Privacy and Security: Who's Ultimately Responsible?

By Daan Pepijn January 09, 2017

We bleed data daily.

Sites like Facebook and Foursquare, connected devices like smartphones, and the Internet of Things heralded by smart refrigerators, cars and FitBits – all these take our daily habits, our opinions and our impulses, generate a picture from the data, and send it out to the ether. Every single day.

Compromised privacy is the price we users pay for the convenience these services bring. But is the cost too onerous to bear?

In an ideal world, we can trust tech companies to keep our data safely under lock and key. But reality gets in the way: businesses, pranksters or criminals often take this data and use it to serve their interests, not yours.

Risks to Your Data

Some providers' terms of service give them carte blanche to share your data. Snapchat's TOS, for example, grant the company permission to “exhibit, and publicly display [users'] content in any form and in any all media or distribution methods (now known or later developed),” and to share the data with third parties. Spotify had to back down after releasing a privacy policy that granted them permission to collect GPS data, images and contacts from your smartphone.

Data leaks can also emerge when Moore's Law gives way to Murphy's. In Australia, a completely wiped iPhone continued to download the old owner's voicemails for the new owner to hear. Telstra, the telecom provider involved, has yet to get to the root of the problem - “They know what the symptoms are,” explained Richard Thornton, the iPhone's previous owner, “but they don't know what the cause is.” The greatest risk to your data security comes from the booming cybercrime industry. A visualization of  the world's biggest data breaches should make anyone nervous: a 2014 breach involving over 200 million personal records held by Court Ventures; a cyberattack at JPMorgan Chase that affected 76 million households; and $300 million in lost revenue due to a Russian hacking team gaining access to over 160 million credit and debit card numbers and reaching deep into the NASDAQ stock exchange itself!

Tech Companies Bear Responsibility

We can't put the genie back in the bottle. We want to keep the convenience of tracking our fitness and sharing LOLs on social media. We want to keep our data absolutely out of harm's way. But, we can't have both.

Tech companies must be primarily responsible for ensuring their users' data stay safe. Conscientious providers make use of protocols like HTTP/2 (where most client implementations take advantage of its mandatory encryption over TLS 1.2); and end-to-end encryption services (PGP for email; Tresorit for cloud storage) to keep their clients' data away from prying eyes.

As a growing amount of data courses through content delivery networks (CDNs), more providers now leverage these solutions as an additional layer of data security on top of their hosting infrastructure. For instance, on top of improving website access speed by caching content across servers in different parts of the globe, a CDN can act as a barricade against DDoS and other attacks on websites and Web applications.

What Providers Can Do

Far beyond dealing with infrastructure, providers also need to address the human factor – with actions as simple as restricting or controlling BYOD (bring your own device) policies and restricting access to individuals whose role in the organization do not require the use of sensitive data.

A 2014 report by McKinsey and Company sets out seven practices that optimize cyber resilience, or strength in the face of cyberattacks. These notably include performing a triage based on the risks and importance of assets, actively testing and deploying defenses, and integrating cyber resistance throughout the enterprise.

But the report asserts that the buck on data security ultimately stops at the C-suite: “Given the cross-functional, high-stakes nature of cybersecurity, it is a CEO-level issue, and progress toward cyber resiliency can only be achieved with active engagement from the senior leaders of public and private institutions,” it explains.

Growing Risk, Growing Liability

This is not to minimize the role of individual users in safeguarding their personal data – each of us is individually only as safe as our personal privacy habits allow. But with the data of millions of users on the line, tech companies are on the hook for all of them.

“The risk of consumer injury increases as the volume and sensitivity of the data grows,” explains Federal Trade Commission chairwoman Edith Ramirez – pointing out that leaky tech companies will answer to both their clients and regulators. “If they fail to secure the life cycles of their big data environments, they may face regulatory consequences, in addition to the significant brand damage that data breaches can cause,” Ramirez says. 




Edited by Alicia Young

Contributing Writer

SHARE THIS ARTICLE
Related Articles

4 Biohacking Facts You Should Know About in 2017

By: Special Guest    8/18/2017

When it comes to biohacking, a more recent development in science, it involves combining the idea of hacking with biology. In today's world, biohackin…

Read More

Rest Your Weary Fingers: Voice Activation is Coming to a CRM Near You

By: Special Guest    8/9/2017

We spend a lot of time talking to our gadgets these days. Whether we're seeking directions from Siri or weather updates from Alexa, speech is quickly …

Read More

Kevin Kennedy Stepping Down, Will New Leadership Help Guide Avaya Back into Prominence?

By: Erik Linask    8/7/2017

After more than eight years as Avaya's chief executive, Kevin Kennedy will be stepping down from that role as of October 1, 2017. He'll be replaced by…

Read More

Micro-CT Scans Allow Researchers to Study Live Insects in 3D

By: Kayla Matthews    8/7/2017

The things we don't know about the natural world could fill textbooks. That's why excitement is the most appropriate response when we discover new way…

Read More

Gogo Making Air Travel More Productive

By: Erik Linask    8/4/2017

Gogo created tremendous hype when it first enabled in-flight connectivity on American Airlines, back in 2008. But, anyone who has used in-flight Wi-Fi…

Read More