Data Privacy

Industry experts comment on Data Privacy Day

With today (28 January) marking Data Privacy Day - an annual event seeking to raise awareness and promote privacy and data protection best practices - industry experts have marked the occasion by presenting a range of views on the latest trends and challenges that have arisen since last year's occasion. - Dr Ellison Anne Williams, Founder and CEO of Enveil, comments, “Data Privacy Day serves as a crucial reminder to safeguard sensitive information in an era where data dominates. As we navigate an increasingly interconnected world and transformative technologies such as AI grow their foothold in the digital economy, finding ways to protect data privacy and mitigate risk will be essential. “Privacy Enhancing Technologies (PETs) enable, enhance, and preserve data privacy throughout its lifecycle, securing data usage and allowing users to capitalise on the power of AI without sacrificing privacy or security. Organisations that truly prioritise data will incorporate PETs as a foundational, business-enabling tool that will fortify data-driven capabilities and enable data to be leveraged securely across silos and boundaries. “This year’s Data Privacy Day theme is ‘Take control of your data’, but that sentiment should not be limited to our personal data footprint. Businesses need to be proactive in their approach to data protection and commit to a future where PETs are woven into the very fabric of digital strategy. This will empower users to responsibly and securely harness innovative tools, such as AI and Machine Learning, in line with global regulations and compliance requirements.” - Edwin Weijdema, Field CTO EMEA & Cybersecurity Lead at Veeam, adds, “This year, Data Privacy Day seems a little different. With significant cyber security regulations coming into force around the world, most notably NIS2 and DORA, it feels like a lot has changed since we marked this day just 12 months ago. “And it has. We’ve seen corporate accountability given increasing weight when it comes to data resilience thanks to NIS2. It’s no longer a case of passing the buck – responsibility ultimately sits with the C-suite. Simultaneously, data resilience is shifting from a ‘cyber security requirement’ to a tangible business differentiator. At the moment, breaches and ransomware are still a ‘when’, not an ‘if’ - and I don’t see this changing. As C-suites become ever more aware, they’ll be demanding to see evidence of their organisation's data resilience, from their internal teams and any third-party partners. “Data Privacy Day is a good chance to reflect on how much can change in a year. After all, organisations can’t rely on markers like this to nudge them on the importance of data resilience - it needs to be a priority 365 days a year.” - James Blake, VP Global Cyber Resiliency Strategy at Cohesity, comments, "On Data Privacy Day, it's crucial to recognise that focusing solely on compliance will only lead to companies tying themselves in knots reacting to the swarm of active or planned regulatory requirements, as well as data legislation coming into force across multiple national and state jurisdictions. If we look at Germany alone as an example, there are 17 state laws on top of national and EU requirements. The most effective way to ensure data privacy compliance is by building robust and repeatable operational capabilities. This involves programmatically conducting comprehensive data audits to identify, categorise, and secure sensitive information. Implementing robust encryption protocols, including migrating to encryption methods resilient to emerging quantum computing attacks, is essential. Additionally, consider working with technology companies who can offer immutable data that can provide an extra layer of security, ensuring data cannot be altered or deleted, thus protecting against ransomware attacks, data breaches and the unnecessary financial loss accrued because of downtime. Appointing security champions in each business unit to educate their peers on tailored data privacy processes based on data classification levels is an important step. By embedding these practices, compliance with varying regulatory requirements will naturally follow." - Adrianus Warmenhoven, a cyber security expert at NordVPN, comments: “As debates continue over whether data, oil, or land holds the greatest value, in cyber security, the answer is unequivocal: data. Personal data, unlike physical assets, can be copied, stolen, or sold without leaving visible traces, creating significant financial and reputational risks. “Apps are a major culprit, often exposing sensitive information through excessive permissions, missed updates, or unauthorised data sharing. Keeping software current is not just a personal safeguard; it also helps protect your network of contacts from phishing attacks through outdated systems. The good news is that while it may seem like an uphill battle to get on top of your data privacy, it’s never been easier to manage how much you share.” To protect people’s privacy on apps, Adrianus offers these preventive measures: Always download apps from official stores - Unofficial apps may not check how safe it is before it is available to download, increasing the risk of modifications by criminals. Familiarise yourself with the data permissions required by apps - Head to your settings and review and adjust these permissions as necessary, particularly sensitive ones like access to your camera, microphone, storage, location, and contact list. Before downloading any app, read its privacy policy - Understand what information it will track and share with third parties. If the privacy level is unsatisfactory, consider an alternative. You can usually find this in the description on your mobile device’s app store. Limit location access only when using the app - It is difficult to justify why some apps need to know your location at all times, so do not give it to them. Avoid using social media accounts to log in, because doing so can allow unnecessary data exchange. Delete any apps you no longer use - This helps to prevent them from collecting data in the background. For more on data privacy, click here.

Zimperium predicts data privacy emphasis in 2025

Nico Chiaraviglio, Chief Scientist and Krishna Vishnubhotla, VP Product Strategy & Threat Intelligence at Zimperium, is predicting data privacy emphasis, more evasive phishing attacks and a rise of sideloading for 2025: Each year around this time, security leaders cast their predictions on how the industry will change in the new year. What new threats will arise? How will organisations shift their security priorities? Which cybercriminal tactics will increase and which will decrease? At Zimperium, our mission is to secure the mobile attack surface and to empower security teams to effectively manage and mitigate mobile threats. In light of the research data we’ve compiled across millions of mobile devices and mobile apps over this past year, we’ve sat down to think about what new mobile security trends and threats you can expect to see in 2025. Prediction 1: Mobile Security Platforms Will Increasingly Address Data Privacy Concerns, Not Just Security Mobile security plays a crucial role in addressing the needs of data privacy. However, we often see mobile security with the lens of threat defence and application security. But regulatory compliance is a key piece of the mobile security function and we predict that in 2025, we will see mobile security prioritising data privacy needs by implementing robust privacy-preserving technologies. According to Zimperium’s 2024 Global Mobile Threat Report, 82% of organisations allow bringing your own device (BYOD) to work. And a recent survey from Tableau found that 63% of Internet users believe most companies aren’t transparent about how their data is used, with 48% having stopped shopping with a company because of privacy concerns. We will likely see more regulatory compliance baked into mobile security solutions, particularly around data handling and encryption standards. We are already seeing regulatory shifts in the financial sector, holding app developers accountable for any harm towards their end users due to external attacks. Businesses are recognising that regulatory compliance features are a necessary piece of the mobile security stack, and they are seeking mobile security platforms that address both privacy and security needs. Prediction 2: Social Engineering Attacks Will Keep Becoming More Sophisticated and Evasive, Traditional Phishing Defenses Fall Short Social engineering has evolved considerably over the past year. In 2025, we predict that 'mishing' (mobile phishing) attacks will become so sophisticated and evasive that traditional tooling won’t be able to detect it. We will see the rise of AI-driven mobile malware capable of mimicking user behaviour, making it far harder to detect using traditional methods. Verizon’s 2024 Mobile Security Index revealed that AI technologies are expected to intensify the mobile threat landscape, with 77% of respondents anticipating AI-assisted attacks, such as deep fakes and SMS phishing. A notable example was identified by Zimperium’s zLabs researchers on an Android-targeted SMS stealer campaign, which to date, researchers have found over 107,000 malware samples directly tied to the campaign. In separate research, the zLabs team found a new variant of the FakeCall malware, revealing new traits present in this variant, including the ability to capture information displayed on a screen using the Android Accessibility Service. Similar to the above, we will continue to see the development of 'stealth mobile devices', or devices specifically designed to circumvent typical security measures.. This highlights a strategic evolution in mobile security – evasive cyberattacks are now the new normal as cybercriminals are becoming more sophisticated in their mobile phishing attacks. Prediction 3: Non-Traditional Entry Points Will Escalate Enterprise Mobile Risk Threat actors will increasingly exploit iOS shortcuts, configuration profiles, and sideloaded applications to breach enterprise security. Recent research unveiled the dangers of sideloading applications, the practice of installing mobile apps on a device that are not from the official app stores. According to Zimperium’s 2024 Global Mobile Threat Report, financial services organisations saw 68% of its mobile threats attributed to sideloaded apps. In fact, zLabs researchers found that mobile users who engage in sideloading are 200% more likely to have malware running on their devices than those who do not. Riskware and trojans, applications that disguise themselves as legitimate apps, are the most common malware families found. APAC outpaced all regions in sideloading risk with 43% of Android devices sideloading apps. To protect against the risk that comes from sideloaded apps, enterprises must effectively protect their mobile endpoints by adopting a multi-layered security strategy including mobile threat defence and mobile app vetting. The prominence of trojans are highlighted in the report with the findings indicating that threats from sideloaded apps are primarily driven by riskware and trojans, which account for a staggering 80% of the malware observed. Additionally, Zimperium’s threat data shows that approximately one in four Android devices face this issue. While sideloading is much more prevalent on Android, the recent Digital Markets Act (DMA) is expected to increase its prevalence on iOS. Cybercriminals are constantly scouring for ways to break in and compromise corporate networks. In 2025, they will ramp up efforts on targeting non-traditional entry points. Prediction 4: Surge in Mobile-Specific Ransomware Mobile-specific ransomware is a rapidly evolving threat that should be top of mind for every CISO. Zimperium’s Mobile Banking Heist Report provides early evidence of this shift: in 2023, 29 malware families targeted 1,800 mobile banking apps with several showing early-stage ransomware capabilities. These tactics are tailored for mobile, signalling a move beyond data theft toward extortion and ransomware schemes designed specifically for mobile platforms. This trend is part of a larger increase in ransomware and extortion attacks across digital channels. According to the 2023 Verizon Data Breach Investigations Report (DBIR), ransomware or extortion was involved in nearly one-third of breaches, indicating a shift among traditional ransomware actors toward new methods, including mobile-focused extortion. This shift is further confirmed by the Thales 2024 Data Threat Report, which notes that ransomware and malware remain some of the fastest-growing threats, with 41% of enterprises facing malware-related breaches this year alone. With ransomware attacks growing by 21% in 2024, attackers are increasingly exploiting mobile platforms due to their unique vulnerabilities and often weaker security postures. For CISOs, this signals an urgent need to prioritise advanced app-level security, phishing defences, and proactive monitoring in mobile environments, as the connectivity and sensitive data handled by mobile devices make them prime targets for the next wave of ransomware. Zimperium’s zLabs research team is on a mission to identify emerging threats to mobile security, exposing malware groups and their variants before they have a chance to wreak havoc on businesses' mobile ecosystem. Our team will remain on the pulse of these developments, keeping a close eye on how these predictions play out in the new year.

Kiteworks boosts data collection capabilities with new acquisition

Kiteworks, which delivers data privacy and compliance for sensitive content communications through its Private Content Network (PCN), has acquired 123FormBuilder, a provider of advanced data collection through secure web forms and form-driven private content workflows. Kiteworks says that this strategic move further strengthens its position as a trusted provider for organisations seeking to protect sensitive content across their entire content communications ecosystem. “We are very excited to welcome Florin and the talented team at 123FormBuilder to the Kiteworks family,” says Amit Toren, SVP of Corporate and Business Development at Kiteworks. “123FormBuilder’s emphasis on security and compliance aligns with our PCN vision. Our customers will benefit from no-code, dynamic form creation, as well as bidirectional integration of web forms with various solutions such as Salesforce, Stripe, Shopify, HubSpot, and others. “In addition, this acquisition further solidifies Kiteworks’ aggressive growth strategy and demonstrates our continued momentum in expanding our market presence and technological capabilities through strategic M&A activities.” Integrating 123FormBuilder’s advanced data collection through secure web forms and form-driven private content workflows into the Kiteworks Private Content Network will enable 123FormBuilder’s customers to benefit from a unified platform that centralises tracking, control, and security of sensitive content communications. Consolidation of audit logs into one platform will also streamline compliance tracking and reporting for 123FormBuilder customers. 123FormBuilder offers a comprehensive, modern, secure web forms platform, enabling customers to build secure registration forms, order forms, surveys, and other form types quickly and easily. The company offers advanced no-code, drag-and-drop online form creation that includes conditional logic, e-signature functionality, multipage forms, file uploads, and integrations with over 45 popular tools for streamlined workflow automation. “123FormBuilder is thrilled to join the Kiteworks family and contribute to its PCN vision, empowering organisations to manage security and compliance risk across communication channels,” notes Florin Cornianu, CEO of 123FormBuilder. “Our team at 123FormBuilder has worked tirelessly to develop a secure and user-friendly platform for data collection, a technology that will thrive under Kiteworks’ guidance. The acquisition extends our long-term security and compliance commitment to innovation bolstered by a profitable, well-funded organisation committed to the highest security and compliance standards.” Kiteworks’ acquisition of 123FormBuilder follows on the heels of its recent $456 million growth equity investment. For more from Kiteworks, click here.

Omdia research defines key characteristics of sovereign cloud for enterprise

Analysis undertaken by Omdia has revealed that the approach to sovereign cloud by the leading vendors is as diverse as people’s understanding of what sovereign cloud is. The term sovereign cloud is a nebulous concept that means different things to different people. At its heart, it is about being compliant with the local regulations and laws of the country being operated in, with respect to how data is stored, processed, and who has access to it. Omdia has developed a six-level model that defines the broad different technical aspects attributed to sovereign cloud. Each country will apply different levels to the specific regulations and laws they pass, and it is this flexibility that characterises the market for sovereign cloud. The vendors with solutions in this space have selected to approach it in two different ways. Firstly, there is the sovereign by design school – where the architecture of the solution enables the vendor to offer sovereign cloud capabilities using its existing footprint. Secondly, there is the built to be sovereign school – where the vendors have taken an existing capability and specifically built a new offering that addresses some of the questions the sovereign by design school does not fully address. “While the motivation and approaches differ to delivering sovereign cloud, there is a common acceptance that it is not something the large vendors can do alone. The use of local trusted partners is key to any delivery strategy, but this use must be designed so that it meets the requirements, particularly delivering a cloud that is free from extraterritorial access. While much of the focus is on how any sovereign cloud will operate in Europe, that is not the only potential market, and vendors need to build solutions that are repeatable globally based on the different requirements the different geographies have,” says Roy Illsley, Chief Analyst and Lead of Omdia’s IT Operations Research Practice. “Vendors as diverse as AWS, Microsoft, Google, Oracle, IBM, VMware, NetApp, and OVHCloud are already offering sovereign clouds with these capabilities.” In a customer survey undertaken to support this piece of research, Omdia cloud services survey - 2023, it found that by the end of 2023 more than 70% of organisations have plans to adopt some form of sovereign cloud. The survey also demonstrated that the end users of a sovereign cloud have multiple different reasons for using it. The top two reasons respondents reported were, ‘data processing must be performed in country’ (29%) and ‘only residents of the country should be able to access the data’ (28%). These relate to level two and level three of the model, with ‘data residency’ (level one) third (24%) and only 18% selected level four resiliency. “Interestingly, EMEA is not the largest user of sovereign cloud currently, it is the lowest user, with only 25% of respondents, while Asia and Oceania report, 36% are currently using sovereign cloud, and 31% in North America. However, if the intentions are converted to actual usage, then by the end of 2023, Asia and Oceania will remain the largest market with 74% using sovereign cloud, followed by North America at 70%, and EMEA at 65%. However, these results must be cognisant of the fact the EMEA respondents were from a range of countries across the region and include a majority from non-EU countries, which can explain its low adoption figures, while North America must follow different state regulations particularly in relation to gambling regulations,” says Vlad Galabov, Research Director at Omdia’s Cloud and Data Centre Research Practice. One aspect of sovereign cloud that needs to be discussed is the commercial viability of any solution. By its very nature, a sovereign cloud will be specific to a country, and while there may be common features, some technical aspects may be very local. It is also worth noting that Omdia does not expect every workload or all the data to be considered as requiring a sovereign solution. Therefore, understanding the size of the market for the type of sovereign cloud being offered, and how repeatable this is, are key understandings that are yet to be established. The emergence of generative AI and the ability of companies to produce company specific models trained on its own data using one of the foundational models introduces another aspect of sovereign cloud that will need to be addressed. Cloud service providers were pointed out as the vertical that is most likely to deliver these sovereign solutions, but the research also found that data companies have solutions that could address the sovereign requirements. As with the software infrastructure vendors, Omdia considers that these two groups along with the OEM vendors could develop on-premises solutions that would be able to be configured for each specific use case. The big question for sovereign cloud is, will it remain a public cloud or will it revert to a private cloud? The answer is unknown, but the company expects to see these two groups, cloud service providers and OEMs and partners to market its specific strengths in relation to meeting the requirements. “It will become a question of balancing the risk, agility and cost equation as there is no absolute perfect solution. Rather it is the solution that the customer believes fits its needs and meets its budget,” concludes Roy. Click here for more latest news.

Legendary British astronaut to address AI in space exploration 

Big Data London, organised by Reed Exhibitions (RX), has unveiled its keynote lineup with renowned astronaut, Major Tim Peake, CMG, and the first British European Space Agency (ESA) astronaut to visit the International Space Station, set to headline the event. The exhibition and conference will run on 20 and 21 September 2023 at Olympia, London. Previously an Army Air Corp officer and test pilot, Tim Peake’s work on the ISS and active engagement with the public has made him a role model to millions. He will explain how technology such as AI has made missions to the international space station possible. His closing keynote session will take place at 4:40pm on 21 September in the Y-Axis keynote theatre.  The Big Data LDN keynotes are the centrepiece of the content programme and for 2023, it will be running two keynote theatres in parallel at opposing ends of the hall (x-axis and y-axis). Both theatres will be packed with leading subject matter experts presenting the latest intelligence and opinion on the industry’s hottest topics. The organisation connects data visionaries and real-world pioneers to deliver cutting-edge practical advice to delegates and in addition to Tim Peake, the keynote track will also feature speakers including:  Libby Liu, CEO at Whistleblower Aid, will present on the Y-Axis stage on 20 September from 15:20 - 15:50, to discuss ethics at the cutting-edge of innovation, and shed light on the importance of data privacy and ethics in the digital age. Libby has represented some of the most impactful big tech whistleblowers of the last several years, including Meta's Frances Haugen and Twitter's former Security Lead, Peiter 'Mudge' Zatko. She will speak to what big tech whistleblowers have in common, the ethical dilemmas they face long before their stories shake the foundations of companies and industries, what they grapple with, what motivates them and how they can blow the whistle safely and legally.  Ela Osterberger from Wetransfer, will present at 14:40 - 15:10, in the Data Strategy Theatre on 21 September to discuss ‘Data Strategy 101: The Essential Guide’ and why your company almost certainly needs one, how to assess what's required, what it should include and how to evolve it. The focus of this session will be a practical take home on the importance of how to implement a data strategy at scale that you can implement right away.   Gary Cronin, Director Digital Transformation, Data Engineering and Insights, Grant Thornton, will deep dive into technical data governance and unlocking the power of data assets on 21 September, 13:20 -13:50. Gary will discuss the world of data modelling, focusing on lineage, provenance, and auditability of data platforms to explore how businesses can build a robust data infrastructure that enables them to reverse data transactions and provide transparency for better decision-making and data-driven insights.    The event aims to join together industry leaders, data professionals, innovators, and enthusiasts to explore the limitless potential of data-driven technologies. Attendees will have the opportunity to engage with representatives and consultants from over 180 exhibiting organisations to explore effective solutions to address their data challenges and develop a robust data-driven strategy for their businesses. The event will feature a lineup of participating organisations with renowned names such as ITV, Porsche, Google, Microsoft, Bank of England, The AA, EDF, OVO, Jaguar Land Rover, Expedia, Experian, M&C Saatchi, HelloFresh and Lloyds Banking Group.   Registration for the event is now open, and interested participants can secure their spots for free here. 

Annual Cyber Protection Week survey reveals post-pandemic paradox

Acronis has released the findings of its second annual Cyber Protection Week survey, which uncovered a dangerous disconnect between the need for organisations to keep their data protected and the ineffective investments they’ve made trying to reach that goal. While 2020 saw companies purchase new systems to enable and secure remote workers during the COVID-19 pandemic, those investments are not paying off. The global survey discovered that 80% of companies now run as many as 10 solutions simultaneously for their data protection and cybersecurity needs – yet more than half of those organisations suffered unexpected downtime last year because of data loss. The findings from Acronis’ annual survey, which polled 4,400 IT users and professionals in 22 countries across six continents, dispel the myth that simply adding more solutions will solve cybersecurity and data protection challenges. Not only does investing in more solutions not deliver more protection, in many cases trying to manage protection across multiple solutions creates greater complexity and less visibility for the IT team, which increases risk. “This year’s Cyber Protection Week survey clearly illustrates that more solutions do not deliver greater protection, as using separate tools to address individual types of exposure is complicated, inefficient, and costly,” says Serguei “SB” Beloussov, Founder and CEO of Acronis. “These findings confirm our belief that the smarter approach is cyber protection, which unifies data protection, cybersecurity, and endpoint management in one.”  Knowledge gap contributes to IT challenges Complicating matters, there is a significant gap in awareness among users and IT professionals of what IT and cybersecurity capabilities are available to them, which can cause them to lose valuable time, money, and security. 68% of IT users and 20% of IT professionals would not know if their data had been modified without their knowledge because their solution makes determining that kind of tampering difficult. 43% of IT users don’t know if their anti-malware stops zero-day threats because their solution doesn’t make that information easily available. Having easy access to such cybersecurity insights is critical to ensuring data is protected.A shocking 10% of IT pros don’t know if their organisation is subject to data privacy regulations. If those responsible for ensuring data privacy don’t know they are culpable, they cannot implement strategies or evaluate the solutions needed to address the requirements. That ignorance puts the business at tremendous risk of major fines for potential compliance violations in 2021. For anyone using multiple solutions to solve their IT and cybersecurity needs, the lack of transparency into such information only gets worse. Not only must they remember which solution provides a particular data point, they are constantly switching between consoles to find the details they need- leading to inefficiencies and missed insights. Acronis has long recognised the cost, efficiency, and security challenges that arise from using multiple solutions, which is why the company pioneered the field of cyber protection, integrating cutting-edge cybersecurity, best-of-breed backup, and endpoint management in a single solution. Managed service providers can build their IT services on Acronis Cyber Protect Cloud, while businesses can gain the same unified capabilities with the company’s on-premises solution, Acronis Cyber Protect 15. Individuals’ lax approach to protection The survey also revealed a staggeringly lax approach to data protection among IT users. 83% of IT users spent more time on their devices last year, yet only half of them took extra steps to protect those devices 33% admit to not updating their devices until at least a week after being notified of a patch90% of IT users reported performing backups, yet 73% have irretrievably lost data at least once, suggesting that they don’t know how to back up or recover properly. The efforts of individuals to protect their data aren’t keeping pace with threats, which is likely due to false assumptions (such as believing Microsoft 365 backs up their data) or a reliance on automatic solutions. Individual IT users can gain the same integrated cyber protection as MSPs and IT professionals with Acronis True Image 2021, the first personal cyber protection solution that unites AI-enhanced anti-malware and award-winning backup in one. Action items for Cyber Protection Week The challenges of protecting and securing data, applications, and systems will continue to grow in the post-pandemic world. To ensure that data is protected, Acronis recommends five simple steps: Create backups of important data. Keep multiple copies of your backups, with one local copy for fast recovery and one off-site in the cloud to guarantee recovery if disaster destroys your copies.  Update your operating systems and applications. Outdated systems and apps lack the security fixes that stop cybercriminals from gaining access. Regular patching is required to avoid exploits.Avoid suspicious emails, links, and attachments. Most malware infections are the result of social engineering techniques that trick unsuspecting individuals into opening infected email attachments or clicking on links to websites that host malware.Install antivirus, anti-malware, and anti-ransomware software while enabling automatic updates so your system is protected against malware. Consider adopting a single cyber protection solution to have the central management and integrated protection needed to meet today’s IT requirements.

Data privacy day: Expert data privacy trends and predictions for 2021

Thursday January 28 marks Data Privacy Day, an international effort to empower individuals and encourage businesses to respect privacy, safeguard data and enable trust. With 2021 set to present us with new challenges and ways of working, businesses need to prioritise data privacy now more than ever, resulting in arguably the most significant Data Privacy Day on record. On the back of 2018, which saw the implementation the ‘General Data Protection Regulation’ (GDPR) act, data privacy was at the top of the corporate and consumer priority lists, giving people more control over their personal data. However, looking back at the last 12 months, it is evident that data privacy is no longer taken quite as seriously. The pandemic and the ‘new normal’ appears to have changed public attitudes on data privacy, which once called for ‘more privacy’. With widely accepted systems such as ‘Track and Trace’ it has become more culturally acceptable for people to willingly share their data. For example, Statista has reported that the NHS contact tracing app has been downloaded nearly 21 million times (20.9m) in the UK.  The same shift in data privacy attitude can be said for businesses and monitoring employee behaviours. Since the pandemic, businesses are faced with the majority of their staff working remotely and, whilst it was once a questionable practice between privacy and corporate necessity, many are now considering ways to keep an eye on productivity, whether employees like it or not. Pedro Martins, Co-Founder & Technical Director of London’s leading IT support experts Totality Services, comments: “As we all know, security breached can be catastrophic to businesses and with the majority of employees now working remotely, we’ve seen a rise in malice attacks across devices. “Business leaders need to understand the importance and actions to keep their data secure. The key is ensuring the organisation's workforce are educated and understand the measure that must be taken to keep key information secure.” “Ahead of Data Privacy Day, we’ve outlined our top predictions for the year and the actions we expect businesses to take to keep their key data as secure as possible.” As businesses consider how to approach data privacy amidst the ‘new normal’ of 2021, Pedro Martins shares some projected trends and predictions for the year ahead. MORE STRINGENT VETTING ON COLLABORATION APPLICATIONS Whilst communication platforms inheritably started as direct Instant Messaging applications, they have, for the most part, been developed into collaboration platforms, used to share important company data both internally and more importantly, externally. This will drive businesses towards more policy-driven and tightened controls, to protect themselves and their data from being shared with the outside world. We're currently seeing this with all collaboration platforms, which are able to share data and files outside of trusted networks. This in turn will lead to businesses running more stringent privacy vetting on all collaborative applications. MORE PROMINENT DATA PROTECTION GUIDELINES WITHIN ORGANISATIONS  Every employee should be vigilant when it comes to Data Privacy, unfortunately, humans tend to fall back into old habits, so whilst GDPR went a long way to emphasise the importance and need for Data Protection, it should be an on-going activity as opposed to a one-off. This in turn helps employees place value and importance on much needed Data Privacy and Data Protection.  There are accreditations and certifications such as ISO27001 and Cyber Essentials which are set out for businesses to follow and commit to. This helps emphasise the importance of employees understanding both Data Privacy and Data Protection in the workplace. With the majority of organisations currently operating a 'work from home' model, it’s imperative to ensure organisations are adhering to these standards on how to manage information security. A RISE IN EMPLOYYEE MONITORING On the whole, we expect to see a slight increase in monitoring employees whilst businesses are working remotely, more noticeably for ones that have not incorporated a remote working policy before the COVID-19 pandemic. Remote working has taken a shift for obvious reasons and will force businesses to adopt important privacy policies during the pandemic. It will be an important step in the direction of a Digital Transformation.  MORE SECURE TECHNOLOGY WILL BE INSTALLED  We expect to see some minor tweaks to existing laws and regulations over the coming year; however, the emphasis is going to focus more around the technology itself as that helps determine how secure company’s data is. There is of course always room for human error and malice behaviour, having the right technology platforms will aid businesses in the prevention, resolution and transparency of potential breaches. In essence, it’s more around the platforms and systems in this case, such as email secure filtering, secure DNS, data encryption, secure email sending and dark web monitoring. REVISED REMOTE WORKING POLICIES TO ALLOW FOR LONG TERM REMOTE SET-UPS Businesses will utilise this time to re-visit their Remote Working Policies. In most cases, no policy was designed for prolonged Remote Working in mind. We also expect organisations to factor in standard security, information and data confidentially for home workers. The systems and security platforms used day to day are key but as is the hardware being used in the home environment, which in most cases is not fit for business use.  EMPLOYEE DATA PRIVACY EDUCATION We expect to see businesses focus their attention on educating their workforce on the importance and value of Data Privacy. Employees must understand what measures to take in an unlikely security breach, such as reporting incidents and the relevant processes to follow.

Data and HR experts form pioneering ethics board to tackle misuse of AI

Data science company Profusion has launched the UK’s first data ethics board to incorporate leaders from HR, academia, law, data science and cybersecurity. The Data Ethics Advisory Board will be to provide the wider tech industry with guidance on how to tackle complex ethical issues emerging within data science. This includes challenges around privacy, security and responsible use of AI tools. It is hoped that the decisions made by the Board will help to set moral standards which will inform businesses that use data science.  To ensure the Board provides a range of views, experts from a number of disciplines have joined, including: Camara (HR director, Co-op), Dr Hastilow (Head of digital manufacturing - civil aerospace, Rolls Royce) and Dodhia (Neuroscience undergraduate student, Cardiff University). They join specialist legal board members to offer diversity of thought to this challenging topic. Natalie Cramp, CEO of Profusion, states: “At Profusion we’re regularly dealing with data projects that are the first of their kind. There is no road map or set of standards we can look to to ensure that we’ve considered all the implications of our work. Whilst data science has amazing power for good, we recognise it can sometimes have unintended consequences. This is why we formed the Ethics Advisory Board. We believe that the wide range of views and experience will enable us to make the best decisions, and in time create a roadmap to support the wider data industry.”  Khyati Sundaram, CEO of Applied, says: “There are countless examples of how data misuse can lead to serious real world consequences. By bringing together voices from different industries and backgrounds we can examine and debate different aspects of these problems, providing guidance that may help to create industry-wide ethical standards.” 

Apple, Cisco & IBM back calls for US GDPR law

Despite the risk of huge penalties, Apple, Cisco and IBM are all calling for GDPR-style laws to be implemented in the United States. That’s because those three companies all have little to lose from GDPR, but a lot to gain. Apple, for instance, has been shouting about its privacy credentials as of late, while both Cisco and IBM gain to benefit from increased investment in data security. While all three firms are excited about the prospects of a GDPR-style law in the US, all three are largely in agreement that the law needs some tweaks before being brought stateside. Mark Chandler, Cisco’s Chief Legal Officer, told the Financial Times, “We believe that the GDPR has worked well, and that with a few differences, that is what should be brought in in the US as well.”    So what changes could we see? Well, American firms are fine with stricter penalties for those who are careless with data, but they’re not as keen on the ‘Right To Be Forgotten’ clause of GDPR. That has allowed EU citizens to be removed from search engine, but executives argue it wouldn’t work as well in the United States. The United States already has a template as to what a tweaked GDPR could look like, as California’s data privacy bill has already been passed by the state’s legislature. This grants users more control over their data, with companies forced to tell consumers what information they’re collecting and who they’re sharing data with. Californians can also request that their data is deleted or that it is simply not sold or shared, while not risking a lower quality of service. The law won’t go into effect until January 2020, however, and if congress comes up with a bill in the meantime, it will supersede the state’s law.