Presentation draft according to the paper

PRIVACY AND CYBERSECURITY

Name

Institution

PRIVACY AND CYBERSECURITY

For some time now, the discussion regarding the convergence between data privacy and cybersecurity has been raging on (Burn, 2018). There has been new laws being put in place in a bid to regulate the manner in which people’s private data is collected, used, disclosed and disposed (Bhatia et al, 2016). On the hand, cyber-attacks have spirited exponentially as well as numerous cases of data breaches and unauthorized access and use of personal data. There is need for persons and organizations to understand their rights and obligations regarding such critical personal data as health, financial as well as other information that can be identified as critical. This is one area that is now more than ever very critical for business and almost every other sector in our dynamic world. That said, it is only important to delve into this matter, by means of reviewing the new data privacy laws and regulations, and cybersecurity and personal data protection best practices.

In simple sense, with the experienced rise of large amounts of data and machine learning, the issues of privacy and cybersecurity are converging. What was some time ago an abstract concept that was aimed at ensuring that the expectations of our data were protected has now become concrete and critical matter, to match the level of the threats posed by cybercriminals whose would really like to access our data without our authorization. Looking at it more specifically, the biggest threat to our digital selves is that threat of unauthorized access of our personal information. In days gone by, privacy and security were perhaps largely separate functions that seemed to move almost in a parallel manner. Security took the front seat, thanks to the more tangible concerns about it as privacy took a backseat. Nowadays, their lines have met thanks to extensive machine learning techniques that we have in place. Once data is generated, any person who comes into possession of that poses new dangers to not only our privacy but also security.

With all this in mind, it is perhaps too obvious that the world has reacted in a bid to control this problem. In that accord, new data regulations have been put in place to try as much as possible to mitigate the threats posed by data breaches and unauthorized access of personal data. Examples of the recent data protection laws and regulations put in place are the Global Data Protection Regulation (GDPR) that were enforced in May 2018 (Burn, 2018). The regulation brought with it far-reaching alterations in policies regarding privacy and data security in the European Union and ultimately in the whole world. This is because companies handling data of individuals residing within the EU have to align with the regulation on how that data is managed and/or shared. Some of the far reaching provisions that companies must confer with is the requirement for consent from the person that is informed and explicit for collection of personal data and the mechanisms that are in place that allow for withdrawal of such consent. Individuals have the right to access all the data that collected by a company and a right too to have the data erased. If these provisions are breached, companies run the risk of being fined a penalty not less than €20 (Warren, 2018).

In the United States, the regulatory environment comprises of a quite intricate makeshift system of laws at the federal and state levels. These laws governing the privacy of personal data and cyber security continue to evolve in a bid to address increasing cases of data breaches and unauthorized access and use and personal data. All the states have enacted laws that require companies to notify individuals of a case of a data breach. Failure by companies to follow these regulations may draw companies both civil and criminal penalties in case there are security breaches involving personal data. There have been a number of lawsuits regarding this matter, most notably the Target and Equifax data breach litigations in 2013 and 2017 respectively. These lawsuits highlight the risks that companies face for either failure to have the best practices or not following them come an instance of cyber security attack. These are not however the only risks that a company faces. For instance, Facebook lost amounts totaling around $199 billion in the wake of the Cambridge Analytica Scandal in market capitalization after concerns were raised regarding privacy. Recent trends have shown that consumers are becoming more and more conscious about the security of their private data with governments coming up with security laws of their own. This means that companies that fail to follow the set regulations are going to face even harsher penalties than these in the future. Such are the repercussions that could befall any company for failure to conform to private data protection best practices (Burn, 2018).

That leads us to these best practices. What are they and what do companies have to do with them? The answers to these questions are simple. Data protection best practice are procedures that are prescribed so that data protection systems are most effective. Companies ought to not only have them but also to follow them. Stakes are now more than ever high with regard to data how data is collected, used, disclosed and disposed. Given the regulatory framework nowadays, companies should expect to face escalating costs regarding their privacy and data security practices (Zoltick & Maisel, 2018).

Various resources are available to companies to offer guidance and assistance while dealing with matters private and data security practices. The resources also offer ways to ensure that these best practices are implemented and are in line with any pertinent laws and regulations. Both the EU and US Federal agencies such as the Federal Trade Commission (FTC) have publicized guidelines and recommendations regarding privacy and data security best practices for various industries. These include best practices for industries in almost all fields. On top of that, some industries and groups of industries have adopted their own recommendations and guidelines and certification programs that they abide by voluntarily.

On top of these guidelines, it is advisable for companies to put in place internal policies that ensure compliance with the set laws and regulations. The business policies may need to include an information security and privacy policy for the top brass of the business management that expresses the company’s commitment to abide by the data security and privacy policies from the top. It may also include acceptable use policy, monitoring of communications, reporting any cases of breach and outsourcing policies (Warren, 2018). On the other hand, technical policies may include commitment to various procedures of technical control, such as data protection through such methods as encryption, password protection, disaster recovery and detection of intrusion, upgrading of data systems and the like. Policies from the top management as well as the technical policies should not be treated in a manner that they work in isolation. They should rather be treated as procedures that work hand in hand to create a blend of successful conformation to the underlying policies and regulations.

Companies that have public-facing websites have to conform to the website privacy policies. In addition to this, the companies ought to have a written incident response plan that were be effected come a data breach (Warren, 2018). This should cover how the data breach activity is to be assessed, how it should be contained and providing the necessary guideline on how the response team will interact with other parties, such as law enforcement officers who might require a data breach notification as per the data breach laws. Additionally, companies must consistently and regularly audit and maintain their certifications to make sure that they remain with the best practices and laws that get updated every now and then. For instance, various privacy management software and other solutions in compliance that can allow the companies to audit their systems internally.

In a nutshell, companies are becoming more and more obligated to ensure that they have conformed to the data privacy and data security laws that are put in place. This costs companies a whole lot of money. New threats are increasing by the day (Dua & Du, 2016). This means that businesses will have to spend a lot of money in this sector since new measures will with no doubt be put in place to mitigate the new threats. They therefore have to brace themselves for more measures and more spending to help mitigate this dynamic problem.

That said, we cannot overlook the need to make privacy and data security in the conversation regarding utilization new technology (Dua & Du, 2016). It is easy to speak about implementation of new policies and best practices than put them in place. It comes as a challenge to companies to evaluate and deploy new technologies that in themselves both hinder and help in conformation to new privacy and data security regulations at the same time. Take for instance the blockchain technology. It offers significant advantages regarding data security. It allows for recording of transactions in a manner that is both decentralized and immutable which is largely advantageous from the data security and privacy perspective. At the same time, the same technological principles may bring hitches while conforming to new privacy regulations. Specifically, since the data in a fully-distributed blockchain is immutable, it is a problem to erase it as per the right to be forgotten (Warren, 2018). Thankfully, a number of solutions have been proposed to provide means of increased control and management of information with block chains. These include making transactions anonymous, secret contracts as well as anonymous voting systems among others (Vakilinia et al, 2017). One of the technologies developing quite rapidly today is artificial intelligence (AI) that can be used in cyber security systems why they can make automated processes that will allow identification of new threats as well as come up with new technology controls and protection. However hackers have come up with ways to weaponize this technology through creating systems that detect vulnerabilities regarding behaviors of social network (Warren, 2018). In fact, there may be privacy issues with AI applications given the large amounts of data that is required when developing the model. The black box lacks transparency to show what logic is used by AI units to make a conclusion about a person.

Some companies are coming up with outward-looking tools and platforms that allow users to have control over usage of their data. Most notably is Facebook who have come up with a unified privacy dashboard as well as tools that will enable users to clear history. These kinds of tools are invaluable and go a long way with compliance with the necessary regulations (Zoltick & Maisel, 2018).

In conclusion, there is need for businesses to recognize the new and changing international course of action and security regulations as prerequisite now that there are imminent risks faced regarding penalties from lawsuits as well as the negative impacts that data breaches have to the business. Implementation of a compliance programming as well as effecting the correct set of best practices will indeed go a long way in ensuring that the business mitigates these risks. However, consistent continuation of this as a process will enable the company to avoid problems when enrolling new technologies and systems. This will make it possible to integrate newer technologies such as AI and blockchain given they in one hand offer advantageous aids to security and privacy at the same time bringing to light new vulnerabilities on the other. Therefore, companies will more often than not be served with an approach that promotes privacy and data security compliance from the beginning so that risks can be mitigated down the road.

References

Bhatia, J., Breaux, T. D., Friedberg, L., Hibshi, H., & Smullen, D. (2016, October). Privacy risk in cybersecurity data sharing. In Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security (pp. 57-64). ACM.