Today, on the 28th of January, we mark Data Privacy Day. But is there anything to celebrate?
According to Thales UK, there are approximately 1800 data compliance laws around the world. Mathieu Gorge, CEO and Founder of VigiTrust, considers this number to be even higher - somewhere around 4500.
This is a nightmare for companies trying to determine which laws they need to comply with. And why does it even matter if we feel as exposed as never before?
Thousands of laws around privacy
There are so many different data compliance laws that data compliance has become a business itself - companies often need to bring specialists on board to make sure they adhere to the required regulations.
"Data Privacy Day is a crucial reminder for organizations to identify and adopt the necessary measures needed to protect data transferred between sovereign jurisdictions. Maintaining control over encryption and access to your sensitive data ensures information doesn't fall into the hands of a foreign entity without permission - which could cost just as much as a reputation," Chris Harris, EMEA Technical Director at Thales UK, told CyberNews in an email.
He added that there are now more than 1,800 data compliance laws companies must comply with globally.
Gorge from Vigitrust believes this number to be even higher, depending on what laws you count.
"My understanding is that there is more than that. If you look at the available frameworks and the companies that specialize in trying to consolidate all of those frameworks and regulations around data protection, information governance, and network security, critical infrastructure protection, which might be a little bit wider, my understanding is that we are talking about 4500. Regardless, as a company, you can't be expected to be an expert in 1800 or 4500 regulations," he told CyberNews via Zoom.
A nightmare for companies
Compliance might be a tough challenge for businesses - depending on where it operates, a company might need to follow 60-70 different laws and regulations.
But, according to Gorge, all the regulations have common denominators, such as: you need to know how you get the data, who's got the access to the data, and then you need to look at it from a privacy perspective, from the end-user perspective.
"The consent in California is very different from consent in Europe. I don't think companies should worry too much about mapping before they know what type of data they have in which business units. Because they will get scared and waste their time," Gorge said.
Obviously, data compliance laws are not enough to protect our privacy. Would it be enough if every company was compliant? Last year, GDPR’s (General Data Protection Rules, EU) fines topped $1 billion, and Amazon contributed nearly 75% of the fine total for a single issue. In July 2021, it was fined €746 million.
“Don’t give your data to the wrong people”
Technology evolves quickly, and regulators are only trying to catch up, Gorge believes.
"The regulations, generally speaking, are always behind the technology that allows you to create, acquire, manipulate, store, and dispose of data," he said.
Brendan Eich, Co-Founder and CEO of Brave Software, once told CyberNews that he favors consumers moving the market towards more privacy-preserving tech.
"Regulators are slow, they may dictate an older, obsolete idea as a solution, or they may just be captured by incumbents who kind of freeze the world the way it is, which gives those incumbents perpetual power," he said.
Anyways, regulations don't even matter if you accidentalyhand your data to threat actors.
"While I do think that businesses and governments have a very strong mandate to protect my data, I also think that I as a citizen need to protect my own data," Gorge said.
Protecting our data should be as natural as turning off the stove, the lights, and locking the door before leaving the house.
"Of course, you have to appeal to the government and the businesses to protect the data that you make available to them, but equally, it's your data. One of the key things we need to tell people is that it's one thing to have your payment card data stolen because you can get a new card, and you will probably eventually get your money back. But what about your health data? You only have one set of health data. Once it is in public, it's a problem because you can't change it," Gorge said.
So while organizations worldwide must comply with dozens of different laws and protect your data, you are the one who needs to make sure you don't give your personal information to the wrong people.
Privacy is ‘under assault’
Consumers have significant reasons to be more concerned about their privacy now than before the pandemic, Dr. Joel Fulton, the Co-Founder and CEO of cybersecurity company Lucidum, told CyberNews. According to him, individual privacy is under assault from employers, governments, e-commerce sites, and the largest “free” software apps and tool providers.
“The rise in the number of work-from-home employees as a result of COVID has also induced managerial fear in some. Many employers deployed “bossware,” surveillance software that monitors employee interaction, engagement, and productivity. Stories of mass firings further increase the distrust by employees of their employer while negatively impacting consumer brand perception, even if those responsible for the mass firing ultimately end up being let go themselves,” he said in an email.
Fulton reminded that Eric Schmidt, former Google CEO, asserted, “If you’re doing something you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”
“Immediately persuaded by the public that this was not consistent with ‘don’t be evil,’ Google backed down. With COVID dominating the news, however, Google kicked off 2022 with a license change permitting them access to everything you have: your email, your documents, your movements,” Fulton stated.
Consumers worry for a reason, and with big tech companies looking to cut the lion’s share in the metaverse game, privacy becomes even more critical.
“Meta, née Facebook, has a tremendous history of demonstrating their respect for consumer privacy. Advertising-fueled companies such as Meta offer free consumer products in order to gain revenue by selling your details, behavior, and patterns. Their approach to the metaverse may look like a scene from Total Recall with personalized advertising following you through your virtual environment. Whatever they offer, if it’s free, then you’re really the product that’s being sold. Insisting on privacy protections may mean opting out, feature limitations, or more active lobbying to state and local governments,” Fulton said.
What can we do?
Laws and regulations can't protect consumers from data breaches and cyberattacks, Dashlane CEO JD Sherman told CyberNews.
"As consumers, we're asked to make a tradeoff between privacy and convenience, and we often can't resist. We just assume, or maybe hope, that companies will protect our data and not abuse it or share it. But while there are privacy laws in certain states and countries, it's a complicated picture," he said in an email.
The first step to protecting our privacy, according to him, is to be honest with ourselves.
"Let's face it, from juggling work, children, and personal time, protecting our privacy online is probably last on our to-do list. Now with many working remotely, I think it's more important to take steps to protect our privacy online," he said.
Privacy and security can sound scary and intimidating, but we can all do some very basic things. First of all, we need to be aware of what information we are sharing online and with whom. Then, we need to take a few basic steps to manage and protect that information.
* Companies and individuals should regularly install software updates that fix security vulnerabilities.
* They should also use a password manager to ensure all passwords are being protected and updated. Password managers can take the headache out of practicing good security and password hygiene – like having strong passwords, not re-using them, rotating them often, and checking to see if they have been compromised.
* Dashlane suggests that users make their master passwords 12 - 15 characters long and avoid using dictionary words, slang, curse words, email addresses, names, and places when it comes to strong passwords. Instead, use password mnemonics to create a complex but memorable password. Start with a meaningful phrase, sentence, song lyric, etc. Add numbers, capital letters, and symbols for password complexity. If your favorite song is "I Want To Break Free" by Queen, a good password might be: "iWant2bFbyQuEen!" It's personal since it's your favorite song, but it's also quite complex!
More from CyberNews:
Subscribe to our newsletter