Tuesday, April 10, 2018

Talk about Data Protection is EVERYWHERE. Best thing to do...get educated, ASAP.

Last Wednesday we posted a blog about Data Protection (AKA Data Privacy as we say here in America). Whether you are talking about Facebook’s latest and greatest scandal or talking about the EU’s recent General Data Protection Regulation (GDPR) going into effect on May 25 (DON’T PANIC), you’d better understand what people are talking about. The buzz about data security is everywhere, and whether you acknowledge it or not, it directly affects us all.

Even just last week, I had an opportunity to attend a major Data Protection Conference in Washington D.C.’s Marriott Hotel. I sat in on the 4-hour discussion about the implementation of GDPR. One of the attendees was a member of British Parliament herself. The basic discussion went a little something like this:

What is GDPR? Adopted April, 27 2016, and enforceable May 25, 2018 GDPR is the European Union’s regulation on protection and free flow of personal data.

What is “Data Protection”? The process of safeguarding important/personal information from corruption, compromise, or loss. 120 countries have data protection laws and 30 more have bills in place...the United States is not one of them.

Why is Data Protection relevant to today? The importance of data protection increases as more information is collected on tech platforms and transferred through the internet. That information is then categorized into data and stored. Complexity arises in the relationship between the transfer and dissemination of that information to and amongst businesses (controllers and processors) and public perception/expectation of privacy or transparency with the usage of that information, which up until now has been lacking due to the political and legal underpinnings of that information.

Who does GDPR affect? GDPR will directly affect all 28 EU member states plus 3 EEA member states. Local implementation will also take place for members who are late to the party. In a global scope, GDPR sets a precedent that affects us all.

Is GDPR possible to implement in the U.S.? The key thing to understand here is that when laws are enacted in the EU they are quicker to pass through legislation. EU parliament implements regulation as a framework among all member states so it applies to all business and industries across the board, as opposed to the United States where we mandate regulation sectorally. Why? We’ll for one, complexity. We have a large and highly diverse country consisting of 50 states all abiding by different local laws and regulations, coincidentally tailored around industry clusters. Second, touching on “coincidence”...thinking about the amount of money that is passed around from big business to government, it sure makes things “coincidentally” convenient for those business clusters of major US conglomerates to not have to abide by certain regulatory standards. One time at a speech about the problem of bribery in Russia, I raised the question, “If bribes are called gifts in Russia and they are considered a problem, what is the difference of that and lobbying in the United States?” The speaker gave no answer.

The underlying matter of what we are all talking about here is risk and exposure. On the consumer side, if your data is not protected YOU are at risk. Risk of being hacked, risk of having your identity stolen, risk of being blackmailed...to name a few. The exposure is the dire outcome of that threat. You go from having $100,000 in your account to having $0 (hack), you found out your suddenly existent other persona just got caught smuggling drugs across the Mexican border (identity theft), or someone has proof of your affair and they’re asking for 1 million dollars in return for their silence (blackmail).

So what is the overlap between Neztec and data protection? How does advanced visual communication help with defense mitigation? How can the dissemination of information in the area of compliance and regulation help create awareness? Well, that’s your answer right there. If the root of exposure comes from a lack of awareness, the solution is to educate the individual. Dissemination of messages in the form of visual communication is more effective for creating an aware group of people. And if we want to defend companies against the threat of exposure, in this case repercussions from leaked information, we need to ensure that their employees are informed effectively; just like the everyday person needs to be aware in order to defend themself against getting hacked. Educate, create awareness, heighten your defense. The approach is the same. The end result is in the way you play the game.

Written by Charlotte Whiteman - Defense Mitigation & Remediation Advisor
Neztec Solutions Inc.

For more information, email at charlotte.whiteman@neztecs.com

No comments:

Post a Comment