Data Security: How to keep ‘Big Data’ safe...and legal
By Kristina Macaulay - Posted on 26 February 2013Kristina Macaulay, Strathclyde MBA alumnus and Managing Director of data security and organisational authentication consultancy, Global Identity, discusses developments in data legislation in an increasingly information-rich society.
According to the World Economic Forum it is now impossible to know who has data about you and where it is located. From personal information to private emails and social media posts, every individual’s online interactions are now routinely logged and stored.
While this growing use of ‘Big Data’ provides opportunities for more targeted marketing, it also increases organisations’ obligations and risks when it comes to data security, with failure in securing customer data having potentially serious legal and reputational implications.
As outlined during last week’s Cyber Security Conference held by the Scottish Government, increasingly sophisticated threats and changes in the way we now store and access data mean organisations cannot be complacent despite ever more complex security procedures.
A central issue, which was reiterated throughout the conference, is the need for organisations to gain a fuller understanding of the data security threats they face, and the implications this could have for the individuals whose data they store.
As a recent BBC exposée on hactivisim highlighted, while services such as Websense can offer a measure of reassurance, for most organisations a quick visit to Anonymous or Pastebin may be all it takes to find out if they are a potential target.
Indeed, as Dr Natalie Coull, Lecturer in Computer Security at The University of Abertay discussed, for many aspiring computing undergraduates and ‘ethical hackers’ successfully finding flaws in an organisation’s data security can be the key to securing an internship. Even the police, and the newly formed Scottish Business Crime Centre, are now recruiting among their ranks to provide businesses with advice on security resilience.
The potential increase in unsecured data transfer as a result of more remote working may also have legal and security implications, with recent figures from Accenture suggesting more than half of employees (52%) around the world now access work-related material from their own personal computers and devices.
As the amount of data organisations store, for marketing and compliance purposes, increases, another potential area of concern is cloud storage. As Maureen Falconer, Senior Policy Officer at the Information Commissions Office (ICO), explained during her talk, the use of third party data storage, sometimes outside domestic jurisdictions, may not be adequately accounted for in current legislation.
Perhaps the most pertinent issue facing data security comes from a prevalent ‘yes’ culture, where ambiguities around ‘consent’ result from an inadequate and out of date legal framework: consumers do not have a full understanding of where their data is held, who it is sold on to, and what they have agreed it can be used for.
While data protection legislation is scrutinised and updated, and the idea of consent is re-defined, organisations must continue to ensure:
- Data security procedures are transparent
- Data is secure
- The importance of data protection is conveyed throughout the organisation
- Contingencies are in place if data becomes compromised.
Without doubt, data security is no longer just an issue for compliance. For today’s leaders, while ‘Big Data’ creates great opportunities, its legal and ethical use must be a key consideration.
How has your organisation approached data security? How is this communicated throughout the business? Let us know in the comments below.
