Today announced another ‘breaking news’ story on BBC news, ‘BA boss apologies for data breach’.
Since the enforcement of the GDPR after 25th May 2018, ‘breaking news’ data breaches are becoming extremely common. It is without question that there were data breaches before, but today the risks to businesses are higher financially (up to 4% of worldwide annual turnover or up to €20 million, whichever is higher) and can also severely damage a brands reputation. Consumers are more informed than ever before not only about the value of their data and but also their rights and ways to raise a complaint to the ICO.
The challenges for business and the ICO
This latest breach got me thinking. The challenge for the business to remain compliant and ensure the systems they use are secure 24/7. It’s also a challenge for the ICO to keep on top of all of these breaches on a daily basis, which need resources to investigate to determine the cause of the breach & provide preventive measures for the future.
There are several missing gaps in preventing data breaches.
1.Vetting procedures
Firstly no-one is going into these businesses and vetting their security systems.
If you were to open a restaurant or cafe, the Foods Standards agency would be required to inspect the quality of the food, the tools used and the workplace which is vetted and then rated for hygiene. If food hygiene was managed in the same way data is today, we would see restaurants going out of business due to hefty fines, with a sharp increase in food poisoning and sickness bugs from diners.
Similarly, there should be a system for the ICO to inspect the quality of business for their data handling and technology systems. It would give consumers a steer of brands to trust with their data.
This would encourage all businesses to take data protection seriously with action not only lip service.
2.Legacy systems
The second challenge is to rate the security of legacy systems which are a huge barrier for many long-established organisations to overcome. A typical customers experience with a bank only demonstrates that those systems aren’t able to adequately cope with today’s modern consumer demands - fraud detection, for example, isn’t an automatic process, and new banking cards have to cancelled and resent sent rather than merely blocking fraudulent payment transactions.
An approach to enforcement?
Another approach the ICO could take would be to enforce companies to allocate x% of budget/ profit to security as a minimum based on the amount of data that the business holds. There could be varying thresholds and of course, would need to be affordable for the business. However many companies aren’t allocating enough resources or funds to keeping up with security technology and the ever-sophisticated hacking techniques that continuously evolve. Many companies still don’t see security as an issue or think that they are ‘secure enough’. However, what is the definition of being secure?
Data breaches have increased 160% since GDPR came into force, and that number is only going to grow continually. Moreover, what does this all mean for the perceived security of the Internet? Continuous data breaches aren’t going to instil trust in the internet with the consumer- something which has taken many years to build up. If it continues as it has now begun after May 2018, we may end up going back to a time where consumers prefer to transact offline. It would be great to see transparency the ICO’s activity of consulting the views of industry experts to proactively produce a plan to overcome this growing issue, instead of us having to effectively sit back and watch data breaches unfold without any suggestions for future prevention other than just dishing out penalties.
If you want to be proactive and prevent data hacks as much as possible, there is some brilliant technology out there, get in touch and I can provide recommendations based on your requirements.
Whether you’re a brand, a marketer, a data protection expert, a technology provider, a consumer, a business owner or a representative for the ICO, the issue of data breaches affects us all, and we collectively have a voice to try and overcome this, so let’s hear it! I invite you to share your thoughts and ideas below.
Article originally featured on LinkedIn.
https://uk.linkedin.com/in/jennatiffany
About the Author
Jenna Tiffany is a Chartered Marketer and Fellow of the IDM. She is the Founder & Strategy Director at Let'sTalk Strategy providing consultancy services across the digital marketing mix. Jenna has over ten years' marketing experience within B2B and B2C and both client and agency side.
Industry recognised expert as an elected member of the prestigious DMA Email Marketing Council. Jenna provides marketing consultancy to brands worldwide. As a proven thought-leader, competent public speaker and publisher, Jenna can be regularly seen sharing her latest trends and key industry topics internationally.