5 Noteworthy Data Privacy Trends From 2015
By Greg Schulz
Over the course of 2015, there were a number of noteworthy data privacy trends that will likely shape how data management professionals will protect, preserve and serve data in 2016.
The fundamental role of data management is to protect, preserve and serve information within an organization. Over the course of 2015, there were a number of noteworthy data privacy trends that will likely shape how data management professionals achieve these objectives in 2016. The following are five important data management lessons that the industry learned in the past year:
1. Delayed Breach Detection
A number of high-profile data breaches occurred in 2015, many of which compromised the personal information of consumers. One such instance involved a prominent health care provider, which disclosed a major data breach that occurred in 2013 but was not detected until this year.
The lesson learned here is that without proper security protocols, breaches may not be detected in real time. Some advanced attacks may not be discovered for days, weeks, months or potentially even years. This underscores the importance of organizations investing in the latest data management tools so they can identify and prevent the most cutting-edge attacks.
2. Risky Third-Party Vendors
In another healthcare insurance breach, the personal information of more than 1 million patients was found in a public area of a large cloud provider. Media headlines proclaimed that the cloud provider leaked the data, but the fault was actually with a third-party service provider that accidentally placed the sensitive information in a public-access location.
Here, the lesson is that an organization's security is only as strong as its weakest third-party partner. Companies need to carefully vet third-party service providers to ensure adequate security procedures are not only documented, but strictly followed. Minimum security standards should be outlined in any service-level agreement between companies. Otherwise, 2016 may see more headlines announcing data breaches.
3. Biometric Data Breaches
Cybercriminals typically target credit card numbers, contact information, Social Security numbers, personal information and the like. However, due to new security features, many corporate networks now contain additional types of sensitive information for malicious actors to steal.
For instance, one government entity reported a data breach in 2015, saying it affected around 1 million people. However, that number has since grown to tens of millions of victims because the attackers accessed information of people who had completed security background checks. In addition to their contact information, certain victims had their fingerprint data and other biometric details stolen.
Given the shift toward biometrics for security and authentication, data privacy measures need to address the security of facial recognition photos, fingerprints, iris scans and other sensitive information.
4. Data Sovereignty
If it is not already an important part of an organization's records management policies, data sovereignty will play a key role in procedure changes in the coming year. Just as countries create rules for people within their jurisdiction, they also govern how data stored within the country's borders can be used. In October 2015, the Court of Justice of the European Union (EU) ruled that the long-standing Safe Harbor laws between the EU and United States were invalid.
The National Law Review explains that companies can no longer rely on their Safe Harbor certifications to transfer personal information of EU citizens into non-EU countries. Organizations that previously transferred data this way may have some big changes to make in terms of their international data security compliance.
5. Strong Data Offense
The best way to protect, preserve and serve data in the face of known and emerging threats is to have a strong data offense. To do this, companies should take note of and learn from past data breaches in their industries, then proactively create a comprehensive and secure data protection environment that does not hinder productivity. This last aspect is crucial, since employees are more likely to take shortcuts around data protection if the procedures slow down their workflow.
Some key considerations for a strong data offense include encrypting data while it is in transit and implementing two-stage authentication procedures across the organization. Companies should also leverage robust, easy-to-use identity management tools to keep information safe while enabling productivity. It is also essential to analyze past network activity for signs of previous data breaches and proactively monitor data activity for any abnormal signs that may indicate an attack is imminent.
If there is one overarching lesson to be learned from 2015 data privacy trends, it is that any organization, regardless of size or focus, can be vulnerable to security risks. Companies need to learn from past data management trends and keep up with the latest security standards and regulations if they want to ensure their valuable assets are properly managed in years to come.
Data Privacy Day is coming up January 28th. Learn seven steps you can take to help keep your data safe.