Have the EU given data Power (back) to the people?
This blog is about data protection, how the laws are used against us and how the new broom will try and take miscreants to the cleaners.
Welcome back, or if you’re new here sign up to our RSS feed to receive insurance tips, new posts, plus details of events and promotions that could help you or your network reduce the risks facing their organisation.
It has always miffed me when the data protection act was used against me, especially when I know it was designed for me…to actually protect me. And you of course. I’m referring to the times when, with no malice in mind, I have been refused access to bank accounts, utility bill payments and more with the comment “It’s against our data protection policy to” help you.
I know that some of the people that have told me this were on a work avoidance programme (known as WAP when I worked in corporate’s). Their colleagues confessed in the bar. I now know privacy “defence” is used against us when it suits the data controller.
Thanks to this video showing how defences fold when a little “social engineering”, also known as lying, is used to break an individual’s defence down. The video shows how hackers (in 30 seconds) get access to personal or private information with a little trickery involving children of all things. Thank God the children aren’t real. It left me wondering why I can’t access my information when others can.
Plan of the insurers
Perhaps this is why European legislation fines companies 4% of turnover (not profits) following avoidable breaches. Even more interesting are the requirements to notify interested parties of a breach within 4 days of it happening. Since the old act was introduced, times have moved on and technology has increased the speed of such change. Surprisingly enough, insurers do have a plan. Not the Insurer’s you’ve heard off.
There are a new breed offering services as well as covering fines, legal costs and clean up costs. Having said that, very few of our data breach enquiries end up with insurance policies being required. It’s usually education that reduces risk. If you think that’s what you need get in touch to get a free trial (it’s on us). Because I have no doubt that we will adopt the EU data act, sooner or later. If we are not in Europe there will be greater scrutiny in weaknesses in the offerings of UK Plc.
It will become a business imperative to have the highest threshold of data security in the World. If the Panama Papers haven’t made people think carefully about what they have that’s important, private or confidential, nothing else will. Once the high risk data has been secured in your version of Fort Knox, you can then secure the next level of lower risk data and so on.
So you may well start preparing now. Or you could wait for the authorities to point the finger and aim their inspectors at someone else. These issues are extremely rare. The new breed of data inspectors will be targeted to find breaches so they can fine people. Now that the £35 per year Data Protection Register annual charge is being scrapped, the DPA will only get paid if they manage to raise funds through fines.
Data breaches will be a lot easier to spot than health & safety breaches so anticipate people with an axe to grind to start blowing the whistle. I also anticipate the forces that drove the compensation culture (whiplash anyone) will be a problem for those that don’t meet the regulations. I have no doubt that Data Protection inspectors will offer low paid workers (like cleaners) fees for “introducing them” to parties that have weak security. It will cost them nothing, they have a degree of protection from being disciplined when the whistle is blown, if it is for the “greater good”. If it were a Panama Papers employee that went rogue, I doubt they would suffer a severe penalty.
Wrap up: The people that were behind whiplash claims being made fraudulently or exaggerated have moved on. At the moment there are chasing ambulances (an American term) straight into the A&E departments. This because it is easier to exaggerate or commence a fraudulent injury claim when there is no car involved. It’s only a matter of time before they move sideways into data.
As for the referendum, have a plan for staying and another for going. Keep both simple.