It has been reported that the UK Government Communications Headquarters (GCHQ) used bulk interception to unlawfully breach citizens’ privacy and free expression rights, Europe’s highest human rights court has ruled.
The ruling is the culmination of three lawsuits that had accused the GCHQ’s bulk interception regime of being incompatible with the right for people to have privacy, which arose in 2013 following revelations from Edward Snowden that the GCHQ was running a bulk interception operation to tap into and store huge volumes of data, which included people’s private communications.
<p>Any one of your customers may be learning about this ruling against the GCHQ and coming to a lot of conclusions. Among those is no doubt, “why can’t people leave my personal data and information alone?” It would be the logical reaction by anybody living in a free society with a guaranteed right to data privacy. We can’t always control what governmental agencies do in the name of national security (though in free societies we certainly have a voice), and we certainly can’t control the horde of threat actors out there targeting peoples’ sensitive data. With some matters, though, we can enact positive efforts toward data privacy.</p> <p> </p> <p>Each and every enterprise that collects, handles, processes, and stores this type of information can handle sensitive data ethically, lawfully, and with the best interests of the data subjects in mind. This means abiding by data privacy laws in every jurisdiction in which they do business. Equally important, it means constantly re-assessing your data security posture to make sure that the most robust data security is in place, just in case data does fall into the wrong hands. And it inevitably will.</p> <p> </p> <p>A powerful tool in this toolbox to protect sensitive information is data-centric security, which guards data using methods such as tokenization or format-preserving encryption. The power of data-centric security is that it travels with the data, unlike perimeter-based security, and it preserves original data formats so that your business applications can still work with and analyze protected data, eliminating the need to de-protect it within your corporate workflows. We can’t solve every problem in the world, but we can treat our customers with the dignity they deserve by zealously protecting any information about them that we lawfully collect.</p>