Data Protection Day 2016: Advice and insight from the pros

Today is the 10th annual Data Protection Day, a day to promote the privacy and security of information and highlight the importance of improving education around cyber threats and data security.

To mark the occasion, various industry professionals have offered their insight and advice for both companies and consumers.

Raj Samani, CTO for Intel Security EMEA:

"As a society, we continue to be in a state of conflict when it comes to data. On the one hand, we're often outraged over regular news around data breaches, while on the other hand we think nothing about trading our identities for a chocolate bar or less, often volunteering intimate data such as medical or financial information.

"In 2016 we're only going to further see the exploitation of people's data and the expansion of what we call the 'data economy', especially as the Internet of Things becomes part of our day-to-day lives with smart homes fast becoming a reality. Data Privacy Day serves as a reminder for us as a society to wake up to the fact that what an organisation knows about us is among its most valuable and marketable assets. It's time we stop declaring ourselves 'data bankrupt' - what we're doing when we assign zero value to our information, buying patterns and preferences.

"When we think about our data and where it's going, who is using it and what we're giving it away for, we need to be even more cautious and hard-nosed about entering into data transactions by driving harder bargains and asking ourselves smart questions such as 'who our data will be shared with and how it's going to be protected'."

Richard Anstey, CTO EMEA, Intralinks:

“While cyber-attacks are getting more commonplace, human error is still a huge problem and causing a significant number of data leaks. Many employees bring bad cyber-security practice from home into the workplace, and businesses don’t realise the implications that bad security habits can have on an organisation.

“Educating the workforce is as critical as implementing technology solutions to manage data flows, especially when handling very sensitive information, such as intellectual property. It is not financially viable - or legally sound - to focus solely on technology, process, or employee activity individually, because all three are important. There’s no silver bullet. New regulations like the General Data Protection Regulation (GDPR) are likely to accelerate this process in the next two years in an attempt to protect personally identifiable information (PII) flowing in and out of Europe. A recent survey by Intralinks and Ovum revealed that more than half (55 per cent) of businesses said they are planning new training on the GDPR for their employees, but worryingly, over half of them (52 per cent) also expect to be fined.

“If we want to take back control of our data, we need to start by ensuring businesses know what value their data has, where it flows across the world, where it is encrypted and how it’s being used by its employees. Only then can organisations make informed decisions about how to manage and secure data appropriately. For this reason, you’ll see more Chief Privacy Officers on executive teams in the coming years."

Greg Hanson, vice president of business operations at Informatica:

“We barely go a week without news of a new security flaw exposing customers’ personal details. In an age where customer experience is king there’s now nowhere to hide for the organisations that fail to adequately mitigate the risks to sensitive data.

"UK consumers are expressing clear concern regarding data protection. Recent research reveals that over half are reclaiming access to their personal data and plan to share less with brands and organisations over the next three years. While a third say nothing could incentivise them to share data at all.

"By adopting strong data governance practices that ensure the delivery of trusted, secure data, organisations can begin to satisfy regulatory demand and eradicate customer fears. However, if organisations want access to personal data in the long-term it will require a trust trade-off. Consumers are increasingly putting a price on their personal data, only willing to share it for discounts or free services like Wi-Fi. Businesses are increasingly competing on customer service where price is no longer a viable battle ground. As such, purchase decisions will be more heavily influenced by how trustworthy an organisation is, the investment it has made into data security and how it acts in the event of a breach.”

“The organisations who master data protection and transparent communication will be the ones that succeed in their aim to turn the tide on consumer trust.”

Eduard Meelhuysen, VP EMEA at Netskope:

“Over the past twelve months, data breaches have continued to hit the headlines and data security concerns are at an all-time high. This is underlined by the upcoming ratification of a new European law, the European Union General Data Protection Regulation (EU GDPR), which is expected to be finalised around the same time as Data Protection Day 2016.

“The EU GDPR will require organisations to take adequate measures to ensure the security of personal data, and applies to any business operating in the EU – regardless of where it is based. As a result, 2016 will see major organisational manoeuvring as businesses rework data storage and sharing to ensure they are not in breach of these regulations. Data Protection Day serves as an important reminder to us all to remain vigilant and turn any data security concerns into action.

"Businesses can – and must – take steps to protect their data. Careful planning, clever policy setting and enforcement, and staff coaching can all mitigate risk, but businesses must implement these actions now to ensure the appropriate level of protection is in place before it is too late."

Nigel Hawthorn, chief European spokesperson, Skyhigh Networks:

“Britain will be observing data privacy day today but, as the draft Investigatory Powers Bill shows, the UK is failing to put privacy rhetoric into practice. When you compare our recent encryption policies to the likes of the Netherlands, which recently said no to encryption backdoors, it’s clear which country is walking the walk as well as talking the talk.

“28 January is an iconic date because it marks the anniversary of the opening for signature of the Council of Europe's Convention 108 for the protection of individuals with regard to automatic processing of personal data. For 35 years the treaty has been considered the cornerstone of data protection.

"Yet, with a draft surveillance bill that doesn’t specifically state that companies won’t have to weaken their encryption for the authorities, consumers arguably have even less say today about how their data is being used.”

Image source: Shutterstock/Maksim Kabakou