The European Commission adopted the EU-US Privacy Shield on July 12, 2016 as a replacement for the Safe Harbor rules that were overturned by the European Court of Justice in October 2015. This new framework protects the fundamental rights of anyone in the EU whose personal data is transferred to the United States as well as bringing legal clarity for businesses relying on transatlantic data transfers.
The new EU-US Privacy Shield is an example of stronger privacy and security frameworks that affect US and European businesses as they collect, manage and share personal data. Ensuring the security of personal information, no matter its location, is no longer a technology issue. This is a business and trade issue. If I am a US company and want to do business online or in person with businesses and citizens of the EU, I must guarantee that sensitive personal data is always under my control and that only authorized people can access it.
It’s important to protect and control all traces of this information whether it’s inside or outside your organization. This includes being on mobile devices or in the cloud. The best way to achieve this is by protecting the information with strong encryption and applying persistent security policies that travel with the data. This ensures that only authorized people can access the information and use it.
One additional wrinkle in this situation is the recent Brexit vote in the UK. If the UK moves forward with untangling itself from the EU, how will this new framework affect companies in London and the rest of England? Will the UK abide by these rules? Will the US, UK and EU need another framework to address privacy and security issues?
Some UK citizens and businesses are already talking about moving to other countries as a result of the Brexit vote. This could exacerbate the movement of sensitive data as employees leaves organizations and go to competitors or businesses move their own stores of sensitive data. In both cases there is the possibility of data breaches and legal problems.
In the recent Ponemon study “Risky Business: How Company Insiders Put High Value Information at Risk” 56 percent of respondents say they do not educate their employees on the protection of files containing confidential information and 72 percent are not confident they can manage and control employee access to confidential files. How will businesses protect sensitive personal data that moves between countries and businesses, if they can’t even control employee access?
If organizations train employees on how to handle sensitive data and implement persistent file-based encryption techniques to protect this data, they can ensure that hackers and malicious insiders will not be able to bypass traditional security measures and access confidential information I assume that when I share personal or sensitive information with a company, they will protect it so that only authorized people can access it. If a company can guarantee that my information is safe, I will do business with them. If not, I will go elsewhere. This is the new business reality today.