Tag: Brexit

EU-US Privacy Shield and the Future of Data ProtectionThe European Commission adopted the EU-US Privacy Shield on July 12, 2016 as a replacement for the Safe Harbor rules that were overturned by the European Court of Justice in October 2015.  This new framework protects the fundamental rights of anyone in the EU whose personal data is transferred to the United States as well as bringing legal clarity for businesses relying on transatlantic data transfers.

The new EU-US Privacy Shield is an example of stronger privacy and security frameworks that affect US and European businesses as they collect, manage and share personal data.  Ensuring the security of personal information, no matter its location, is no longer a technology issue.  This is a business and trade issue.  If I am a US company and want to do business online or in person with businesses and citizens of the EU, I must guarantee that sensitive personal data is always under my control and that only authorized people can access it.

It’s important to protect and control all traces of this information whether it’s inside or outside your organization.  This includes being on mobile devices or in the cloud.  The best way to achieve this is by protecting the information with strong encryption and applying persistent security policies that travel with the data.  This ensures that only authorized people can access the information and use it.

One additional wrinkle in this situation is the recent Brexit vote in the UK.  If the UK moves forward with untangling itself from the EU, how will this new framework affect companies in London and the rest of England?  Will the UK abide by these rules?  Will the US, UK and EU need another framework to address privacy and security issues?

Some UK citizens and businesses are already talking about moving to other countries as a result of the Brexit vote.  This could exacerbate the movement of sensitive data as employees leaves organizations and go to competitors or businesses move their own stores of sensitive data.  In both cases there is the possibility of data breaches and legal problems.

In the recent Ponemon study “Risky Business: How Company Insiders Put High Value Information at Risk” 56 percent of respondents say they do not educate their employees on the protection of files containing confidential information and 72 percent are not confident they can manage and control employee access to confidential files.  How will businesses protect sensitive personal data that moves between countries and businesses, if they can’t even control employee access?

If organizations train employees on how to handle sensitive data and implement persistent file-based encryption techniques to protect this data, they can ensure that hackers and malicious insiders will not be able to bypass traditional security measures and access confidential information  I assume that when I share personal or sensitive information with a company, they will protect it so that only authorized people can access it.  If a company can guarantee that my information is safe, I will do business with them.  If not, I will go elsewhere.  This is the new business reality today.

Brexit May Cause Inadvertent Data BreachesWith the British decision to leave the European Union, there may be a trend of corporate headquarters leaving the UK to remain under the EU.  This may trigger inadvertent data breaches as those organizations choosing to move could see an increase in employee exits that may bring security and privacy implications.  I have read recent reports of increases in visa applications and emigration requests as many people are seriously thinking of going to Canada, Australia and other countries as a result of the potential consequences of the vote.

Employees, no matter their position within the organization, have access to sensitive systems and files.  If you are in customer service or sales, you have access to customer information and sensitive information on your products or services.  If you are in HR or Finance, you probably have access to personal information on your employees, business partners and customers.

Anytime an employee leaves an organization, there should be certain security protocols in place to ensure all access to sensitive systems has been removed and that confidential documents are not available and copied for future use.  According to the recent Ponemon survey “Risky Business: How Company Insiders Put High Value Information at Risk“, 47 percent of respondents say recently hired employees bring confidential documents from former employers that are a competitor.  This is a little disturbing, since taking confidential documents from one employer to another can be a violation of privacy and data breach laws, not to mention ruining a company’s brand and business.

The EU has numerous data protection laws that cover the storage and movement of personal information.  Under the Data Protection Directive, personal data can only be gathered legally under strict conditions, for a legitimate purpose.  If you collect and manage personal information, you must protect it from misuse and must respect certain rights of the data owners.  What is the affect if the company is no longer subject to EU laws?  What if an employee exiting a company in another European country moves to a company in the UK or vice versa?

A company needs to always control access to its sensitive data and ensure only authorized people can access it.  When the employee leaves, that person should not leave with sensitive company data.  If they do, the documents should be inaccessible.  If the employee tries to open them and use the information at another job, they should see random characters, not useful data.  By encrypting all sensitive files and assigning persistent security policies to them, companies choosing to stay in the UK or leave can guarantee they will not experience a data breach and lose valuable information.

This is something organizations should be vigilant of in the coming months following the Brexit announcement.


Photo credit Christopher Michel

Book a meeting