Published in Risk & Compliance Magazine: https://riskandcompliancemagazine.com/privacy-and-cyber-security-immediate-convergence-is-a-necessity

I don’t know if you are aware, but our entire online activity is being recorded and is subject to scrutiny, often without our knowledge or consent. While some could argue, it’s an infringement of privacy. It should not be taken lightly: our personal data like email addresses, passwords, social security numbers, credit card information, birth dates and more, are not at all safe once they get online. Each of us can quickly become identity theft victims, as billions of people are affected by data breaches every day.

A most recent and most concerning data breach is the leaking of over one million North American students’ personal information in the breach of the online learning platform OneClass. In this case, a 27 GB OneClass database was left unprotected for a while, where full names, email addresses, phone numbers, schools/universities attended, school enrolment information, and payment details were exposed. Much of this data was from minors, which makes matters even more concerning, raising the question of how our personal data gets handled once it gets online.

Examples like this and several others below only prove that our privacy and online (or cyber) security are under an immediate threat. Here we’ll discuss how privacy and cybersecurity – two significant domains critical for any company or individual need to converge and become an inseparable entity that will take a more assertive approach towards keeping data safe and secure.

Many everyday objects in our daily lives are connected over the Internet; we are left with many vulnerabilities and different exposure points. Our reliability on the Internet is so strong that we are not aware of the risks we take when we relay critical information online – we readily transfer bank data, medical information, and various other sensitive data.

To get a sense of the amount of data we talk about: 1.7 MB of data is created by every human every second on earth, equal to close to 2.5 quintillions (2.5×1018) bytes (or 59 zettabytes) of data produced every day (Source: Statista). It is a lot of data, and it is so tempting for data miners and hackers with malicious intent that we are seeing data breaching scandals occur daily.

After the enormous scandal with Facebook and Cambridge Analytica where personal data was collected without users’ consent, we continuously witness data breaching scandals affecting millions of people. This news is often not as scandalous as one may expect, simply because secure data breaches are becoming an everyday occurrence.

The 2020 Marriott data breach, added to the data breach of 2018, has exposed over 505 million people’s personal data. Not to mention the Canva data breach in May 2019, where the personal data of over 137 million users became the target of hacks.

Many more similar hack attacks and data thefts leave billions of users’ info vulnerable. It proves that even though we can take every precaution as users, our data is no longer safe. It comes down to the way companies take care of protecting personal and sensitive data. The security of digital data is often neglected, which is why we are in this situation in the first place. It is becoming challenging to protect against such invasions simply because of the weak or non-existent data encryption and insufficient security measures companies have in place. On a personal level, we could perhaps take better care and provide our personal data only on trusted sites; even this is not enough. We can limit our online activity, produce less data, and leave less of a digital footprint, but it is nearly impossible to use technology and not leave a digital trace. The thing we used to know as privacy seems dead long ago. Maybe you disagree with me but bear with me for a second. We freely and readily publish personal information about us on social media and many other online places that this data no longer remains private.

When you enter your data into a company website to get access to their services, this data comes under the legal department’s guardianship, whose job is to protect it in case of a legal issue. But this data is also a target to hackers and data miners, so it is also the IT department’s job to keep it safe from theft. How seriously these departments take their responsibility?

Cybersecurity becomes a necessity for us to be able to keep a semblance of privacy. The changes in privacy laws in many countries like the EU also point to the need for increased cybersecurity and keeping private data private. Some companies have taken privacy more seriously and promised the incorporation of better privacy-securing measures.

That is why we trust the social media platforms and other sites to respect our “right to be left alone” and protect the personal data we cannot stop generating. However, as experience has shown, this trust is often misplaced, as it becomes nearly impossible for the various platforms and companies to keep our data private and secure. It is mainly because companies often take a loose approach towards securing seemingly innocuous data.

Who is responsible for protecting private data? With most companies, privacy is managed by the Chief Privacy Officer or the legal department, and the IT Security Officers manage the cybersecurity. While this was a good concept that worked well until a while ago, the technological changes have brought forth the necessity for these two to converge into a single entity.

This convergence needs to happen soon by opening new departments equipped to deal with all the facets that involve protecting users’ private data. The first step towards this is to get a real insight into the severity of the problem – the vast amount of data is prone to breaches, and frequently it is subject to human rights violations.

A significant ramp-up of companies’ security measures is necessary; cybersecurity needs to be the companies’ primary focus now. It means limiting the data miners’ and hackers’ options to access the sensitive and innocuous data by adding several protection layers.

A type of protection that needs to be taken more seriously is the implementation of encryption: advanced encryption protocols can add double or even triple layers of security measures. The complex advancements in technology and the increased number of interconnected devices, and the sophistication of the threats will continue to pose severe risks to our privacy. It is crucial, now more than ever, to protect against unauthorized access to private data.

The sooner companies understand and implement this, the better for everyone. It is not a concept anymore; it becomes clear that cybersecurity is a grave necessity for protecting privacy. If the convergence of privacy protection and cybersecurity is not understood, we will face an insurgence of significant problems for both companies and users. However, we can do something about it: converging privacy and cybersecurity that data miners and hackers will get fewer chances to cause harm to personal data and privacy breaches. Once Pandora’s Box gets opened, only hope will remain that our privacy will remain secure without proper cybersecurity measures.