Data protection sanctions look set to go way off the scale
- 28 February, 2013 09:31
Data protection is jostling for pole position as an area that CFOs should firmly fix both eyes on. Rarely do you see a juxtaposition of regulatory, technology, enterprise and consumer attitudes changing with one focal point.
The blurred distinction between when work ends and when personal life starts does not look to get any clearer as technology allows us to work from personal devices, and play from work devices. The challenge this has on enterprise security is often not considered with sufficient seriousness until it is too late.
A couple of years ago the UK Information Commissioner’s Office (ICO) was granted increased powers, with the ability to impose a maximum fine of £500,000 for those who are not careful with the personal data that they were entrusted with. Since that increased power was granted to the ICO, the data protection watchdog has certainly not been shy in using it.
The current data protection law however is not seen as fit for purpose given the globalised, outsourced, social media and cloud driven world of commerce in this day and age. The biggest change to European data protection since 1995 finally arrived with the publication of the draft Data Protection Regulation last year, which is expected to come into force within the next 18 months.
What these new proposals show is that data protection sanctions look set to go way off the scale in terms of what we are used to right now. The sting in the tail, which did not exist before, is that there is a provision to calculate a fine that is based on a percentage of annual global turnover.
Businesses that fail to get it right, especially in the areas of cloud storage, data centres and data transfers, and new requirements that make ‘compliance’ a fundamental frontline obligation, could potentially lead to massive fines.
For major organisations, this could be to the tune of tens if not hundreds of millions of pounds, with ‘tier three’ penalties based on 2 per cent of global annual turnover. So businesses will no longer be able to pay lip service to data protection, compliance will have to be an integrated, transparent and demonstrable part of the business if a massive whack of a fine is to be avoided.
Other areas to look out for include:
Payment by mobile phones and contactless card payments is likely to grow exponentially in the coming year. The European Commission recently gave approval to the joint venture between Vodafone, EE and Telefonica to set up a company to develop mobile commerce in the UK. In addition to a mobile wallet service, the operators are proposing to launch a data-based mobile advertising network which will give businesses access to over 37 million of their customers. Concepts such as these are likely to create enormous data protection challenges.
‘Bring Your Own Device’ or BYOD
Such schemes are likely to continue to see an increase in 2013. In Germany, for example, 80 percent of businesses are expected to have BYOD schemes in place by the end of next year, creating data protection and privacy challenges.
Facial recognition technology
Social media players using facial recognition technology were under fire from privacy campaigners over the course of 2012 but this is unlikely to act as a deterrent to further development of this technology for commercial and marketing purposes. As the application of facial recognition technology broadens, the data protection issues are likely to become more complicated.
Even if some of these developments do not appear on the horizon as soon as commentators believe they will do, there is still enough to give CFOs food for thought. On the one hand are technology and legal change and on the other hand is the issue of liability. Given what we may see happening to the latter, looks like it is set to outstrip the decision making power of all but the board on such matters in a corporate setting.
Vinod Bange is the UK partner leading the data protection team at international law firm Taylor Wessing. He has specialised in data protection and information law for over a decade.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
Updated: Bill Morrow new head of NBN Co
Cloud debate now about speed and sophistication
Cloud debate now about speed and sophistication
Yahoo Mail still down for some users, after an attempted fix
Queensland government to provide 200 services online by 2015
Multi-Factor Authentication; Current Usage and Trends
In this digital age, validating identities and controlling access is vital, which is why multifactor authentication has become such a fundamental requirement in so many organisations. This survey looks at the authentication landscape in Europe, the Middle East, and Africa, and offers insights into how it is expected to change in the coming years.
Benchmarks for Security - A Comparative Test
In a head to head comparison of 8 end-point security products, we look at which performs the best across crucial performance metrics - from installation time to memory usage. Download to find out which performs the best!
At one point, it seemed that phishing was receding to the status of a minor issue threatening only naïve consumers. However new cybercriminals and phishing techniques have lead this to become a greater concern. Download how to find out how phishing became the No. 1 web threat, and which web security solution can best protect your company.