A rather astonishing example of carelessness over data privacy was displayed recently at Bloomberg, escalating the discussion around data security.
Bloomberg customers were shocked to find that employees are able to see what terminal users are viewing, and the actions that they were taking.
With the combination of a confidential service, such as Bloomberg's financial information service, and a publishing service, one would assume strict ‘Chinese walls' were used. However a lack of Chinese walls has been a sensitive issue in the past.
A few years ago, a similar issue around investment and research also caused contention. The issue is not one that lies solely with the corporation, but instead is representative of a broader issue around the cultural differences that the US and the EU have with respect to data protection and privacy.
Recent events such as this highlight a significant difference in national data protection laws and in the perception of what data ‘protection' should be. This is becoming a prominent concern amongst businesses, particularly of those that are engaged in a financial transaction or merger.
In Europe, regulations are harmonised by the European Union, and information can be securely stored on servers within the EU without risk of access by third parties. Yet when using US-based servers to store information, the legalities become more complex.
The EU criticism is that the US government has, through the Patriot Act, low-barrier access rights to digital information stored by US companies. Such rules are unmatched in the EU. Storing data with a US company exposes every European firm to the risk of sharing this information with US authorities.
This was a criticism by German officials and the Fraunhofer Report, which stated that it was not adequate for the protection of European companies' data. As corporations – especially in relation to M&A transactions - continue to become increasingly concerned about the location and security of their sensitive data, we are seeing a significant upsurge in enquiries from firms about how best to protect their information.
Our advice is to take the following into consideration when selecting a secure server:
In the context of financial transactions, the risk of a privacy breach can be severe. Damages or a failure of the transaction can easily cost the participating parties tens of millions of Euros.
The IT security considerations on these transactions are structured around potential attacks by strangers and, more significantly, people that are entitled to receive the information. Considering the following should reduce the risks of a security breach:
Data security and privacy will continue to remain a contentious issue. Currently there is a strong American lobby in Brussels to prevent EU data protection laws from increasing in strength, which would have a significant impact on corporations with limited data protection, such as Google and Facebook.
The data privacy news such as that of Bloomberg is unlikely to be the last, so while the debate continues, it is down to individual businesses to educate themselves on data protection and ensure that they are fully aware of where data is stored and the protection laws that it falls under
Jan Hoffmeister is co-founder of Drooms