SlideShare a Scribd company logo

Data Security: The Cost of Taking the Reactive Approach

Echoworx
Echoworx

In an interview about the reactive, versus proactive, approach to data security, Dr. Ann Cavoukian, leading the Privacy by Design Centre of Excellence, discusses the business benefits of a proactive mindset and approach to data security.

Technology
1 of 10
Download to read offline
WHITE PAPER Dr. Ann Cavoukian, Privacy by Design Centre of Excellence, on leading with privacy by design Data Security: Cost of Taking the ReactiveApproach
Data Security: Cost of Taking the Reactive Approach CONTENTS Introduction Privacy, Dispelling the Myths Privacy by Design, Game Changer Reactive Approach, at What Cost? Master GDPR, Reap the Rewards Single Piece of Advice About Echoworx 3 4 5 7 6 8 9
INTRODUCTION Last year ended with some of the largest data breaches in history. Yahoo, LinkedIn, the DNC, to name a few. The message, “you have to protect the data of your customers, employees and business partners,” is a message that’s increasingly being heard - what most organizations are struggling with is, how. . “Protecting privacy while meeting the regulatory requirements for data protection around the world is becoming an increasingly challenging task. Taking a comprehensive, properly implemented risk-based approach—where globally defined risks are anticipated and countermeasures are built into systems and operations, by design—can be far more effective, and more likely to respond to the broad range of requirements in multiple jurisdictions.” – Dr. Ann Cavoukian In an interview about the cost of taking a reactive approach to privacy breaches, Ann discusses: • What privacy is, is not and dispels the myths; • Privacy by design, the gold standard in data protection; • The benefits of taking the proactive approach to privacy breaches. Dr. Ann Cavoukian is recognized as one of the world’s leading privacy experts. She is presently the Distinguished Expert-in-Residence, leading the Privacy by Design Centre of Excellence at Ryerson University. Dr. Cavoukian served an unprecedented three terms as the Information & Privacy Commissioner of Ontario, Canada. There she created Privacy by Design. In 2010, International Privacy Regulators unanimously passed a Resolution recognizing Privacy by De- sign as an international standard. Dr. Cavoukian has received numerous awards recognizing her leadership in privacy, including being named as one of the Top 25 Women of Influence in Canada, named among the Top 10 Women in Data Security and Privacy, named as one of the ‘Power 50’ by Canadian Business, named as one of the Top 100 Leaders in Identity, and most recently, Dr. Cavoukian was awarded the Meritorious Service Medal for her outstanding work on creating Privacy by Design and taking it global (May, 2017). 3
MAGEE: Hi. I’m Lorena Magee, VP of Marketing at Echoworx. I’m talking today about the essential need for both privacy and security and the business advantages of a proactive model of prevention. It’s my pleasure to be speaking with Dr. Ann Cavoukian. Ann, as the creator of privacy by design, why do you think most people, largely, take privacy for granted? Is it legitimate to believe that if you are a law-abiding citizen and have nothing to hide, privacy isn’t important? CAVOUKIAN: Let me start by dispelling some of the myths. What is privacy and what is myth? Privacy is not about secrecy. It’s not about having something to hide. I’m sure you’ve heard that expression, well if you have nothing to hide, you have nothing to fear right? Wrong. It’s the exact opposite. PRIVACY IS NOT ABOUT SECRECY PRIVACY IS ALL ABOUT PERSONAL CONTROL Sometimes, people may believe that as long as they’re law-abiding citizens, there’s nothing wrong with police spying on them. But that’s not what freedom is about. Freedom is about you deciding what you want to do with your information, not the government, not your mother, not your spouse, you. You make those decisions. Privacy is all about personal control. For you as a user, it’s critical. It’s so important that you can exercise that freedom of choice. The Germans have a wonderful term for this called informational self-determination. Big term, simple concept that it should be the individual who determines the fate of his or her personal information. We largely take privacy for granted. We take freedom for granted but once you start chipping away at this, it’s very difficult to get back. MAGEE: Let’s turn to privacy by design. What is it and why do you feel it is so important? CAVOUKIAN: Privacy by design is all about proactively protecting privacy by embedding the necessary protective measures into technologies and business practices. It is an essential framework that compliments regulatory compliance. I first developed the framework for privacy by design in late 90’s but it really took off after 9/11 because after 9/11, as you can imagine, no one was interested in privacy. Everyone was focused on public safety and security. Unfortunately, what was forgotten is that in order to have public safety and security, we need privacy. I wanted a system that would allow for both security and privacy - that’s one of the cornerstones of privacy by design. In 2010, International Privacy Regulators unanimously passed a Landmark Resolution recognizing Privacy by Design as an international standard. Data Security: Cost of Taking the Reactive Approach 4 PRIVACY, DISPELLING THE MYTHS
5 This proactive means of protection is very different from the conventional reactive approach. But, in this day in age of ubiquitous computing, online connectivity, massive social media and data collection, we are no longer able to protect privacy with a reactive model alone. MAGEE: What is the essence of the Privacy by Design model and how is this beneficial to businesses? CAVOUKIAN: There are two essentials to Privacy by Design. One is that it’s proactive and prevents the harm from arising. The other is to abandon the idea of privacy versus security. The power of both is enormous because it enables two positive gains. It’s not an either/or proposition, which invariably involves unnecessary trade offs and false dichotomy. Not only will such a model jeopardize our freedoms – it will also diminish our prosperity as a society – diminishing innovation and creativity, leading to a lose/lose outcome. You’ll be far better off doing privacy and security, privacy and data utility, privacy and marketing. I always tell people privacy’s not anti marketing, it’s pro choice. You can do both and you will gain significantly by doing that. Privacy by default, is a game changer. It basically says companies and governments aren’t going to do anything else with my information other than what was intended. This is the opposite of what’s happening now. PRIVACY BY DESIGN GOES WELL BEYOND ACCEPTED FAIR INFORMATION PRACTICES AND PRIVACY STANDARDS, VIRTUALLY ASSURING REGULATORY COMPLIANCE — NO MATTER WHERE YOU OPERATE — MAGEE: This is very interesting but seems like a theoretical concept. Academic construct doesn’t usually work in real life, does it? CAVOUKIAN: Let me assure you, when I was privacy commissioner, if it didn’t work on the ground right then and there I had no use for it. This is real. Think of any major tech company, any of the big ones, Microsoft, Intel, HP, Oracle, IBM, I could go on. We’ve worked with all of them to develop specific papers showing how Privacy by Design can effectively deal with all digital information being collected or transmitted by devices and operations - that it is being transmitted securely and encrypted. We developed full infrastructures - and they’ve been very successful. PRIVACY BY DESIGN, A GAME CHANGER Proactive not reactive Lead with privacy as the default setting Embed privacy into design Retain full functionality Ensure end-to-end security Maintain visibility and transparency Respect user privacy The 7 Foundational Principles
REACTIVE APPROACH, AT WHAT COST? 6 Data Security: Cost of Taking the Reactive Approach MAGEE: What, according to you, are the flaws of the reactive model in privacy breaches? CAVOUKIAN: The flaw is that most privacy breaches remain undetected – regulators only see the tip of the iceberg. The majority of privacy breaches remain unchallenged, unregulated ... unknown. Regulatory compliance after the fact is no longer sustainable and yet it is still the model for ensuring privacy. We need to be proactive and need a security model of prevention much like a medical model of prevention. Could you imagine going to see your doctor and he says, “yeah it looks like you got some cancer developing here. Let’s see if it gets worse and if it does get worse we’ll offer you some chemo.” It’s an unthinkable proposition. It should be equally unthinkable that we allow security harms to develop and then offer a system of redress after the fact. MAGEE: What are the consequences of taking a reactive approach to data breaches? CAVOUKIAN: I am often asked, what is this going to cost me? But the question should be, what is it going to save me? It’s guaranteed that a dynamic, proactive approach is going to save you not only a lot of money but also a lot of heart ache. Of course, there is some cost associated with being proactive but it is a fraction of the cost that you incur when you have data breaches and privacy infractions, which I guarantee you will have. Ensuring privacy and security—through every phase of the data lifecycle has become crucial to avoiding legal liability, maintaining regulatory compliance, protecting your brand, and preserving customer confidence. These days there are not just law suits that arrive, there are class action law suits that cost companies millions but far worst may be the damage to your brand and the damage to your reputation, which may be irrefutable. The cost in terms of loss of consumer confidence - loss of trust is huge. Think of Target whose gross expenses for the 2013 breach, so far, total over $240 million. The costs are huge when you take a reactive approach. Source: Deloitte Privacy by Design certification
7 MASTER GDPR, REAP THE REWARDS MAGEE: As we all know, the EU passed the General Data Protection Regulation (GDPR), which comes into effect May 2018. It will be affecting businesses across the globe given that it is one overarching privacy law for all of the member countries. How can Privacy by Design help? CAVOUKIAN: For the first time ever, the language of Privacy/Data Protection by Design and Privacy as the Default actu- ally appears in the GDPR statute. It’s referenced heavily in Article 25, and in many other places in the new regulation. This dramatically raises the bar on privacy and data protection. Recently, Information Age magazine published an article about GDPR and they said it’s not too much of a stretch to say that if you implement Privacy by Design, you’ve mastered the General Data Protection Regulation. The General Data Protection Regulation (GDPR) comes into effect across Europe in May 2018, US and Canadian companies who think it doesn’t affect them are in for a rude awakening - with fines of €20 million, or 4% of your global revenue, whichever is higher! STRONG SECURITY MEASURES ARE ESSENTIAL FROM START TO FINISH To meet the GDPR requirements, all businesses will have to implement Privacy by Design along with Privacy by Default measures —strong security measures are essential, from start to finish. GDPR specifically calls out encryption as a security requirement. It is important to mention how vitally important encryption is. Moreover, companies that apply encryption to personal data will be exempt from the GDPR’s new mandatory data breach notification provisions: • The communication of a personal data breach to the data subject shall not be required if the controller demonstrates to the satisfaction of the supervisory authority that it has implemented appropriate technological protection measures, and that those measures were applied to the data concerned by the personal data breach. Such technological protection measures should render the data unintelligible to any person who is not authorised to access it. [page 61] There’s been a debate about encryption for years. In theory, the proposed backdoors would give law enforcement the ability to access encrypted data. However, contrary to what the proponents of backdoors believe, the reality is very different. What is obvious to all cryptographers and security experts is: you cannot build “backdoors” which only the “good guys” can use. The “bad guys” will quickly discover them and gain entry. It will weaken online secure communications dramatically.
8 Data Security: Cost of Taking the Reactive Approach A SINGLE PIECE OF ADVICE MAGEE: That’s a great overview Ann. For a final question, I want to ask if you can boil this down to a single piece of advice. How can organizations leverage privacy and the GDPR to their benefit? CAVOUKIAN: Focus on prevention. Proactively embed privacy by default into your operations, use encryption to protect your data, and strengthen the protections associated to personal data. Privacy is good for business. It may seem like a strange concept because most businesses think privacy stifles innovation and creativity. They couldn’t be more wrong. Privacy should be viewed as a business issue, not a compliance issue because when you view it as a business issue, you’re going to do a lot more than just meet the letter of the law. Privacy attracts customers, enhances trust, and builds consumer confidence. If you embed privacy by design and tell your customers the high level respect you have for their privacy, you will gain a competitive business advantage. Lead with Privacy by Design, not privacy by chance - or worse - privacy by disaster!
ABOUT US Since 2000, Echoworx has been bringing simplicity and flexibility to encryption. Headquartered in North America and with offices in the UK, our certified, redundant and replicated data centres are located in the US, UK , Mexcio, and Canada. Our passionate encryption experts transform chaos into order for world leading enterprises and OEM providers who understand the requirement for secure communication is of the upmost importance. We are proud to have clients in 30 countries worldwide, with more than 5,000 enterprise-level deployments. Encryption is an investment in brand, maximizing competitive advantage. Echoworx’s flagship solution, OneWorld Enterprise Encryption, provides an adaptive, fully flexible approach to encryption that ensures the privacy of sensitive messages. Enterprises investing in Echoworx’s OneWorld platform, are gaining an adaptive, fully flexible approach to encryption, creating seamless customer experiences and in turn earning their loyalty and trust. 9 Echoworx has been recognized as one of the 20 Most Promising Banking Technology Solutions Providers 2017
For more information www.echoworx.com info@echoworx.com NorthAmerica 1 800.346.4193 | UK 44 0.800.368.5334 | Mexico 52 800.123.9553 @Echoworx

Recommended

10 Ways to Prevent Information Security Incidents
10 Ways to Prevent Information Security Incidents10 Ways to Prevent Information Security Incidents
10 Ways to Prevent Information Security IncidentsEchoworx
 
Getting Personal: The digital age is about people not technology!
Getting Personal: The digital age is about people not technology!Getting Personal: The digital age is about people not technology!
Getting Personal: The digital age is about people not technology!Echoworx
 
Enterprise Encryption and Authentication Usage: Survey Report
Enterprise Encryption and Authentication Usage: Survey ReportEnterprise Encryption and Authentication Usage: Survey Report
Enterprise Encryption and Authentication Usage: Survey ReportEchoworx
 
Migrating PGP to the Cloud
Migrating PGP to the CloudMigrating PGP to the Cloud
Migrating PGP to the CloudEchoworx
 
Embracing High Volume Digital Communications
Embracing High Volume Digital CommunicationsEmbracing High Volume Digital Communications
Embracing High Volume Digital CommunicationsEchoworx
 
SAML 101
SAML 101SAML 101
SAML 101Echoworx
 
Echoworx Encryption Delivery Methods
Echoworx Encryption Delivery MethodsEchoworx Encryption Delivery Methods
Echoworx Encryption Delivery MethodsEchoworx
 
Overcoming the Digital Commitment Gap!
Overcoming the Digital Commitment Gap!Overcoming the Digital Commitment Gap!
Overcoming the Digital Commitment Gap!Echoworx
 

Recommended

10 Ways to Prevent Information Security Incidents
10 Ways to Prevent Information Security Incidents10 Ways to Prevent Information Security Incidents
10 Ways to Prevent Information Security IncidentsEchoworx
 
Getting Personal: The digital age is about people not technology!
Getting Personal: The digital age is about people not technology!Getting Personal: The digital age is about people not technology!
Getting Personal: The digital age is about people not technology!Echoworx
 
Enterprise Encryption and Authentication Usage: Survey Report
Enterprise Encryption and Authentication Usage: Survey ReportEnterprise Encryption and Authentication Usage: Survey Report
Enterprise Encryption and Authentication Usage: Survey ReportEchoworx
 
Migrating PGP to the Cloud
Migrating PGP to the CloudMigrating PGP to the Cloud
Migrating PGP to the CloudEchoworx
 
Embracing High Volume Digital Communications
Embracing High Volume Digital CommunicationsEmbracing High Volume Digital Communications
Embracing High Volume Digital CommunicationsEchoworx
 
SAML 101
SAML 101SAML 101
SAML 101Echoworx
 
Echoworx Encryption Delivery Methods
Echoworx Encryption Delivery MethodsEchoworx Encryption Delivery Methods
Echoworx Encryption Delivery MethodsEchoworx
 
Overcoming the Digital Commitment Gap!
Overcoming the Digital Commitment Gap!Overcoming the Digital Commitment Gap!
Overcoming the Digital Commitment Gap!Echoworx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 

More Related Content

Recently uploaded

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 

Recently uploaded (20)

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

Featured

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 

Featured (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

Data Security: The Cost of Taking the Reactive Approach

  • 1. WHITE PAPER Dr. Ann Cavoukian, Privacy by Design Centre of Excellence, on leading with privacy by design Data Security: Cost of Taking the ReactiveApproach
  • 2. Data Security: Cost of Taking the Reactive Approach CONTENTS Introduction Privacy, Dispelling the Myths Privacy by Design, Game Changer Reactive Approach, at What Cost? Master GDPR, Reap the Rewards Single Piece of Advice About Echoworx 3 4 5 7 6 8 9
  • 3. INTRODUCTION Last year ended with some of the largest data breaches in history. Yahoo, LinkedIn, the DNC, to name a few. The message, “you have to protect the data of your customers, employees and business partners,” is a message that’s increasingly being heard - what most organizations are struggling with is, how. . “Protecting privacy while meeting the regulatory requirements for data protection around the world is becoming an increasingly challenging task. Taking a comprehensive, properly implemented risk-based approach—where globally defined risks are anticipated and countermeasures are built into systems and operations, by design—can be far more effective, and more likely to respond to the broad range of requirements in multiple jurisdictions.” – Dr. Ann Cavoukian In an interview about the cost of taking a reactive approach to privacy breaches, Ann discusses: • What privacy is, is not and dispels the myths; • Privacy by design, the gold standard in data protection; • The benefits of taking the proactive approach to privacy breaches. Dr. Ann Cavoukian is recognized as one of the world’s leading privacy experts. She is presently the Distinguished Expert-in-Residence, leading the Privacy by Design Centre of Excellence at Ryerson University. Dr. Cavoukian served an unprecedented three terms as the Information & Privacy Commissioner of Ontario, Canada. There she created Privacy by Design. In 2010, International Privacy Regulators unanimously passed a Resolution recognizing Privacy by De- sign as an international standard. Dr. Cavoukian has received numerous awards recognizing her leadership in privacy, including being named as one of the Top 25 Women of Influence in Canada, named among the Top 10 Women in Data Security and Privacy, named as one of the ‘Power 50’ by Canadian Business, named as one of the Top 100 Leaders in Identity, and most recently, Dr. Cavoukian was awarded the Meritorious Service Medal for her outstanding work on creating Privacy by Design and taking it global (May, 2017). 3
  • 4. MAGEE: Hi. I’m Lorena Magee, VP of Marketing at Echoworx. I’m talking today about the essential need for both privacy and security and the business advantages of a proactive model of prevention. It’s my pleasure to be speaking with Dr. Ann Cavoukian. Ann, as the creator of privacy by design, why do you think most people, largely, take privacy for granted? Is it legitimate to believe that if you are a law-abiding citizen and have nothing to hide, privacy isn’t important? CAVOUKIAN: Let me start by dispelling some of the myths. What is privacy and what is myth? Privacy is not about secrecy. It’s not about having something to hide. I’m sure you’ve heard that expression, well if you have nothing to hide, you have nothing to fear right? Wrong. It’s the exact opposite. PRIVACY IS NOT ABOUT SECRECY PRIVACY IS ALL ABOUT PERSONAL CONTROL Sometimes, people may believe that as long as they’re law-abiding citizens, there’s nothing wrong with police spying on them. But that’s not what freedom is about. Freedom is about you deciding what you want to do with your information, not the government, not your mother, not your spouse, you. You make those decisions. Privacy is all about personal control. For you as a user, it’s critical. It’s so important that you can exercise that freedom of choice. The Germans have a wonderful term for this called informational self-determination. Big term, simple concept that it should be the individual who determines the fate of his or her personal information. We largely take privacy for granted. We take freedom for granted but once you start chipping away at this, it’s very difficult to get back. MAGEE: Let’s turn to privacy by design. What is it and why do you feel it is so important? CAVOUKIAN: Privacy by design is all about proactively protecting privacy by embedding the necessary protective measures into technologies and business practices. It is an essential framework that compliments regulatory compliance. I first developed the framework for privacy by design in late 90’s but it really took off after 9/11 because after 9/11, as you can imagine, no one was interested in privacy. Everyone was focused on public safety and security. Unfortunately, what was forgotten is that in order to have public safety and security, we need privacy. I wanted a system that would allow for both security and privacy - that’s one of the cornerstones of privacy by design. In 2010, International Privacy Regulators unanimously passed a Landmark Resolution recognizing Privacy by Design as an international standard. Data Security: Cost of Taking the Reactive Approach 4 PRIVACY, DISPELLING THE MYTHS
  • 5. 5 This proactive means of protection is very different from the conventional reactive approach. But, in this day in age of ubiquitous computing, online connectivity, massive social media and data collection, we are no longer able to protect privacy with a reactive model alone. MAGEE: What is the essence of the Privacy by Design model and how is this beneficial to businesses? CAVOUKIAN: There are two essentials to Privacy by Design. One is that it’s proactive and prevents the harm from arising. The other is to abandon the idea of privacy versus security. The power of both is enormous because it enables two positive gains. It’s not an either/or proposition, which invariably involves unnecessary trade offs and false dichotomy. Not only will such a model jeopardize our freedoms – it will also diminish our prosperity as a society – diminishing innovation and creativity, leading to a lose/lose outcome. You’ll be far better off doing privacy and security, privacy and data utility, privacy and marketing. I always tell people privacy’s not anti marketing, it’s pro choice. You can do both and you will gain significantly by doing that. Privacy by default, is a game changer. It basically says companies and governments aren’t going to do anything else with my information other than what was intended. This is the opposite of what’s happening now. PRIVACY BY DESIGN GOES WELL BEYOND ACCEPTED FAIR INFORMATION PRACTICES AND PRIVACY STANDARDS, VIRTUALLY ASSURING REGULATORY COMPLIANCE — NO MATTER WHERE YOU OPERATE — MAGEE: This is very interesting but seems like a theoretical concept. Academic construct doesn’t usually work in real life, does it? CAVOUKIAN: Let me assure you, when I was privacy commissioner, if it didn’t work on the ground right then and there I had no use for it. This is real. Think of any major tech company, any of the big ones, Microsoft, Intel, HP, Oracle, IBM, I could go on. We’ve worked with all of them to develop specific papers showing how Privacy by Design can effectively deal with all digital information being collected or transmitted by devices and operations - that it is being transmitted securely and encrypted. We developed full infrastructures - and they’ve been very successful. PRIVACY BY DESIGN, A GAME CHANGER Proactive not reactive Lead with privacy as the default setting Embed privacy into design Retain full functionality Ensure end-to-end security Maintain visibility and transparency Respect user privacy The 7 Foundational Principles
  • 6. REACTIVE APPROACH, AT WHAT COST? 6 Data Security: Cost of Taking the Reactive Approach MAGEE: What, according to you, are the flaws of the reactive model in privacy breaches? CAVOUKIAN: The flaw is that most privacy breaches remain undetected – regulators only see the tip of the iceberg. The majority of privacy breaches remain unchallenged, unregulated ... unknown. Regulatory compliance after the fact is no longer sustainable and yet it is still the model for ensuring privacy. We need to be proactive and need a security model of prevention much like a medical model of prevention. Could you imagine going to see your doctor and he says, “yeah it looks like you got some cancer developing here. Let’s see if it gets worse and if it does get worse we’ll offer you some chemo.” It’s an unthinkable proposition. It should be equally unthinkable that we allow security harms to develop and then offer a system of redress after the fact. MAGEE: What are the consequences of taking a reactive approach to data breaches? CAVOUKIAN: I am often asked, what is this going to cost me? But the question should be, what is it going to save me? It’s guaranteed that a dynamic, proactive approach is going to save you not only a lot of money but also a lot of heart ache. Of course, there is some cost associated with being proactive but it is a fraction of the cost that you incur when you have data breaches and privacy infractions, which I guarantee you will have. Ensuring privacy and security—through every phase of the data lifecycle has become crucial to avoiding legal liability, maintaining regulatory compliance, protecting your brand, and preserving customer confidence. These days there are not just law suits that arrive, there are class action law suits that cost companies millions but far worst may be the damage to your brand and the damage to your reputation, which may be irrefutable. The cost in terms of loss of consumer confidence - loss of trust is huge. Think of Target whose gross expenses for the 2013 breach, so far, total over $240 million. The costs are huge when you take a reactive approach. Source: Deloitte Privacy by Design certification
  • 7. 7 MASTER GDPR, REAP THE REWARDS MAGEE: As we all know, the EU passed the General Data Protection Regulation (GDPR), which comes into effect May 2018. It will be affecting businesses across the globe given that it is one overarching privacy law for all of the member countries. How can Privacy by Design help? CAVOUKIAN: For the first time ever, the language of Privacy/Data Protection by Design and Privacy as the Default actu- ally appears in the GDPR statute. It’s referenced heavily in Article 25, and in many other places in the new regulation. This dramatically raises the bar on privacy and data protection. Recently, Information Age magazine published an article about GDPR and they said it’s not too much of a stretch to say that if you implement Privacy by Design, you’ve mastered the General Data Protection Regulation. The General Data Protection Regulation (GDPR) comes into effect across Europe in May 2018, US and Canadian companies who think it doesn’t affect them are in for a rude awakening - with fines of €20 million, or 4% of your global revenue, whichever is higher! STRONG SECURITY MEASURES ARE ESSENTIAL FROM START TO FINISH To meet the GDPR requirements, all businesses will have to implement Privacy by Design along with Privacy by Default measures —strong security measures are essential, from start to finish. GDPR specifically calls out encryption as a security requirement. It is important to mention how vitally important encryption is. Moreover, companies that apply encryption to personal data will be exempt from the GDPR’s new mandatory data breach notification provisions: • The communication of a personal data breach to the data subject shall not be required if the controller demonstrates to the satisfaction of the supervisory authority that it has implemented appropriate technological protection measures, and that those measures were applied to the data concerned by the personal data breach. Such technological protection measures should render the data unintelligible to any person who is not authorised to access it. [page 61] There’s been a debate about encryption for years. In theory, the proposed backdoors would give law enforcement the ability to access encrypted data. However, contrary to what the proponents of backdoors believe, the reality is very different. What is obvious to all cryptographers and security experts is: you cannot build “backdoors” which only the “good guys” can use. The “bad guys” will quickly discover them and gain entry. It will weaken online secure communications dramatically.
  • 8. 8 Data Security: Cost of Taking the Reactive Approach A SINGLE PIECE OF ADVICE MAGEE: That’s a great overview Ann. For a final question, I want to ask if you can boil this down to a single piece of advice. How can organizations leverage privacy and the GDPR to their benefit? CAVOUKIAN: Focus on prevention. Proactively embed privacy by default into your operations, use encryption to protect your data, and strengthen the protections associated to personal data. Privacy is good for business. It may seem like a strange concept because most businesses think privacy stifles innovation and creativity. They couldn’t be more wrong. Privacy should be viewed as a business issue, not a compliance issue because when you view it as a business issue, you’re going to do a lot more than just meet the letter of the law. Privacy attracts customers, enhances trust, and builds consumer confidence. If you embed privacy by design and tell your customers the high level respect you have for their privacy, you will gain a competitive business advantage. Lead with Privacy by Design, not privacy by chance - or worse - privacy by disaster!
  • 9. ABOUT US Since 2000, Echoworx has been bringing simplicity and flexibility to encryption. Headquartered in North America and with offices in the UK, our certified, redundant and replicated data centres are located in the US, UK , Mexcio, and Canada. Our passionate encryption experts transform chaos into order for world leading enterprises and OEM providers who understand the requirement for secure communication is of the upmost importance. We are proud to have clients in 30 countries worldwide, with more than 5,000 enterprise-level deployments. Encryption is an investment in brand, maximizing competitive advantage. Echoworx’s flagship solution, OneWorld Enterprise Encryption, provides an adaptive, fully flexible approach to encryption that ensures the privacy of sensitive messages. Enterprises investing in Echoworx’s OneWorld platform, are gaining an adaptive, fully flexible approach to encryption, creating seamless customer experiences and in turn earning their loyalty and trust. 9 Echoworx has been recognized as one of the 20 Most Promising Banking Technology Solutions Providers 2017
  • 10. For more information www.echoworx.com info@echoworx.com NorthAmerica 1 800.346.4193 | UK 44 0.800.368.5334 | Mexico 52 800.123.9553 @Echoworx