data gathering is one of the biggest threats to an organisation’s security and reputation. Methods involving mining, scraping and analysing vast amounts of personal data from day-to-day business operations, to inform marketing and advertising campaigns, are putting companies at risk.
In recent years, some traditional data companies have shared access to their users’ personal data with a lack of controls in place, resulting in violations and heavy fines. The unprecedented $5 billion fine received by Facebook by the US government due in part to the Cambridge Analytica scandal, demonstrates the extent of the problem and lifts the lid off the way that companies have been mishandling data – even if they are not the ones using the data for unlawful intent.
So why should corporations care about personal data- it’s not company data, right? Wrong. If personal data is extracted from business operations and misused by third parties, companies are at risk of non-compliance and penalties. However, it’s not just the legal and financial risks that companies have to worry about – non-compliance could also cause long-term damage to something far more significant: their reputation. This is most pertinent in light of GDPR regulations, which mandate that all companies holding personal data must inform individuals that it has data on in case of a data breach.
If personal data is extracted from business operations and misused by third parties, companies are at risk of non-compliance and penalties.
Communicating ignorance will not protect your company
It’s no longer good enough for businesses to communicate their ignorance in the instances of breaches or mishandling of data. All those who are involved in the collection, dissemination, processing and storage of sensitive personal information must take accountability as part of the wider data ecosystem.
At the same time, no number of tools or applications will fully protect against future data breaches and violations, as long as business models are dependent on using personal data.
How companies can reduce the threat of privacy invasions
Firstly, as a way of protecting customer data from being compromised in the short term companies need to fully understand their privacy obligations, and that they have the right crisis response plan in place if a data breach does occur.
Secondly, companies need to take ownership of data management. According to Deloitte (2017) 44 percent of companies say that there are no clear accountabilities for data management or defined data processes and procedures.
Thirdly, in overcoming issues around privacy, it’s important to make a greater distinction between selling data for people and selling data about people. We will see a shift in the industry from leveraging personal customer data to using non-personal, anonymised data. A company that can find and create value through non-personal data, that’s not predicated on compromising the privacy of its users, can build a lucrative yet sustainable business.