As some of you may know, this Monday is Data Privacy (or Data Protection) Day. Its main objective is to raise awareness and promote privacy and data protection best practices. It’s no surprise that this initiative was launched and supported by the European Union, the same institution that brought us the well-known GDPR.
Data Protection refers to two really interesting concepts that I’ve been following for a couple of years now: data and security. An expert might say that one cannot go without the other: it would be insane to store data without security, and having security without anything to protect would simply make no sense at all. As I come across many people in many different organisations or companies, I can see that both topics are shaping and challenging the corporate world and future. And I’ve been working on different projects addressing one or the other.
Protection or security initiatives can take a lot of various forms. From Security Awareness (feel free to discuss it with the brilliant Leila Taghizadeh -Security Awareness Lead at Euroclear- who’s it dealing with that every day) to strengthening the IAM processes, many initiatives have been launched. I have been following several discussions about the pros and cons of going into the cloud or about the risks of keeping a one-factor authentication. Moreover, there is no way that I can enter a financial institution without my ID and the approval of the person I am going to meet (and don’t get me started on Euroclear’s visitors’ badges!)
On the other hand, data projects skyrocketed as well. From the emergence of new jobs like data engineers or scientists to the rise of machine learning or AI, I am simply amazed by what can be done today. Communities all around the globe work on data sets to get the best out of it and Python holds one of the best open-source communities in the world. Not to be outdone, the corporate world hires some of the greatest minds to tackle complex challenges. Just to think that a single Hadoop disk cluster can store more than 100 petabytes of data is crazy (1), and I cannot wait to see what the future holds in store for us.
But this matter should not be considered without risk. Google’s CEO, Eric Schmidt, stated that every two days, we now create as much information as we did from the dawn of civilisation up until 2003 (2) Every day, Facebook processes more than 500 terabytes of data (1) Many articles were written about Google’s or Facebook’s security or about its latest leaks but I won’t get into that. I believe that people and public institutions now understand how serious this is. And Mark Zuckerberg’s last hearing at the European Parliament quite confirms this belief (3)
The famous GDPR that I mentioned above came to address this major issue. Many projects were –and some still are- undertaken to be compliant with the law (reminder: the deadline was last May 25th), and I had the chance to take part in some of them. All sectors were impacted: banking and insurance, obviously, but also energy, transport, public, telco, pharmaceuticals, etc. Data protection is real, and it affects everybody.
To go back to some discussions I had with CISO, security managers or auditors, they all pointed out two main facts:
- Security is always seen as financial hole until it’s too late
- Most leaks come from stupid and easily-avoided human mistakes
Each and every one of you, reading this article, is responsible for its data. We may attempt to introduce new laws or regulations, we may have multiple-factors authentication with 30 seconds token, we may give tons of trainings, it’s no use if you leave relevant data on your desk or your password on a post-it.
Don’t leave your password on a post-it. Take the ownership of the privacy of your data and the ones of your company. Let’s give Data Privacy Day the spotlight it deserves.