MEANWHILE IN DATA PRIVACY – 26TH JUNE 2017
Note: Thank you to many readers of the previous post of this series for their inputs and feedback. Based on that, have decided to make these posts as a series of ‘privacy round-ups’ – giving an overview of the interesting and important articles & news in the world of data privacy during the month. Happy reading….do keep sending me your feedback on email@example.com.
-Shivangi Nadkarni, Co-Founder & CEO, Arrka Consulting
Rights over Personal Data in the New Era
The European General Data Protection Regulation or GDPR has been likened to be to the world of Data Privacy what SOX was to the world of Finance & IT in the last decade – a game changer that affects not only Europe but the entire world.
This article talks of how the GDPR is set to re-calibrate the balance of rights between an individual (the owner of the personal data in question) and the entity who receives or gets access to that data. ‘GDPR helps put the "person" back in personal data. It reminds companies that the data belongs to an individual to whom they are accountable and for whom they must provide an accounting’. This is a complete mindset change from the thinking till date – which has been ‘all about “analyze so as to monetize.”’ For organizations, this requires a complete overhaul of their existing data governance, protection and compliance practices.
This approach is pushing the rest of the world to also re-orient its approach. ‘China has just instituted a similar right along with many other countries. Similarly, in the US, several states are debating bills that would enshrine new rights to personal data.’
On Data Privacy Laws
In a recent consultation with industry leaders from the IT/ITES sectors on developing the roadmap for building a 1 Trillion Dollar digital economy in India, Union Minister for Electronics & IT and Law & Justice – Shri Ravishankar Prasad – talked of strengthening the legal framework for data security in India as a critical aspect of reaching this goal. The following press release gives all the details:
The much-awaited cybersecurity law was enacted by China on the 1st of this month, outlining norms for handling personal information and restricting processing of personal information of Chinese people outside China. The definition of personal information is broad and similar to that of the EU GDPR – taking into consideration technical, device and online data as well. The following posts give details:
The Onward March of Ubiquitous Tracking
‘What has your web browser seen that could embarrass you later? This isn’t just about porn. Have you hunted for a new job, streamed the ball game at work, investigated a crush or googled the morning-after pill? Imagine having a report about it show up on the desk of your boss, spouse or legal adversary.
Meanwhile, data aggregators send their bots to collect anything and everything they can about you: addresses, browsing habits, even estimated net worth. Then they glue it all together, facts and wild guesses alike, into dossiers. That’s the legal side of data collection. Things get scarier when your tax accountant, credit-card company or email provider gets hacked.’
Read more about this in this Wall Street Journal article:
OTA Trust Audit
Every year, the Online Trust Alliance conducts an audit ‘to promote security best practices, data stewardship and responsible privacy practices’ and recognize ‘organizations that have demonstrated security and privacy excellence.’
The above report is a comprehensive one covering security as well as privacy. The key privacy trends the report outlines are:
Lowlights include the disclosure of vendor / service provider confidentiality, which decreased from 54.8% to 48.4% from 2016 to 2017.
Third Party Trackers - Overall the average number of problematic trackers as defined by sharing data with unaffiliated third parties for non-operational purposes decreased from 11.4 to 8.8 per site from 2016 to 2017. These are trackers known to share data with third parties (not including data for anonymous site metrics). The number of unique trackers observed on all sites ranged from 0 to 59. The News/Media sector had the most with an average of 25.4 reflecting their dependence on advertising and re-targeting of site users.
Data Loss Incidents & Breaches - Measured from January 2016 through May 2017, 11.7% of sites had one or more incidents, with a total of over 3.8 billion exposed records. Of all the segments, the Bank 100 had the highest rate (24%) followed by Consumer sites (23.8%). In total, this is a significant jump from 2016, where only 4.8% of the audited sites had an incident. This shift is attributed to three factors: 1) increased telemetry and data fidelity, 2) overall increase in cyber incidents and 3) increased transparency and disclosures of incidents.12
Regulatory Fines & Settlements - On the regulatory front, 21 organizations received a penalty for suits or settlements this year (up from 9 last year), with the banking sector having the most (8).
Google and Privacy
There was some heartening news from Google this month:
Note: To know how to maximise your privacy in the google ecosystem, check out Arrka’s guide
IOT & Devices
There are about 7 Billion IOT devices today, expected to go up to 22.5 Billion by 2021. How banks are expected to leverage this is an angle this article takes up. It talks of the fact that data collection by banks will no longer be restricted to the existing channels like web, mobile, branches, etc - but would cover other devices – which in turn would be used for many things, not just performance of financial transactions.
Check out the previous post in this series here
To subscribe to our privacy round-up series, drop a mail to firstname.lastname@example.org