Who do you trust with your data?

Who do you trust with your data?
2018-04-11

Facebook and other large media focused service providers have for too long been overly cavalier with customers' data, in particular with their personally identifiable information (PII). The attention being focused on this event shows they are no longer too large to be unaccountable. Indeed, with the advent of the new EU General Data Protection Regulation on 25th May, 2018, they will be fair game for being pursued by the regulator. It is high time they took a more pro-active approach to making serious attempts to safeguard data subjects' PII.

Events in recent years such as the loss of mass PII from Yahoo in 2013-14 (3 billion user accounts), Adult Friend Finder in 2016 (412 million user accounts), eBay in 2014 (145 million user accounts), Equifax in 2017 (143 million user accounts), and Heartland Payment Systems in 2008 (134 million credit card data exposed), give a brief idea of the scale of the problem. With the global jurisdiction of the GDPR, even these large US giants will not be immune to being pursued by the regulator.

There are really three initial areas of concern to contend with, firstly, there are the technology companies, such as Facebook, who have traditionally had a cavalier approach to the personally identifiable information (PII) of users of their systems. There has often been an attitude problem with these organisations who have frequently taken a poor attitude towards the security and privacy of their users' PII. Facebook are certainly far from alone in this regard. There are very few large corporates who do not subscribe to this corporate mind set. A part of this problem also arises through poor transparency of exactly which PII is being shared by default.

Second, we have to consider the all to frequent naivety of many users of these services, even highly intelligent users who should know better, who have themselves traditionally been cavalier about their own PII, with this attitude extending to poor attention to the use of strong passwords and lack of concern as to which data they are making public. This is often not helped by the complex default settings they subscribe to when they sign up for these systems. The fact that many of these large corporates deliberately make frequent policy changes to alter the privacy mechanisms certainly has a large part to play in confusing users as to what they have agreed to.



Third, the manner in which many of these large corporates have simply helped themselves to this PII without any recourse to their users, or any proper attempt to elicit proper approval from them. This is certainly one of the better elements of the GDPR which insists that explicit permission must now be obtained from every user of their services to agree to divulge their PII, rather than the use of permission by default, or by omission, or by simply helping themselves to all the PII without any direct permission, as was the case with the recent Facebook data problem.


Such practices by large corporates demonstrate a high level of contempt for their users and their users' PII. One might argue that this behaviour is also immoral and unethical, but after the GDPR comes into force, such behaviour will become criminal, albeit initially at a corporate level. This will at least mean that an improved level of corporate accountability should start to evolve. The GDPR will provide some good protection for the PII of users, and in the case of the UK, Prime minister May has indicated that after Brexit, not only will the UK continue to adopt the provisions of the GDPR, but plan to add additional safeguards for the better protection of individual users.



Looking back at past mass data breaches that have arisen throughout the developed world, it is clear that there has been little evidence of corporate responsibility in these organisations. Nor has there been much action taken to hold these corporate giants to account by regulators or legislators. Perhaps we are starting to see a long overdue move towards a sea change in attitudes will now take place, for the better good of all society.

 

Dr Robert Duncan is a senior lecturer in Accounting and Finance at the University of Aberdeen Business School and is co-Chair for the Enterprise Security Workshop at the IEEE/ACM International Conference on Utility and Cloud Computing, as well as being a member of the Advisory Committee for the CLOUD COMPUTING series.

Published by Business School, University of Aberdeen

Comments

There are currently no comments for this post.

Your Comment

Search Blog

Browse by Month

2024

  1. Jan There are no items to show for January 2024
  2. Feb There are no items to show for February 2024
  3. Mar There are no items to show for March 2024
  4. Apr There are no items to show for April 2024
  5. May There are no items to show for May 2024
  6. Jun There are no items to show for June 2024
  7. Jul There are no items to show for July 2024
  8. Aug There are no items to show for August 2024
  9. Sep There are no items to show for September 2024
  10. Oct There are no items to show for October 2024
  11. Nov There are no items to show for November 2024
  12. Dec There are no items to show for December 2024

2023

  1. Jan There are no items to show for January 2023
  2. Feb There are no items to show for February 2023
  3. Mar There are no items to show for March 2023
  4. Apr There are no items to show for April 2023
  5. May There are no items to show for May 2023
  6. Jun
  7. Jul There are no items to show for July 2023
  8. Aug There are no items to show for August 2023
  9. Sep There are no items to show for September 2023
  10. Oct There are no items to show for October 2023
  11. Nov There are no items to show for November 2023
  12. Dec There are no items to show for December 2023

2022

  1. Jan
  2. Feb There are no items to show for February 2022
  3. Mar
  4. Apr
  5. May There are no items to show for May 2022
  6. Jun There are no items to show for June 2022
  7. Jul There are no items to show for July 2022
  8. Aug There are no items to show for August 2022
  9. Sep
  10. Oct There are no items to show for October 2022
  11. Nov
  12. Dec There are no items to show for December 2022

2021

  1. Jan
  2. Feb
  3. Mar
  4. Apr
  5. May
  6. Jun There are no items to show for June 2021
  7. Jul There are no items to show for July 2021
  8. Aug There are no items to show for August 2021
  9. Sep
  10. Oct There are no items to show for October 2021
  11. Nov
  12. Dec

2020

  1. Jan
  2. Feb
  3. Mar
  4. Apr
  5. May There are no items to show for May 2020
  6. Jun There are no items to show for June 2020
  7. Jul
  8. Aug There are no items to show for August 2020
  9. Sep
  10. Oct
  11. Nov
  12. Dec There are no items to show for December 2020

2019

  1. Jan There are no items to show for January 2019
  2. Feb
  3. Mar
  4. Apr
  5. May
  6. Jun
  7. Jul
  8. Aug There are no items to show for August 2019
  9. Sep
  10. Oct
  11. Nov There are no items to show for November 2019
  12. Dec There are no items to show for December 2019

2018

  1. Jan
  2. Feb
  3. Mar
  4. Apr
  5. May There are no items to show for May 2018
  6. Jun
  7. Jul
  8. Aug
  9. Sep
  10. Oct
  11. Nov
  12. Dec There are no items to show for December 2018

2017

  1. Jan There are no items to show for January 2017
  2. Feb There are no items to show for February 2017
  3. Mar There are no items to show for March 2017
  4. Apr There are no items to show for April 2017
  5. May There are no items to show for May 2017
  6. Jun There are no items to show for June 2017
  7. Jul There are no items to show for July 2017
  8. Aug There are no items to show for August 2017
  9. Sep There are no items to show for September 2017
  10. Oct There are no items to show for October 2017
  11. Nov
  12. Dec