Posts

TaylorMade Solutions, Heather MacLean

Data Privacy, Breaches and the Impact on Your Bottom Line

Why Boards of Directors Are Losing Sleep Over Data Breaches

 

Like many news stories, we become numb to the constant barrage of data breaches and begin to think that it is both normal and acceptable. In fact, just last month it was revealed that thousands of patient records were held for ransom in Ontario home care data breach in Canada. Similarly, data breaches in the healthcare sector continue to plague the United States

Sidebar: In the Ontario case, the breach was announced in June 2018; however, the full extent of the situation is only coming to light recently because of the group claiming responsibility, reached out to CBC. In addition, some of the victims claim they have not yet been notified.

If you are business owner or a member of a board of directors, news reports of this nature are likely causing you to lose sleep. And, if they don’t, they should. Data privacy, breaches and the impact on the business’ bottom line should be top of mind. Protecting, or not protecting, the personal data of your customers/clients and/or employees is serious business. It could cost you thousands, millions or even result ceasing operations. Regardless, as a business owner or a board member, the fiduciary duty may be more than you are aware of. Data or security breaches should never be thought of as normal and a course of business operations. More than ever board members need to demand that the proper investment and human resources are allotted to protecting the organization’s data. It is also no longer acceptable to not have awareness and increase your knowledge about data protection and cybersecurity risk management.

If you are a consumer, you should never accept that data breaches are normal. You should also never accept that your privacy is a thing of the past. Data is valuable. Your data is extremely valuable to you and your piece of mind. You own your data.

Increasingly privacy laws are being strengthened and for good reason. As consumers we have a right to protect our personal information. And, if this information isn’t adequately protected by businesses or organizations, then they should be liable for this breach and the ramifications for those who data they hold.

The good news is that many business leaders know and understand that data breaches and privacy do matter. They matter to boards of directors because they do have significant financial ramifications. For example, with the General Data Protection Regulation now enforceable it means significant fines for anyone doing business in Europe. In fact, the research is clear. More and more Boards are considering the critical importance of IT oversight and cybersecurity. According to Price Waterhouse Coopers (PWC) “less than one-fifth of directors are satisfied with the current levels of expertise on their boards. Only 19 percent say they have enough IT/digital expertise and don’t need more, and only 16 percent say the same about cybersecurity.”

So, what does this all mean? It means dollars. It means thousands, hundreds of thousands and possibly millions of dollars in fines and penalties. Some organizations are still playing Russian Roulette in the sense that will gamble with the fines at the time that an incident occurs. An interesting approach for a one-time event. However, the gamble may not pay off when board members are held accountable too. Or, if customers and investors walk away. Additionally, the probability that it is a one-time event is both naïve and short-sighted.

The risk of a data breach increases daily and the time to act is now. The time for consumers and investors to hold the feet of executive teams and boards of directors is now.

Want to talk more about privacy, communications and board governance? Connect with us.

Intel, Heather-Anne MacLean

Intel’s Security Flaw Puts Spotlight on Security by Design

Well, 2018 is starting off with a significant cybersecurity and privacy hit. Intel Corporation just confirmed Wednesday of this week that flaws in the Intel processor could leave computers – around the world – open to vulnerabilities. As the largest chipmaker in the world, computers – and not just PCs – are now exposed, and this quite frankly puts a spotlight on security by design.

Security by design is something that consumers should be concerned about. We should demand it actually. But, what is security by design? Using a simple definition from TechTarget, it is “an approach to software and hardware development that seeks to make systems as free of vulnerabilities and impervious to attack as possible through such measures as continuous testing, authentication safeguards and adherence to best programming practices.” In addition to security by design, privacy by design should also be included and with the previous definition, privacy by design should be pretty easy to figure out.

Security and privacy by design are two minimum standards that consumers should be asking about and confirming that they are being fully implemented by the companies from whom they purchase products. After all, once a consumer is compromised the level of damage can range from embarrassing to fully destroying one’s life. For example, it could be someone getting access to your social media and taking it over and posting pornography. Or, it could be someone getting access to all your credit card information and then using the information to spoof you and to get many more credit cards in your name and thus ruining your credit and leaving you with thousands or tens of thousands of dollars of debt. It can also mean someone getting access to all your personal information, including all your health records and in addition to getting credit cards in your name, posting all your medical history online and on your own social media for the whole world to see.

Security and privacy by design are not new. People have been talking about these principles for years; but the kicker is that there is no legislated requirement to ensure that companies adopt these principles and build them into their standards and operations.

This Intel discovery should really be a warning and wake-up call globally. With Artificial Intelligence (AI) and the Internet of Things (IoT) becoming more and more entrenched in our daily lives, security by design and privacy by design must become the standard and be baked-in at the start of the design process rather than just emerging after an “oops” discovery.

For those that don’t think that IoT is in their lives, think again. Do you have a mobile phone? How about a computer at home? Did you get a fancy new fridge for Christmas that can tell you when you are running low on milk? Or, how about the latest craze in home assistants such as Alexa or Google Home – perhaps this was a new addition to your life? If you said yes to any of these, then you should definitely care about security by design and privacy by design.

So, once you have updated your computers with the patches sent out from your computer provider, let’s use the Intel incident to collectively start asking, no demanding, that all software and hardware providers implement – immediately – security and privacy by demand principles, protocols and standards! If consumers stand up for their rights and only support companies that adopt security and privacy by design, this will cause all companies to follow suit. Better yet, let’s legislate it and have severe penalties in place for those that don’t comply.

Want to learn more about how security and privacy by design impacts your marketing and communications? Connect with us.