News

Breach and Loss Going Up. Next Stop, GDPR

Tue, 26/09/2017 - 08:48
Redstor_Breach_Blog
Disaster Recovery , Data Protection

Data breaches and losses are regular headlines, and when they affect millions of individuals it isn’t hard to see why. Several high-profile organisations such as Equifax, Three and various local government organisation in the UK have all been victim to data breaches; so, are organisations prepared for the impending regulations that could see fines for a data breach grow to €20 million?

Global trends have shown that in 2017, the number of files lost or stolen in a data breach has risen to a level where, 9 months into the year, it outstrips the number from the year prior. A staggering 1.9 billion records have already been lost or stolen in 2017, equating to an astonishing average of 10.4 million records lost or stolen every day. It may not be so surprising to hear that 74% of data loss was directly attributed to cyber-criminals, with a further 8% being attributed to internal attacks. The data used for these findings considers breaches that have been reported, with North America leading the way by a distance. With the GDPR set to take effect in early 2018, this could all change.

 

Get your Equifa-cts straight

One of the most recent, major, data breaches has been the Equifax breach that is known to have effected over 140,000 users and business world-wide, including 400,000 in the UK. Equifax who had published a white paper talking about data protection and best practice in the event of a data breach, spoke of informing data subjects of a breach within a few hours, however waited several months to inform their own customers of their breach. The company’s internal processes have been heavily called into question and early investigations have already revealed that data was being accessed and stolen by unauthorised persons for several months. Data regulatory authorities worldwide have committed to investigating why the breach was so large and how it took so long to be found, the ICO in the UK were quick to publicly offer Equifax advise on how to deal with UK consumers effected and the FBI has reportedly begun its own enquiry.

 

How much worse could it get?

Breach data can only account for the breaches that are reported to regulatory authorities around the globe. This means smaller breaches are less likely to be reported and some organisations, however well-known they are, may fly under the radar. However, with the introduction of GDPR in May 2018, all organisations who must comply have a duty to report a data breach within 72-hours of it occurring. There is likely to be a huge rise in the number of breaches reported from across Europe and regulatory authorities such as the ICO, in the UK, are going to have their hands full. Further to this, cyber-crime is also on the up and with criminals able to steal data and extort ransoms with relative ease it won’t be a surprise to see more and more headlines about data loss, theft and breach. There is also likely to be several headlines relating to the fines those organisations face afterwards.

Facebook fined

In the run, up to GDPR, regulatory authorities across all of Europe have been showing signs of strength and companies, no matter how large, should know that they are serious. Tech-giant Facebook has committed to becoming compliant but that hasn’t stopped them from receiving fines from no less than 2 European regulators within a 6-month period. In May, 2017, the company received a €150,000 fine from France’s data protection regulator for failing to prevent user data being freely accessed by unauthorised advertisers on its ad platform. Fast-forward to September and the company received a second fine, this time from Spanish authorities for €1.2 million for failing to comply with data privacy regulations. In a statement, the authority also stated that “Facebook’s privacy policy contains generic and unclear terms… Facebook does not adequately collect the consent of either its users or nonusers, which constitutes a serious infringement.”

 

Compliance

Redstor is committed to ensuring data is protected throughout its lifecycle and to reducing the threat of data loss or breach. To help partners and customers comply with the upcoming regulation, Redstor has entered a strategic partnership with compliance specialists GDPR365.

GDPR365 is a collaboration and compliance management solution designed to give organisations the tools they need to accurately measure and improve levels of compliance.

Recent Articles

Redstor_Wannacry_blog Ransomware

WannaCry A Year On

Ransomware attacks took up many headlines throughout 2016 and 2017 as their quantity and effect became widespread, costing organisations and... read more

May 16, 2018
Redstor_Equifax_leak_blog Disaster Recovery

Equifax – The Breach That Keeps Getting Bigger

Last year in September 2017 Equifax revealed that they had numerous data files stolen by hackers. The Credit Ratings agency initially at the time... read more

May 15, 2018
Redstor_future_lawyer_summit_blog Redstor

Redstor Looking Ahead At The Future Lawyer Summit

On the 29th May, representatives from Redstor will attend London’s Future Lawyer Summit, a highly regarded conference, as an exhibitor. The one-day... read more

May 11, 2018