Silicon UK in Focus: Data Protection Day 2020

Today is Data Protection Day. Now in its 14th year, The Council of Europe created the Data Protection Day to raise the awareness of data security for individuals.

The 28th of January was chosen as this was the data Article 108 was signed. With continued high profile cases of data breaches, raising the awareness of data protection is more important for businesses than it has ever been. The ease with which personal data can be accessed and manipulated such as the Cambridge Analytica scandal places CIOs and CTOs at the forefront of protecting the personal data of their business’s customers.

This year’s Data Protection Day will see the publication of Guidelines on Artificial Intelligence and Data Protection which aims to help and support policymakers as they meet the challenges AI brings in a data protection scenario.

Minister for Foreign Affairs of Finland and Chair of the Committee of Ministers of the Council of Europe Timo Soini welcomed the adoption of the guidelines and said:

“Artificial intelligence brings benefits to our daily lives. At the same time, it is necessary to look into the ethical and legal questions that it raises. To ponder this, we have invited many high-level experts from all member states to a conference on the impacts of artificial intelligence development on human rights, democracy and the rule of law in Helsinki on 26 and 27 February that will allow us to exchange thoughts and knowledge.”

The first Council of Europe´s Stefano Rodotà Award has been granted to Ingrida Milkaite and Eva Lievens, for their work in a research project carried out at Ghent University, which investigates the privacy and data protection from a children’s rights perspective: A children’s rights perspective on privacy and data protection in the digital age.

The winners will have the opportunity to present their project at the next plenary session of the Committee of Convention 108 in Strasbourg in June 2019. To be awarded annually on the occasion of Data Protection Day, the Stefano Rodotà Award honours innovative and original academic research projects in the field of data protection.

On Data Protection day, Silicon UK speaks to Bob Canaway, Chief Marketing Officer, Privitar.

Bob he has more than 20 years of experience in both fast-growing startups and established companies. Prior to joining Privitar, he was CMO at Black Duck Software, an open-source security company, where he was part of an executive team that led the company to a highly successful exit in 2017. Bob previously held senior marketing and leadership roles at Intel, Nuxeo, Ektron, AspenTech and Tibco.

In your view, has data protection improved or eroded over the past year?

Awareness of data breaches and data privacy as a concern have increased dramatically over the past year. Companies are looking for ways to improve their internal systems and processes to meet the needs of their business while protecting their customers’ sensitive data.

New technologies to protect data have become readily available and are being adopted. But underlying systems and infrastructure are becoming increasingly complex. And malicious actors continue to become more sophisticated. The confluence of these factors is that although the potential exists for data protection to have improved, statistics would show that more data leaked than in any prior year.

Are CTOs and CIOs struggling to protect their systems and customers from data breaches?

It’s clear that not only the number but the magnitude of data breaches is increasing each year. Companies have implemented traditional approaches to data protection with uncertain effect. No wall is high enough. And no lock strong enough. Organisations need to assume data will leak and start looking differently at how they can both protect and manage sensitive data while they evolve their approaches to support the needs of the business.

How do you expect data protection to change as we enter a new decade?

We expect to see the conversation continue to evolve from security as a way to deter breaches to a more contextual method of managing data that includes both data security and data privacy controls. This will translate into protecting the data itself while in use wherever it goes as opposed to accessing and perimeter-based protections.

How is data protection tied to consumer confidence?

Companies who have data breaches suffer damage to their reputations. Media coverage paints them in a clearly negative light. Publicly traded companies can watch their share price decline. Although analyses are primitive, they clearly demonstrate that customer churn increases and customer acquisition slows for months to years.

Organisations need to implement technology and processes that reduce both the likelihood and impact of a data breach. This can include encryption, data de-identification and desensitisation, managing lifecycle of data used by analysts, and being prepared to quickly report to the public the personal impact (if any) in the event of a breach.

Where do you think new threats will occur, businesses must defend against?

As organisations take the first steps to better protect and directly identify information, malicious actors will increase their sophistication yet again. With the amount of data available to cybercriminals increasing, they will turn to linkage attacks to join disparate datasets stolen from multiple organisations to re-identify individuals and increase the effectiveness of other criminal activities, such as spear phishing.

What is your core advice to CTOs and CIOs who need to make their systems more robust?

When we think about the robustness of systems CTOs and CIOs need to consider not only the efforts used to protect and manage them, they also need to think about the ease of use and accessibility for those who need to make decisions or operate the business. Otherwise, it becomes difficult to use data or shadow IT can develop and make it more difficult to protect information.