The ‘interconnected network’ has been a legitimate information ‘superhighway’ for over a decade now. As important a tool the internet, or World Wide Web is for the fabric of society, to call it by its many names, it is also replete with risks and dangers that if left unchecked can spell disaster for all involved parties. To put this into perspective, we can think about the typical highway and jungle analogies. Highways in real life can be dangerous, just like the internet itself. The volume of traffic, dynamic events, and uncontrolled transmissions apply to both a highway and the internet itself. On a highway, accidents can take place, traffic can slow down flow and construction can cause chaos. By comparison, the internet is also filled with cyber-incidents, malware, slowdowns, and unexpected events. Secondly, let’s add the jungle analogy. The jungle analogy is also self-explanatory, where we can contrast the hidden dangers and vastness as well as unpredictability of a jungle to the internet itself. It is a fact that the internet is home to false identities, predators, bullies, surveillance and data collection, annoying ads, and malicious cybercrime. Not so long ago, what was once a research hub exclusive to a handful of researchers is today accessible to over 4 billion people across the globe.
Protecting your data security and privacy today is by default something that you should be doing, either to protect yourself or your employees, whatever the case may be. Yes, we all thought the internet was a safe place or at least should be a safe place. However, let’s think about that for a second. Why do we have these expectations that the internet and actors, organizations, institutions involved have your best interests in mind? Well, it’s important to appreciate the following fact; the internet is not monitored thoroughly, nor is there a general authority that protects users from what can happen on the internet. What is more, data collection and advertising as well as government and organization surveillance has gone out of hand. For these exact reasons, although still not perfect, there are several data security and privacy frameworks in place to try to protect people and organizations from such issues. This is why it is important to look at what data security and privacy regulations are, and why we should be aware of them.
What are Data Security And Privacy Regulations?
The following list includes some of the higher-profile data security and privacy laws in place globally today, which by no means includes the vast amount of all laws and regulations in place today;
- FTC Act
In this list, there are data protection and privacy laws (as well as electronic document-related laws.) Some of these laws have local influence, while others have international weight (in terms of compliance and regulatory criteria for businesses), such as the CCPA and GDPR – the EU’s data privacy and data security regulation. Furthermore, there are privacy acts, personal information protection laws, and more. All of these regulations and laws differ in where they originate from, what they cover, and who they affect. For instance, the GDPR originates from the EU, Brazil (LGPD), CCPA (California, U.S.), APPI (Japan), APPs (Australia), PIPEDA (Canada), and so forth. HIPAA and COPPA, for example, are laws that apply to data protection in the medical industry and the protection of children online, respectively.
Among the above, the GDPR is thought to be the most stringent and requires the toughest compliance standards from organizations. The official GDPR website even states that “The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The regulation was put into effect on May 25, 2018. The GDPR will levy harsh fines against those who violate its privacy and security standards, with penalties reaching into the tens of millions of euros.”
How do Data Security and Privacy Regulations Affect Business?
Today, practically every country has some sort of data protection and privacy framework instituted. This is required to regulate how information is collected, set a cybersecurity framework as well as our relationship with the data collection. Failure to comply with regulations today can lead to very hefty fines, legal issues, and business shutdown. The GDPR, for instance, is the single most important regulation enacted to this day. If we are to break down what the GDPR does and requires, it is the following; manages user consent, requiring data breach notification, and managing data and privacy rights. Regulations also differ greatly between countries. For instance, the regulations employed in the U.S. are quite different from those in the EU because of two differences; there is no nation-level regulation and each state decides for itself. The notion of ‘personal information’ such as an IP address is understood differently in the U.S.
Why is it Important to Protect Your Data Security And Privacy?
Back in the late 1980s, the general consensus was one of sheer excitement and giddiness when the internet was mentioned -a brand new tool with very promising future applications. Of course, no one knew just how instrumental the internet would be for society just a decade or two later. Let’s try to answer this question; When exactly did the internet become ‘unsafe’? The answer is twofold. Firstly, we can say that the internet became unsafe as soon as the first ‘worms’ (viruses) were created by the hackers of yesteryear, baffling network technicians at the time. One of these early worms was the notorious Morris worm. Secondly, as soon as the internet became public and started growing past the ability to be monitored or controlled, it became unsafe. Some scientists and intellectuals at the time forecasted that, if the internet continued its exponential growth, eventually the open, fast and multifaceted nature of one of society’s greatest and most powerful tools would become unhinged and we would not be able to affect it. As David D. Clark of MIT put it, at the time researchers thought risky people would not be interested in the internet and could be excluded.
The internet today is as unsafe as ever because it has grown so much and the myriad technologies, billions of websites, and billions of users sharing almost infinite amounts of data every day. Another issue is that we as a society have not ironed out a lot of simple kinks, nor are we focused on being cyber aware as much as we should (although thankfully this has finally begun to change.) Thanks to this, there have been several surveillance scandals affecting global privacy as well as rampant cybercrime that causes trillions of dollars of annual losses. The public consensus today regarding trust towards the internet does not have a very bright outlook, and for good reason, as we have seen above.
Today, due to the sensitive nature of trust, data collection, and privacy it is usually recommended that any website should approach users carefully, and offer privacy policies on how information is collected, and request consent. Although not every website provides the user with information on how data is processed by third parties or which cookies are used exactly, this will probably develop in the future and improve. Yes, such stringent regulations and legislation measures may throw a cog in the wheel of innovation. Also, sticking to these regulations means incurring heavy financial costs, as well as other costs like resources such as time invested and the need for employing developers and data privacy officers. Alas, regulation of data security and privacy is the future and here to stay and ultimately it will lower cybersecurity incidents like data breaches as well as contribute to streamlining the digital economy. To use another analogy just like the TSA airport security checkpoints at airports (as tedious as they are), more layers of security can only be a good thing.
Follow LiveWin for more!