There’s a saying that everything changes yet everything stays the same – and it’s as true in the world of data privacy and security as anywhere else.
With the implementation of GDPR just around the corner I’ve been reflecting on this idea of what has changed and what has stayed the same in the more than 30 years since data protection legislation first came into force in the UK.
So what’s changed?
The world of technology is, of course, virtually unrecognisable from 30 years ago and with each passing decade the opportunities for ordinary people to make terrible mistakes with personal data have grown exponentially.
One of the first technologies to really enable us to make a hash of things was the fax machine. Suddenly, at the press of a button, we could send personal and confidential information around the world with absolutely no chance of retrieving it if it ended up in the wrong place.
Then came mobile phones – giving many of us new opportunities to disclose personal data in public places. Smart phones gave us the chance to get trigger happy with e-mails at any time of day or night and from virtually any location, often with an unthinking ‘reply all’ as we tried our best to multi-task; and USB sticks meant we could lose untold quantities of personal data on planes, trains and automobiles.
Social networking added a whole new dimension to the inappropriate disclosure of personal and confidential information and who knows what may be next.
And what has stayed the same?
Technology may be changing at breakneck speed but the one thing that isn’t changing is the role of human error in many of the most serious data breaches. A recent Freedom of Information request by Egress Software revealed that ‘human error’ accounted for a whopping 62% of incidents reported to the Information Commissioner’s Office and this is a remarkably consistent factor over time. I started to dig in to well respected security and privacy surveys over the years and from CompTIA, CSI and many more, year after year, human error is ‘revealed’ as the biggest factor in security and privacy breaches.
Whilst our tools and technologies to predict, detect and prevent data breaches have undoubtedly become more sophisticated over the years, it would seem that we are failing to make an impact on one of the biggest risks to data security – people.
Clearly we need to raise our game when it comes to building human firewalls that are anywhere near as robust as our technical firewalls. In this webinar hosted by SAI Global I take a fresh look at why people are the weak link in your data privacy strategy and what you can do about it.