Governments around the world continue to enact new data privacy legislation to protect the privacy of their citizens’ personal information. Unfortunately, all this legislation doesn’t reduce peoples’ privacy risks, nor does it reduce the risk of data breaches and cyberattacks. While data privacy legislation is a good first step, businesses need to take further steps to protect their customers’ data.
Understanding the Current State of Data Privacy Legislation
While the U.S. does not have a national data privacy law, several individual states do. Most are structured like the California Consumer Privacy Act (CCPA), which gives consumers the right to opt out of data collection and imposes hefty fines for noncompliance and if a business’ data is breached.
Outside the U.S., the General Data Protection Regulation (GDPR) offers similar consumer protections and even heftier fines for any company doing business with European Union citizens. In addition, China just enacted its Personal Information Protection Law (PIPL), which offers GDPR-like consumer protections to Chinese citizens.
The Problems with Current Data Privacy Legislation
While all of these laws are well-intentioned, they really do little to actually protect consumer information from misuse or theft. While these regulations dictate severe penalties if an organization’s data is breached, they don’t specify what types of protections that businesses should deploy. As such, organizations can skate by with minimal cybersecurity – at least until they’re attacked.
In addition, while local data privacy laws apply to any company doing business with citizens in that state or country, it’s difficult to enforce those laws for websites and apps based outside that area’s jurisdiction. Piecemeal local laws do not have the same regulating effect as would more global regulations.
The issue concerns foreign entities engaging in aggressive data collection and dissemination. This unregulated data collection poses a significant risk not only to individual data privacy but also to national security.
Perhaps the most significant threat to data privacy, however, isn’t a website owner collecting user data. It lies in the third-party code used by many websites to perform ancillary activities. These plug-ins – for advertisements, payment transactions, content recommendation, and similar functions – typically collect customer data on their own, outside the normal operations of the host website. Even worse, these plug-ins are capable of delivering malicious content direct to a website’s customers.
What You Can Do to Reduce Your Risk
Given these ongoing threats to consumer data privacy – and the concurrent threats to your business – what can your organization do? Here are some suggestions on how to reduce the data privacy risks in your company.
Understand and Comply with Data Privacy Regulations
The first thing you have to do is fully comply with all applicable data privacy regulations. If you have customers in California, you have to comply with the CCPA. If you have customers in Europe, GDPR compliance is essential. You have to comply with all the regulations in those areas in which you do business.
This may not be as easy as it might first appear. Currently, only 11.8% of UK websites currently meet the minimum requirements for GDPR compliance. You have to research and fully understand all the detailed requirements, and then adapt your website and operations to comply.
Limit Use of Third-Party Plug-Ins
Many websites today rely on plug-ins and services from third parties. Given the privacy risk posed by these third-party add-ons, you should reconsider which services you really need and where you obtain them. Search out plug-ins and services from third parties that comply with the same regulatory requirements that apply to your business.
Employ Robust Cybersecurity
It’s imperative that you protect all the data in your possession, especially customer data that, if breached, could subject your company to significant regulatory fines and, perhaps, legal action. Meeting all the other regulatory requirements could be moot if your systems are attacked and customer data stolen. To completely protect your customers’ privacy you need to conduct a thorough cyber risk assessment and employ the strongest available cybersecurity measures.
Encrypt All Data and Communications
When considering your firm’s cybersecurity, don’t neglect the security of company communications. Malicious actors can glean sensitive customer data by hijacking unprotected text, audio, and video communications. The best way to protect both data at rest and data in transit is with robust encryption – and, in the case of communications, end-to-end encryption. This ensures that even if communications are breached, malicious actors won’t be able to access the information contained within.
Let Wickr’s End-to-End Encryption Reduce Your Data Privacy Risks
To reduce the data privacy risk from unsecured communications, turn to the security experts at Wickr. Our secure communications and collaboration platform uses end-to-end encryption and other military-grade security to ensure that text, voice, and video communications cannot be hijacked. This ensures the security and privacy of all customer information – and reduces your organization’s data privacy risks.
Contact Wickr today to learn more about how secure communications can reduce your customers’ data privacy risks.