Looking at news articles nowadays, it is not surprising anymore when you find an article about a recent data breach. Data-driven businesses are a great source for hackers. In only the first 6 months of 2018, there were 945 breaches, which affected 4.5 billion records (Ross 2018).
However, the amount of breaches does not always indicate the scope of the problem. For example, in Europe there was a decline of 36 percent in the amount of breaches. Nevertheless, there was still a rise of 28 percent in the number of records that were breached. This shows the increased severity of breaches (Ross 2018).
Social media is the biggest industry that is threatened with breaches, as it is attractive to hackers due to the significant amount of users on the platforms. For example, Facebook suffered from a security hack last month. This breach affected approximately 30 million people (Kastrenakes 2018). Personal information such as your name, contact details, gender, religion, education, work, current city etc. were obtained. The amount of personal information that was taken, depends on what a user chose to show on their public ‘’view as’’ profile. (Olson 2018).
Furthermore, the severity of the breach could also depend on what kind of information is taken. For example, a Dutch insurance company, Achmea, was victim of a data breach last August. Information of ten thousand people were obtained. This included very personal and sensitive information, such as people’s name, social security number, home address and payment amounts (NU 2018a).
The problem goes beyond companies. According to research of the Data Protection Authority, the Dutch taxation authorities do not adhere to the law regarding data security (Kleinnijenhuis 2018). The Dutch taxation authorities do not record when and which employees search for personal information. They state that it is ‘technically impossible’ to secure personal data. Consequently, they cannot guarantee that privacy sensitive personal data will become accessible to outsiders and the central database with information of all citizens is unsecure (Kleinnijenhuis 2018; NU 2018b).
In my opinion, governments and companies are still not doing enough to prevent these breaches. The Facebook example is one of many, where companies state they do everything to protect your data, users can shield their profile, but a wide range of information can apparently still be obtained. Moreover, the explanation ‘technically impossible’ is far from sufficient coming from a national authority.
What do you think about this and what should companies and the government do in your opinion?
Sources:
https://www.nu.nl/internet/5511557/gegevens-van-zon-tienduizend-verzekerden-achmea-uitgelekt.html
https://www.information-age.com/data-breaches-compromised-4-5-billion-records-123475313/
https://www.theverge.com/2018/10/12/17968562/facebook-hack-how-to-tell-if-data-stolen
http://digg.com/2018/facebook-hack-30-million-users-contact-info-2fa
Hi Jisna,
Very interesting post! I myself am very interested about the privacy part that comes with the digitalization of our community.
Like you mentioned, data breaches are a large problem and while its scope decreases it, the severity is actually increasing. Too often do we hear of new data breaches there days. With upcoming technologies, like advanced implementation of Internet of Things (IoT), this problem will probably only increase. The thing is that a lot of firms and institutions are already implementing their own Privacy Policy, often with a data breach policy. It seems that by including such a policy, they already expect that there is a potential chance that their system can be breached.
Should they not actively invest in this area to ensure that their data protection is up-2-date, to decrease the chance of a breach? I agree that that this problem cannot be solved by only the firm and that there should be more cooperation
between the government and firms and perhaps even international institutions, like the Data Protection Directive introduced by the EU.
However, apparently a large institution, the Dutch taxation authorities, state they find it technically impossible to secure personal data, as they cannot guarantee that this data will become accessible to outsiders.
The question that rises is: “Are they taking the extra steps needed, to ensure the safety of this data?” Weber (2010) states that safety can be ensured by continuously intercepting data, control the access of every incoming foreign activity and act on this.
What are your further thought about this? Can firms handle these breached individually or should there be a global cooperation between the aforementioned entities?