Recent data breaches in big enterprises like large banks and retail chains make one thing clear: data privacy and protection is a concern for all organizations, not just large ones. If large enterprises with plenty of available resources can be affected by attacks and lose their data, smaller organizations without these resources are at risk as well.
Users are not just worried about whether their data is secure; today they are also worrying if their data will be used properly by the sites and businesses they deal with. The concern among users about privacy has increased in months and years.
The statistics bear this all out. A survey carried out in March 2014 by the market research firm GfK highlighted significant, and growing, concerns from consumers about their personal data. 49% of respondents said they were “very much” concerned about how their data was protected, with 60% of respondents saying this concern had increased in the past 12 months.
Consumers are also taking action. A 2014 study by Radius Global found that 69% of survey respondents would do less business with a company they knew had been breached; 67% would try to only do business with companies that they feel can handle their data. The consequences for companies are clear.
So, what should companies do? First of all, they need to recognize that data protection is now an important a part of doing business. This means that they must actually approach this as something that is important, and not just a pain that has to be tolerated.
To do this, organizations should first take stock and remember just what they are protecting and consider what’s most important – i.e., what is their core data. These should be protected with the best available resources. Keep in mind that the levels of protection necessary can change, depending on regulations (like the soon-to-be-implemented data protection regulations in the European Union).
Local regulations on data protection can vary significantly. In the United States, there are no comprehensive law that covers all sectors. Instead, per-industry legislation such as the Health Insurance Portability and Accountability Act (HIPAA) are in place.
In other countries, more comprehensive regulations that cover all sectors are more common. For example, countries in the European Union will soon be covered by the EU General Data Protection Regulation, which mandates EU-wide rules on data protection. Japan has similar laws in the form of the Act on the Protection of Personal Information, which dates back to 2003.
However, not all organizations actually understand these regulations: in the EU, only 13% of businesses called their understanding of the upcoming regulations “very good”. This is despite the fact that, for example, in the EU businesses can be fined up to 5% of their annual turnover if they are in violation of the proposed regulations.
Similar approaches need to be taken to assuage concerns about privacy. Ensure that what data is being collected is used correctly and in such a way as not to be perceived as “creepy” by end users. The same data protection that is done for core data must be applied here, too: end users will not take kindly to businesses that don’t protect the data of their customers.
In the end, data protection comes down not just to technical aspects, but for organizations to decide that it matters. With the new year fast approaching, companies can learn from the many incidents of 2014 and ensure that their own organizations do not fall victim to similar attacks. To know more about data protection law, read our infographic, The Road to Compliance: A Visual Guide to the EU Data Protection Law.
Trend Micro secures user’s data via its integrated data loss prevention technology that protects data found in endpoints, servers, networks, and even the cloud. It also protects the transfer of data between locations and comes with a central policy management, which does not require installation of different technologies across multiple security layers.