Safer Internet Day: Data privacy is a necessity, not a luxury
Safer Internet Day: Data privacy is a necessity, not a luxury
Today marks “safer internet day”. It is designed to inspire a global conversation about using technology responsibly, respectfully, critically and creatively. 

As we all know, the internet is home to an abundance of benefits, from bringing people together who otherwise would be geographically separated, to sharing knowledge, insight and learnings from across the globe. As more and more is connected to the internet, from driverless cars to entire cities, we are seeing a rapid increase in the amount of data recorded, stored and shared – and this number is only going to increase.

The General Data Protection Regulation (GDPR) comes into force in May of this year. Ultimately, the arrival of GDPR will put the control of personal data back into the hands of the individual. This allows a number of rights including access to their data whenever they want it as well as the ability to withdraw it. Organisations are also not allowed to gather data without a good reason and need to be able to prove they are doing everything they can do protect the data they do hold. 

As a result, many organisations are investing in resources and processes to meet the new law. Not doing so will put them at risk of penalties of up to €20 million or four percent of global annual turnover. 

2017 also saw an increase in the number of reported data breaches. Some of which exposed personal information of thousands of customers. Understandably, this has made businesses increasingly concerned about what they invest in, as well as who they partner with. Customers are therefore asking more questions during the buying cycle in regards to how data is captured, transferred, stored, and erased.  

Cisco's recently announced Privacy Maturity Benchmark Study (PMBS) surveyed more than 3,600 security professionals asking them about the maturity of their privacy processes and if they had been breached in the last year – and the consequential losses from the attacks. 

The findings highlighted that having good privacy processes go well beyond GDPR compliance.  In fact, organisations which have better privacy maturity experience fewer and less costly breaches of their data, compared with 74 percent of privacy-immature organisations which experienced losses of more than £350,000. Let's be clear, data privacy is a necessity which impacts an organisation's bottom line, and is by no means a luxury. 

Ultimately, privacy maturity provides benefits beyond was is required. According to the standard American Institute of Certified Public Accountants (AICPA) model, there are five privacy maturity levels: Adhoc, Repeatable, Defined, Managed, and Optimised. The survey found that 15 percent of “Optimised” organisations reported no breaches at all in the past year, compared to only one percent of “Ad hoc” businesses. In addition, 59 percent of the “Ad hoc “organisations which were breached, reported losses of more than US$1 million (£700,000), compared to only 28 percent of “Optimised” organisations.  

It demonstrates that the businesses that have good privacy processes only have the data they need, for as long as they need it. By better regulating how they collect, transfer and store data, companies were able to minimise the potential losses when a breach occurs. 

Rightly so, businesses concerns around data privacy are increasing and are only going to continue to do so as they prepare for GDPR. If cyber-attacks like WannaCry haven't got business leaders to sit up and take notice, the new legislation will force them to. 

It is vital that employees from across the whole organisation understand the importance and the responsibility attached to the new regulations. Data security is ultimately everyone's concern and not just those who are in governance or security positions. 

We support today's efforts to increase awareness of internet safety as the development of a society that is resilient to cyber-attacks, is one that has willingness from all parties to share knowledge and crucial has the insight to help reduce cyber-security success rates. 

Data privacy is the first step in massively reducing the chances of falling victim to severe data breaches and companies need to make it a top priority, or risk losing out to its biggest competitor – the cyber-criminal. 

Contributed by Lorena Marciano, Data Protection and Privacy Officer, Cisco

*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.