Encryption in the spotlight: what can businesses do to enhance data privacy?

Businesses should take a proactive course of action. Ultimately defending privacy is good for customers and good for business.

The events of the past month have pushed data privacy firmly to the top of not just the technology industry agenda, but also the political agenda. 

In the UK, the Government has been in conflict with the technology industry ever since David Cameron’s ludicrous call for a “ban” on encryption. However, in the last month the Prime Minister and Home Secretary have doubled down on this objective, demanding back door access to social media services such as WhatsApp - despite widespread doubts as to whether the policy is even practicable.

In the US too government agencies have been in the spotlight on data privacy - and these examples are perhaps even more alarming. Not only has the CIA has been under pressure following revelations regarding its efforts to circumvent online encryption methods, but at the start of March FBI Director James Comey also declared that “there is no such thing as absolute privacy in America”. 

Comey’s remarks in particular have been taken extremely seriously by those involved in the data security and privacy sector. He has effectively called for an end to data encryption which is a very worrying situation for businesses - and their customers - as well as private individuals. It means that anyone storing data in a US data centre has absolutely no guarantee their data is private or secure.

Even before these latest developments America’s reputation on data privacy issue was severely tarnished, despite the fact that over 35 per cent of the world’s public computing is conducted in the USA, with data giants such as Google, Microsoft and Dropbox locating many of their servers around the country. In Artmotion’s own international data risk index, the US not only fails to make the top ten safest nations, but also fails to fall within the top 25, ranking at 38th, behind Slovakia, Bahrain and Uruguay for example.

The Trump effect

It remains to be seen how far the US government agencies will go in clamping down on data encryption, but based on Comey’s statement it does not look like they are going to relent. As a result, I would expect the US to fall further still in the global rankings.

Considering the sheer volume of data that is physically stored on American soil, this is extremely troubling. And it seems that it is no longer just security experts that are concerned. Now the majority of average citizens also agree with the assessment that storing data in the US is a significant risk and our latest research suggests that citizens are rapidly, and perhaps rightly, losing faith in the US government’s ability to protect online privacy

The research, conducted in March, found that over 50 per cent of UK and US citizens feel that online data privacy is less secure since President Trump was elected. Nearly a quarter of (24 per cent) US citizens also said they are now most fearful of their own government when it comes to online surveillance, compared to 20 per cent that said Russia was their biggest concern and 15 per cent that said China. This is a significant shift from Artmotion’s previous research in 2015 when both China and Russia were considered bigger threats by US citizens.  

Of course governments claim that they are simply acting in the interests of enhancing national security measures. However, this is often in direct opposition to the needs of business, where data privacy is integral to both a company’s internal and customer operations. While the policies may be well meaning, for businesses and individuals it poses a serious problem. Indeed, our own research shows that 1 in 5 IT decision makers would not support any reduction in encryption technology – even for the sake of national security.

Regardless, in the short term the data privacy stakes have been raised once again and it seems that governments around the world will continue to pursue these anti-encryption policies. Therefore, more than ever, if you are serious about keeping your data truly safe, it is important for businesses and individuals to understand the impact that location can have on the privacy and security of their data.

Migrating to 'safe havens'

In the age of cloud computing, it’s easy to forget that every piece of information stored still requires a physical home, and that the geographic location of that home can have a serious impact on data privacy. Consequently, the legislative environment of a country has a huge impact on the privacy and security that can be guaranteed by any data hosting company.

Rather than continue to rely on countries where data privacy is being chipped away, businesses need to take stock of where they are storing their data and consider moving their data out of the US to a data ‘safe haven’. For example, Switzerland offers businesses and individuals significant advantages for data privacy and security, since it is beyond the jurisdiction of both the EU and US governments.

Despite increasing complexity, data security is now firmly on the corporate agenda as businesses lose faith in the ability of many providers to protect their data and these latest developments on both sides of the Atlantic are likely to shock many more enterprises into rethinking their approaches. 

Unfortunately, it is still too often the case that businesses choose to treat data security as a lower priority until they are the victims of a security issue. Instead, I would encourage businesses to take a proactive course of action. Ultimately defending privacy is good for customers and good for business.

Mateo Meier is a data privacy expert and CEO of secure Swiss data centre Artmotion
Image Credit: Artmotion