Breach and Loss Going Up. Next Stop, GDPR

Breach and Loss Going Up. Next Stop, GDPR

posted in Disaster Recovery ● 26 Sep 2017

Data breaches and losses are regular headlines, and when they affect millions of individuals it isn’t hard to see why. Several high-profile organisations such as Equifax, Three and various local government organisation in the UK have all been victim to data breaches; so, are organisations prepared for the impending regulations that could see fines for a data breach grow to €20 million?

Global trends have shown that in 2017, the number of files lost or stolen in a data breach has risen to a level where, 9 months into the year, it outstrips the number from the year prior. A staggering 1.9 billion records have already been lost or stolen in 2017, equating to an astonishing average of 10.4 million records lost or stolen every day. It may not be so surprising to hear that 74% of data loss was directly attributed to cyber-criminals, with a further 8% being attributed to internal attacks. The data used for these findings considers breaches that have been reported, with North America leading the way by a distance. With the GDPR set to take effect in early 2018, this could all change.

 

Get your Equifa-cts straight

One of the most recent, major, data breaches has been the Equifax breach that is known to have effected over 140,000 users and business world-wide, including 400,000 in the UK. Equifax who had published a white paper talking about data protection and best practice in the event of a data breach, spoke of informing data subjects of a breach within a few hours, however waited several months to inform their own customers of their breach. The company’s internal processes have been heavily called into question and early investigations have already revealed that data was being accessed and stolen by unauthorised persons for several months. Data regulatory authorities worldwide have committed to investigating why the breach was so large and how it took so long to be found, the ICO in the UK were quick to publicly offer Equifax advise on how to deal with UK consumers effected and the FBI has reportedly begun its own enquiry.

 

How much worse could it get?

Breach data can only account for the breaches that are reported to regulatory authorities around the globe. This means smaller breaches are less likely to be reported and some organisations, however well-known they are, may fly under the radar. However, with the introduction of GDPR in May 2018, all organisations who must comply have a duty to report a data breach within 72-hours of it occurring. There is likely to be a huge rise in the number of breaches reported from across Europe and regulatory authorities such as the ICO, in the UK, are going to have their hands full. Further to this, cyber-crime is also on the up and with criminals able to steal data and extort ransoms with relative ease it won’t be a surprise to see more and more headlines about data loss, theft and breach. There is also likely to be several headlines relating to the fines those organisations face afterwards.

Facebook fined

In the run, up to GDPR, regulatory authorities across all of Europe have been showing signs of strength and companies, no matter how large, should know that they are serious. Tech-giant Facebook has committed to becoming compliant but that hasn’t stopped them from receiving fines from no less than 2 European regulators within a 6-month period. In May, 2017, the company received a €150,000 fine from France’s data protection regulator for failing to prevent user data being freely accessed by unauthorised advertisers on its ad platform. Fast-forward to September and the company received a second fine, this time from Spanish authorities for €1.2 million for failing to comply with data privacy regulations. In a statement, the authority also stated that “Facebook’s privacy policy contains generic and unclear terms… Facebook does not adequately collect the consent of either its users or nonusers, which constitutes a serious infringement.”

 

Compliance

Redstor is committed to ensuring data is protected throughout its lifecycle and to reducing the threat of data loss or breach. To help partners and customers comply with the upcoming regulation, Redstor has entered a strategic partnership with compliance specialists GDPR365.

GDPR365 is a collaboration and compliance management solution designed to give organisations the tools they need to accurately measure and improve levels of compliance.

See the future of data management. Now

Watch our product demos to find out more about our solution.

The cyber criminals exploiting coronavirus panic

Reading, 20 March 2020 – Cyber hackers are preying on the public’s fear of Covid-19 to spread their own harmful viruses. According to multiple cybersecurity experts, the spike in phishing techniques, fraudulently claiming to come from an official source is the worst in years.

Continue reading

How to keep business healthy during outbreak

Reading 12 March 2020 – Up to a fifth of the UK’s workforce are likely to be off sick at the peak of the coronavirus pandemic, according to the Government’s best estimations.

Continue reading

Is your medical practice a top ransomware target?

Reading, 17 January 2020 – Since the early 2000s, medical professionals have increasingly been choosing electronic patient records over paper. Although digital records are certainly easier to access and harder to lose or destroy, they are by no means immune to disaster – and organisations have more to worry about than just fires and floods.

Continue reading