We seem to be blasé about our use of personal information in the modern world and share data freely with one and all with little regard to any possible consequences. There are more than 100 million Alexa devices in our homes, for instance, listening in to our conversations every day.
Our use of Gmail too is routinely used to pick up on conversational keywords to sell goods and services back to us. It is an attempt to anticipate and monetise our conversations that has become routine across so many apps. Many of us have accepted it as part and parcel of modern day living.
But data protection becomes even more complicated as the world becomes increasingly isolationist. Brexit is just one example of a tumultuous, global political landscape that could have impacts on the privacy and protection world.
Whether becoming more isolationist or trying to be more of a global player, how countries regulate data will change. The tensions between the US in its stance on Chinese telecoms company Huawei is just one example of how global tensions can spill out and change relations between nations when it comes to data and privacy.
Trading in data
Data protection policies are fragmenting, leading to a patchwork quilt of data protection models across the world. The French independent regulatory body, the Commission Nationale de l’Informatique et des Libertés, has mapped the regulations and protections that apply to countries around the world.
It shows how data in Europe, blanketed by the General Data Protection Regulations (GDPR), is heavily protected. Other areas of the globe, particularly Africa and large parts of Asia and South America, are relatively unprotected in terms of data privacy laws.
This becomes an issue when data is so wrapped up together. Companies run multinational operations and operate IoT devices throughout the world. Today, almost everything is connected and ‘smart’, whether that be smart TVs, smart thermostats, smart security systems, smart…everything. It’s very easy for data from a regulated jurisdiction to be misused in a region where such protections just don’t exist.
Today, data is no longer just data. A perfect storm of protectionism and the advent of data as an internationally traded good requires business leaders, and politicians for that matter, to regard data as part of the supply chain. It should be subject to the same trade and regulatory patterns.
Free-market data
It’s widely accepted that free markets stimulate growth and in the past decade an unregulated data environment increased world GDP by 10% ($7 trillion). The implementation of GDPR will put the brakes on the market and will reportedly cost the 27 nations of the EU more than $200bn, equivalent to 1.3% of GDP, primarily due to lost productivity and research.
For many, this increasing sense of isolationism is hampering the global growth of data centric businesses. Historically, the free data exchange has enabled the internet to work seamlessly and become a global trade route.
What we do know is that the widespread adoption of personal computers, smart phones, the internet, e-commerce, smart devices and social media did not arrive with a parallel understanding of privacy fundamentals. Users and businesses need to know what to do to protect themselves, above all else.
Essentially, the buck stops with businesses; they need to adjust and honour the responsibility they owe when they start compiling, analysing and / or selling user data. This is tricky, particularly when it comes to financial, health, e-commerce and social media as privacy and data protection can clash with an organisation’s business strategy.
Businesses will all need to understand the concept of personally identifiable information, and why serious steps are needed to protect that type of information. They need to be aware of the different types of regulation and how it obligates organisations to behave. They also need to engage in dialogue with key stakeholders to understand expectations and learn about best practices that go with data provenance.
Protect yourselves
It is incumbent upon businesses, and the individuals that work for them, to equip themselves with enough knowledge to take appropriate data safety precautions. This is especially true in an isolationist world where data privacy regulations vary so enormously from one jurisdiction to another.
A few simple steps can help users get started on improving their data privacy regime. These include:
- Check and adjust privacy settings in the privacy / security settings on browsers, social media apps and on mobile devices. That includes the device’s operating system, wireless carrier extensions, and the apps installed on the device.
- Adjust security settings on every ‘smart’ device. If it’s connected to the internet, users need to understand and adjust its privacy settings
- Clear cookies on a periodic basis, or even better, turn them off
- Pay attention to what the browser vendors provide in the way of privacy and security – keep in mind that when users ‘log in’ to applications, web site, or service, then the browser, and potentially the browser vendor, know what they are doing
- Back up important data with strong encryption or through cloud services that promise privacy, security and redundancy
- Pay particular attention to health and finance data – they are likely targets for organisations or bad actors looking to learn more about an organisation
- Use appropriate passwords, two-factor authentication, and password managers for common sense protection
- Unplug when you can. The best way to protect privacy is not create data a company doesn’t want to fall into the hands of others
The list may seem daunting but don’t despair. Investing a little time and common sense can bring peace-of-mind for those engaging in technology that surrounds us all. If in doubt, turn to Stay Safe online from the National Cyber Security Alliance for further guidance to navigate the a safe path for data protection in the age of isolationism.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.