Protecting data privacy

John Yang, Vice President at Progress Asia Pacific and Japan

In this Internet age our personal data is stored on multiple servers, and is constantly being shifted around across platforms. Many of us do not realise how our data is being handled, and whether our personal information is stored securely. What can be done to ensure large organisations don’t mishandle our confidential information?

Why is data protection such a big issue?

Over the last few years, we have heard of many scandals where big corporations have lost or leaked their customers’ personal information. These incidents have raised awareness on the need to secure and protect personal data and the situation is gradually improving, at least in some parts of the world.

For example, thanks to GDPR, companies in the EU must handle personal information properly or face large fines, but in the USA there is no such protection. In 2020, Singapore updated its Personal Data Protection Act (PDPA) to allow local businesses to use certain consumer data without consent, while also detailing classes of personal data that should be protected.

Singapore’s Central Depository Board was fined in 2020 for failing to put reasonable security arrangements in place to prevent the unauthorised disclosure of individuals’ personal data.

How are companies handling personal information?

 As companies grow, so does the risk of them mishandling personal data. Every employee has access to some registers with personal information, and they regularly need to send documents containing such data to their co-workers. That makes it almost impossible for a firm to fully control how all the data is handled.

Most employees use clouds, shared documents, and e-mail to send various files within the company. The problem is that most IT department staff would never recommend using such services for sensitive data. Previous experience of data leakage suggests that this approach is not secure enough.

Businesses struggle to find safe file sharing solutions, as it is expensive to develop and switch to more secure systems.  

How can customers prevent mishandling of personal data?

Customers should always give as little information about themselves as possible. Companies are always trying to get more information from their customers than they actually need.

If a data breach exposing customers’ information occurs, companies must alert affected customers and keep them updated about the situation. They should be provided with the right support in securing confidential data, such as advice on changing passwords.  

Businesses need to have security protocols in place which can help them protect data. Gartner has predicted that 60 percent of large organisations will have a full-time position dedicated to security awareness by 2022.This will help to keep the IT team updated with the latest threats and advice on the most secure data management options.

How can companies protect personal data?

Data should also be kept separately on business and private accounts. When companies have their own functional IT system with multi-factor authorisation to send files or any other preferred solution, personal data will be under greater control. Gartner highlighted that many employees may experience higher stress levels and distractions while working remotely, and therefore might not be as vigilant as they should be about security. Businesses should regularly remind employees of the importance of securing confidential data, and clearly communicate who to contact and what to do when they suspect a cyberattack.

To ensure better security, IT teams can restrict employees’ access to personal data on office networks. This lowers risk as employees are not accessing data which they do not need to work with. By doing so, IT teams can have more power and flexibility and can react faster if a breach happens. Secure file transfer solutions are available to help consolidate all file transfer activities into a single system, allowing management control over the entire business and all the processes.

Such solutions should ensure that you can secure access control with Multi-Factor Authentication (MFA), securely share folders for simplified collaboration, and importantly achieve compliance with data privacy laws and regulations like the GDPR, HIPAA, and PCI. 

Threats to our privacy and security are ever-evolving and cyber attackers are constantly inventing new ways to retrieve confidential data from their victims. The bottom line is that privacy should be embedded into every process, procedure and system which handles data.