Why you should be thinking about data privacy and cyber liability
With all the security breaches and misuses of private information in the news, data security is more important than ever for businesses. But are you legally liable? Brenda Berg explains why your business needs to start thinking about data privacy and cyber liability.
With the recent scandal revolving around Facebook and Cambridge Analytica, it’s safe to say that data privacy is a hot topic on everybody’s lips, but what does this mean for your business?
Let’s imagine you’re a customer of your own business. If you’ve been purchasing products and services from this business for some time, but you’ve realised that all of your financial and personal information has now ended up in the hands of a hacker or individual with malicious intent, ask yourself, you would ever use that business again?
In all fairness, I’m going to say no, probably not. While data breaches seem to be becoming more and more common, that doesn’t mean that your business must suffer a similar fate.
So, without further ado, let’s dive right into why you and your business should be thinking about data privacy and cyber liability and what you can do about it.
What are your responsibilities?
First, let’s set the scene when it comes to what your customers expect. While many people believe that hackers and viruses are the greatest threat to a business and the personal information that it holds, the truth is that these data breaches occur a lot closer to home than you may realize.
In fact, there are many opportunities during your customer’s experience with your business where a breach could take place. The most obvious is while they are making an online payment or purchase through your website.
From these purchases, or in a situation where a user is signing up your website, or a mailing list, they could be giving you their personal information which you make keep a virtual and/or physical copy of, depending on the nature of your business.
As a developer, these situations could take place within your apps, on your website or via any other method that a customer or user can get in contact with you (such as emailing your customer support via email while sharing personal information). These are all situations in which you are liable if there’s a data breach.
“If you manage business on the move, you might even have access to this information on your smartphone or portable computer. If your device becomes damaged, is lost or stolen, this is another opportunity for there to be a data breach” says Sharon Harper, a security writer for Paper Fellows.
By law, if a situation like this occurs, it’s also you and your businesses responsibility to notify the peoples affecting that a potential data breach has taken place.
What classes as ‘personal information”?
In short, there are many things that can fall into this category. Of course, financial information, such as bank and credit card data are one of the biggest.
However, data like social security number, insurance information, name, age, email addresses, physical addresses, social media links, phone numbers and even driving license numbers all classed as personal information that you are responsible for looking after.
What the law says about data breaches
Data management and the security that your business provides can become very complex when it comes to the law and what the requirements state, as seen in the Facebook/Cambridge Analytica scenario.
The further the data has to travel and the devices and systems that it passes through, the harder it is to track and therefore judge who is responsible for the breach. For example, if you back up all your user’s financial information that they have inputted through your software or app into Dropbox and there’s a data breach, are you or Dropbox liable?
In the US, many Federal and State laws clearly state that if you’ve taken the data from the customer or user, then you are responsible for it, regardless of what device, system or network that it’s stored on.
Regarding financial information, there are also many legal practices you need to follow, such as the PCI Security Standards Council’s Payment Card Industry Data Security Standard. This rule states that any organisation that handles financial information in the form of major credit cards, such as MasterCard or Visa, need to follow certain practices. Otherwise, you risk paying huge fines if caught.
What you can do to minimize the risks
Of course, as a developer, you need to make sure that you’re taking steps to minimise the risk of this becoming a problem. While this is no guaranteed practice or method you can implement to protect yourself and your client fully, there are a number of things you can do to bring that risk factor down to next to nothing.
Most obviously, you’ll need to install protection software on all your platforms, networks and devices, even if these are personal devices. After installing this form of anti-virus software, you need to make sure that it’s regularly maintained and updated to the latest versions for full protection.
Ian Diaz, a protection consultant for Big Assignments, said, “When we updated our services and protection features of our platforms, we searched far and wide to find the best. In the end, we ended up setting on Symantec for our overall website protection, and the tried-and-tested SafeGuarding for our anti-virus.”
When protecting financial data, you can also follow what sites like Amazon and Academized and many others have done by stating what kind of payment protection software and features you have in place, typically an SSL certificate at the very minimum.
Additionally, you can contract an IT specialist that deals with internet and data security to protect your sensitive data on your behalf. Using cloud-based software packages to store your information is also much safer in terms of hackers and viruses because the provider will have their own security and it will be harder for hackers to track down where your information is stored, a deterrent in itself.
As you can see, as a developer company, protecting the data and information of your user and your business is paramount in this dangerous world we live in. However, it’s not impossible to stay one step ahead of the game when it comes to protection.