Data Protection: Are You The Problem?

Your Digital Privacy – Whose Responsibility Is It Anyway?

Welcome to this blog post by one of PR’s data protection experts, under his pen name Fin McIntyre.

The main problem in the digital world right now is you. Cast your mind back (or, if you’re a millennial, imagine) to a time when the biggest risk to your personal information was leaving your wallet on the bus, not falling victim to cyber crime and having it sold off on the dark net.

Today’s reality would have seemed implausible when the vision for broadband was limited to clunky predictions of how it would deliver a multimedia platform (and let’s not elaborate on a perspective that also brought us Microsoft Bob). Few imagined what we would have in 2017.

If the Internet had never happened and we inhabited a simple connected world where services flowed in one direction and we were purely expected to consume, you would not be the problem.

Yet today we have social media, Android, Pokémon Go, augmented reality, graph data and even advertising displays with facial recognition. Similar to watching a reality TV show, hackers can now tune in to someone’s life: TechHive – Security-camera snooping made easy, thanks to the Shodan search engine and Hackaday – How has Amazon managed to make hackers love Alexa?

We’re trying hard to keep up with all the passwords we need, look for the little address bar lock sign in our browsers, keep track of our bank cards, and never to trust an email promising something that sounds too good to be true, or even one that doesn’t.

Meanwhile, on the Darknet…

While we’re busy with that lot, the underworld is merrily trading our personal data on the dark web for nefarious purposes, ranging from fraudulent commercial transactions to identity theft.

Many a privacy advocate will tell that oversharing will be your undoing. The main problem however is not social media, or augmented reality, or the graph data that led to our details on the darknet. Is the biggest betrayer of your data your own blind trust?

We can try to be careful, make the effort to create a different password for every website, think twice before clicking on links, and never reveal personal details to phone scammers. What we can’t know however is if our data is safe in the hands of the organisations we’ve placed it in.

Open your wallet (hopefully it’s not on the bus) and pull out any number of membership or rewards cards. Or think of your insurance or mobile service provider, or just about any company that insisted on having your home address, date of birth, blood group for whatever purpose [fill in excuse here].

We trust them with our personal information every day. Some we hand our details to willingly, some gave us little choice, and then there are those who obtained them without your knowledge or consent. All of these organisations have access to our details, and of course we hope they will take care of them and use them appropriately.

Despite this, there’s an expectation that we are ultimately responsible for the safety and privacy of our personal data. If you think otherwise, take a look at Kim Komando 5 identity theft myths you probably believe but shouldn’t or Bangor Daily News Don’t believe these 5 myths about identity theft.

Our Favourite Brands and Red Faces

Many of our favourite brands have suffered the embarrassment of a data breach and struggled to safeguard their customers’ personal information. Some of the breaches over recent years include TechWorld The UK’s 16 most infamous data breaches, Sports Direct, Three Mobile, Tesco Bank, Sage, Kiddicare, TalkTalk, Mumsnet and Morrisons supermarket.

The consequences of the data troves (massive databases held by large organisations) being compromised can be devastating to customers when it leads to loss of privacy, identity theft and exposure to fraud.

In our connected digital society, there are limits on what we as consumers can do. One could reach for a hundred remedies to ‘stay safe online’ but none will protect you from being forced to hand over your personal data. Once it’s out of your hands, you have zero control over what happens to it, and you certainly can’t protect it once it has been fed to a data warehouse.

Cybercrime has cast a darkening cloud over a landscape that five years ago, was already worsening at a rate of 1000% year on year BBC Technology – Data breaches 10 times worse, say ICO figures.

Under the UK’s 1998 Data Protection Act, the Information Commissioner’s Office has the power to issue limited fines and reprimands when companies step over the line. An alternative punishment is that some customers will vote with their feet, and of course reputation is beyond price – SC Media Research: Hacked companies could see customer exodus if breached.

There are calls for the Government to do more, and some think that the big corporations are not at fault when they are hacked, despite inadequate security and outdated practices. Some behemoths may even regard the relatively small fines as the cost of doing business; a tax on security incidents, or a breach tax if you will. One of the companies on the infamous breaches list continued to reward its CEO significantly more than the maximum penalty for failing to protect customer data.

The Future of Your Personal Data

The days of rampant, uncontrolled data collection are numbered. In 2016, the European Parliament adopted the long awaited General Data Protection Regulation (GDPR). Organisations across the globe that collect and/or store data belonging to European citizens were given two years to mend their ways and improve security.

From May 25 next year, you will no longer be the problem. You will not be responsible for sharing too much information with your friendly grocer, recklessly subscribing to magazines, purchasing luxuries such as home appliances, gaily purchasing insurance (okay, perhaps not), or even succumbing to the lure of a mobile phone contract – what were you thinking.

Loss of privacy is not an inevitable penalty for purchasing goods or services. Your data belongs to you and you will regain control. It will not be your fault if it is compromised. Thanks to the GDPR, reason and fair play are returning.

Perspective Risk’s experts help organisations with their security and can support their implementation of the GDPR. Read more here: GDPR Implementation.