In March 2018, Facebook’s reputation took a serious hit from the Cambridge Analytica scandal, a UK based political data analytics firm, that allegedly sourced the data of around 80-90 million Facebook users illegally without their knowledge and consent and used it during Donald Trump’s presidential campaign. This caused huge uproar not only in the United States of America but globally. While many deleted their Facebook accounts, everyone else became deeply skeptical about not just Facebook but online security and data privacy in general. What lessons have been learnt from the crisis. Are governments, companies and users of data serious about their online privacy after this eye opening incident?
Currently in India, there is no data protection policy or any government policy around data protection. There should be a way to enforce best practices of data collection, retention and disposal, otherwise it becomes an easy prey not just for hackers but also to unscrupulous organizations. Organizations are not bound to secure your data in any way. For example, there are lots of government services for which we can pay for online, like water bill, electricity bill etc. In that case I am providing my information, it is in this case the government service provider’s duty to keep my data secured and not use my data in any malicious way. While the government service providers may not be selling data but many private companies may be doing that, we need to be careful about the kind of information we put online. They also should be careful about it.
In Europe, General Data Protection Regulation (GDPR) policies went into effect from, May 25th 2018, which has put a framework on how data should be secured, retained, utilized and disposed. Deleting old data is in important aspect of the regulation. European Union regulation has strict data regulation rules. Each individual has the right to go to an organization and ask the organization to forget his data. They are bound by law to delete the data within a stipulated time. If you are not compliant, penalties are very high. The presence of a similar law in India will bring a lot of trust back into online transactions.
It is also very important for most businesses to keep their customer’s data secure. Say, you are an online ecommerce company. You will have customer data, that’s not the problem but need to keep that data securely. The other aspect is that after data is stored, you need to make sure that your database is encrypted. There are other threats like encryption malware. Organizations will have all business data and if a ransomware hits and collects the data, it can cause grave consequences. That is where storage backups come into the picture.
The Facebook-Cambridge Analytica crisis has taught the world a huge lesson that at any point we cannot be casual about our online data and we are not yet in a fully secure state. It is rumored and there is no proof that data was used to swing the elections and if that is true it is a big thing. If it was done by a 3rd party, it is a super big thing. We also need to be aware about certain things when online, like giving permission to apps to come and access our profile, it seems fun but can cause huge damages. Another thing is distinguishing between what is real info and what is fake info. We need to be careful before believing and not believing.
[The author is Senior Director, Product Management, Barracuda Networks]