Eliminating The Data Ownership Argument In The Event Of A Breach

Data Breach

Google has introduced its new privacy policy despite warnings from the EU that it might violate European law. The change means private data collected by one Google service can be shared with its other platforms including YouTube, Gmail and Blogger.

Google has merged 60 guidelines for its individual sites into a single policy for all of its services. France’s privacy watchdog CNIL wrote to Google earlier this week, urging a “pause” in rolling out the revised policy. “The CNIL and EU data authorities are deeply concerned about the combination of personal data across services,” the regulator wrote.

Google’s business model – the selling of ads targeted on individual user behaviour – relies on collecting browsing information from its visitors. Until today, this information was kept apart between services. Users can see which Google services hold data about them by viewing their dashboard.

Big Brother Watch has argued that not enough has been done to ensure people are fully aware of the alterations. The group’s director Nick Pickles said: “If people don’t understand what is happening to their personal information, how can they make an informed choice about using a service? Google is putting advertisers’ interests before user privacy and should not be rushing ahead before the public understand what the changes will mean.”

In the wake of Google changing its privacy settings, organisations need to ensure that their own data security is robust as employees continue to work across corporate and personal boundaries. Organisations that collect personal and sensitive data need to have a tough security encryption in place to demonstrate clear responsibility and ownership for that data to the governing bodies.

As individuals increasingly co-operate across corporate and personal boundaries on a regular basis, it is becoming increasingly difficult to manage data ownership. Organisations need to demonstrate a commitment to minimising the risk of data exposure through employing an effective data encryption solution. This will assist in reducing the risk of expensive fines and, critically, safeguard both customer and employee data at all times.

Addressing data loss can become difficult to manage in any situation where multiple individuals from diverse organisations are collaborating on a single project. Organisations working together must ensure partners are complying with required regulations or security standards.

Given the risks associated with data breach, the compromise of sensitive information and the challenges associated with managing data ownership, organisations need to put in place robust policies that reflect this highly integrated business environment.

In addition, organisations need to ensure that every member of staff understands the implications of data ownership – especially relating to customer data and the rights the organisation has to use and share that data. Furthermore, organisations need to facilitate compliance by enforcing these policies with adequate penalties for data misuse whilst also facilitating effective yet secure data usage.

With the right security solutions the argument about data ownership becomes irrelevant in the event of a breach, because the data cannot be compromised. Encryption demonstrates to regulatory bodies and auditors that the company has taken reasonable steps to safeguard information, while also providing customers and business partners with confidence in the quality and security of operations. By leveraging the latest generation of disk encryption technologies, organisations can eliminate the data ownership argument in the event of a data breach and remove the risk of compromise.

Garry McCracken has more than 25 years of experience in data communications and information security. He has been responsible for the development of WinMagic's full-disk encryption solutions for desktops, laptops, and PDAs. Prior to working at WinMagic, McCracken was vice President at Kasten Chase, a publicly traded technology company, where he played a key role in assuring the company's compliance with strict security standards imposed by the Canadian and International Industrial Security Directorate. Garry holds an Honours, Co-op, Bachelor of Mathematics degree in Computer Science from the University of Waterloo. He furthered his education by successfully completing CATA's Certified Advanced Technology Manager program, writing the BS 7799-2 Information Security Management System Auditor exam, and obtaining the Certified Information Systems Security Professional (CISSP) designation from (ISC)2.

  • sabrina D

    Databreaches are one of the dangerous among this cyber security. this should be reduced .