Running Head: PRIVACY AND CYBERSECURITY 1
PRIVACY AND CYBERSECURITY 3
PRIVACY AND CYBERSECURITY
Name
Institution
PRIVACY AND CYBERSECURITY
For some time now, the discussion regarding the convergence between data privacy and cybersecurity has been raging on (Burn, 2018). There has been new laws being put in place in a bid to regulate the manner in which people’s private data is collected, used, disclosed and disposed (Bhatia et al, 2016). On the hand, cyber-attacks have spirited exponentially as well as numerous cases of data breaches and unauthorized access and use of personal data. There is need for persons and organizations to understand their rights and obligations regarding such critical personal data as health, financial as well as other information that can be identified as critical. This is one area that is now more than ever very critical for business and almost every other sector in our dynamic world. That said, it is only important to delve into this matter, by means of reviewing the new data privacy laws and regulations, and cybersecurity and personal data protection best practices.
In simple sense, with the experienced rise of large amounts of data and machine learning, the issues of privacy and cybersecurity are converging. What was some time ago an abstract concept that was aimed at ensuring that the expectations of our data were protected has now become concrete and critical matter, to match the level of the threats posed by cybercriminals whose would really like to access our data without our authorization. Looking at it more specifically, the biggest threat to our digital selves is that threat of unauthorized access of our personal information. In days gone by, privacy and security were perhaps largely separate functions that seemed to move almost in a parallel manner. Security took the front seat, thanks to the more tangible concerns about it as privacy took a backseat. Nowadays, their lines have met thanks to extensive machine learning techniques that we have in place. Once data is generated, any person who comes into possession of that poses new dangers to not only our privacy but also security.
With all this in mind, it is perhaps too obvious that the world has reacted in a bid to control this problem. In that accord, new data regulations have been put in place to try as much as possible to mitigate the threats posed by data breaches and unauthorized access of personal data. Examples of the recent data protection laws and regulations put in place are the Global Data Protection Regulation (GDPR) that were enforced in May 2018 (Burn, 2018). The regulation brought with it far-reaching alterations in policies regarding privacy and data security in the European Union and ultimately in the whole world. This is because companies handling data of individuals residing within the EU have to align with the regulation on how that data is managed and/or shared. Some of the far reaching provisions that companies mus.
Running Head PRIVACY AND CYBERSECURITY1PRIVACY AND CYBERSECU.docx
1. Running Head: PRIVACY AND CYBERSECURITY 1
PRIVACY AND CYBERSECURITY 3
PRIVACY AND CYBERSECURITY
Name
Institution
PRIVACY AND CYBERSECURITY
For some time now, the discussion regarding the convergence
between data privacy and cybersecurity has been raging on
(Burn, 2018). There has been new laws being put in place in a
bid to regulate the manner in which people’s private data is
collected, used, disclosed and disposed (Bhatia et al, 2016). On
the hand, cyber-attacks have spirited exponentially as well as
numerous cases of data breaches and unauthorized access and
use of personal data. There is need for persons and
organizations to understand their rights and obligations
regarding such critical personal data as health, financial as well
as other information that can be identified as critical. This is
one area that is now more than ever very critical for business
and almost every other sector in our dynamic world. That said,
2. it is only important to delve into this matter, by means of
reviewing the new data privacy laws and regulations, and
cybersecurity and personal data protection best practices.
In simple sense, with the experienced rise of large amounts
of data and machine learning, the issues of privacy and
cybersecurity are converging. What was some time ago an
abstract concept that was aimed at ensuring that the
expectations of our data were protected has now become
concrete and critical matter, to match the level of the threats
posed by cybercriminals whose would really like to access our
data without our authorization. Looking at it more specifically,
the biggest threat to our digital selves is that threat of
unauthorized access of our personal information. In days gone
by, privacy and security were perhaps largely separate functions
that seemed to move almost in a parallel manner. Security took
the front seat, thanks to the more tangible concerns about it as
privacy took a backseat. Nowadays, their lines have met thanks
to extensive machine learning techniques that we have in place.
Once data is generated, any person who comes into possession
of that poses new dangers to not only our privacy but also
security.
With all this in mind, it is perhaps too obvious that the
world has reacted in a bid to control this problem. In that
accord, new data regulations have been put in place to try as
much as possible to mitigate the threats posed by data breaches
and unauthorized access of personal data. Examples of the
recent data protection laws and regulations put in place are the
Global Data Protection Regulation (GDPR) that were enforced
in May 2018 (Burn, 2018). The regulation brought with it far-
reaching alterations in policies regarding privacy and data
security in the European Union and ultimately in the whole
world. This is because companies handling data of individuals
residing within the EU have to align with the regulation on how
that data is managed and/or shared. Some of the far reaching
provisions that companies must confer with is the requirement
for consent from the person that is informed and explicit for
3. collection of personal data and the mechanisms that are in place
that allow for withdrawal of such consent. Individuals have the
right to access all the data that collected by a company and a
right too to have the data erased. If these provisions are
breached, companies run the risk of being fined a penalty not
less than €20 (Warren, 2018).
In the United States, the regulatory environment comprises
of a quite intricate makeshift system of laws at the federal and
state levels. These laws governing the privacy of personal data
and cyber security continue to evolve in a bid to address
increasing cases of data breaches and unauthorized access and
use and personal data. All the states have enacted laws that
require companies to notify individuals of a case of a data
breach. Failure by companies to follow these regulations may
draw companies both civil and criminal penalties in case there
are security breaches involving personal data. There have been
a number of lawsuits regarding this matter, most notably the
Target and Equifax data breach litigations in 2013 and 2017
respectively. These lawsuits highlight the risks that companies
face for either failure to have the best practices or not following
them come an instance of cyber security attack. These are not
however the only risks that a company faces. For instance,
Facebook lost amounts totaling around $199 billion in the wake
of the Cambridge Analytica Scandal in market capitalization
after concerns were raised regarding privacy. Recent trends
have shown that consumers are becoming more and more
conscious about the security of their private data with
governments coming up with security laws of their own. This
means that companies that fail to follow the set regulations are
going to face even harsher penalties than these in the future.
Such are the repercussions that could befall any company for
failure to conform to private data protection best practices
(Burn, 2018).
That leads us to these best practices. What are they and what do
companies have to do with them? The answers to these
questions are simple. Data protection best practice are
4. procedures that are prescribed so that data protection systems
are most effective. Companies ought to not only have them but
also to follow them. Stakes are now more than ever high with
regard to data how data is collected, used, disclosed and
disposed. Given the regulatory framework nowadays, companies
should expect to face escalating costs regarding their privacy
and data security practices (Zoltick & Maisel, 2018).
Various resources are available to companies to offer guidance
and assistance while dealing with matters private and data
security practices. The resources also offer ways to ensure that
these best practices are implemented and are in line with any
pertinent laws and regulations. Both the EU and US Federal
agencies such as the Federal Trade Commission (FTC) have
publicized guidelines and recommendations regarding privacy
and data security best practices for various industries. These
include best practices for industries in almost all fields. On top
of that, some industries and groups of industries have adopted
their own recommendations and guidelines and certification
programs that they abide by voluntarily.
On top of these guidelines, it is advisable for companies to put
in place internal policies that ensure compliance with the set
laws and regulations. The business policies may need to include
an information security and privacy policy for the top brass of
the business management that expresses the company’s
commitment to abide by the data security and privacy policies
from the top. It may also include acceptable use policy,
monitoring of communications, reporting any cases of breach
and outsourcing policies (Warren, 2018). On the other hand,
technical policies may include commitment to various
procedures of technical control, such as data protection through
such methods as encryption, password protection, disaster
recovery and detection of intrusion, upgrading of data systems
and the like. Policies from the top management as well as the
technical policies should not be treated in a manner that they
work in isolation. They should rather be treated as procedures
that work hand in hand to create a blend of successful
5. conformation to the underlying policies and regulations.
Companies that have public-facing websites have to conform to
the website privacy policies. In addition to this, the companies
ought to have a written incident response plan that were be
effected come a data breach (Warren, 2018). This should cover
how the data breach activity is to be assessed, how it should be
contained and providing the necessary guideline on how the
response team will interact with other parties, such as law
enforcement officers who might require a data breach
notification as per the data breach laws. Additionally,
companies must consistently and regularly audit and maintain
their certifications to make sure that they remain with the best
practices and laws that get updated every now and then. For
instance, various privacy management software and other
solutions in compliance that can allow the companies to audit
their systems internally.
In a nutshell, companies are becoming more and more obligated
to ensure that they have conformed to the data privacy and data
security laws that are put in place. This costs companies a
whole lot of money. New threats are increasing by the day (Dua
& Du, 2016). This means that businesses will have to spend a
lot of money in this sector since new measures will with no
doubt be put in place to mitigate the new threats. They therefore
have to brace themselves for more measures and more spending
to help mitigate this dynamic problem.
That said, we cannot overlook the need to make privacy and
data security in the conversation regarding utilization new
technology (Dua & Du, 2016). It is easy to speak about
implementation of new policies and best practices than put them
in place. It comes as a challenge to companies to evaluate and
deploy new technologies that in themselves both hinder and
help in conformation to new privacy and data security
regulations at the same time. Take for instance the blockchain
technology. It offers significant advantages regarding data
security. It allows for recording of transactions in a manner that
is both decentralized and immutable which is largely
6. advantageous from the data security and privacy perspective. At
the same time, the same technological principles may bring
hitches while conforming to new privacy regulations.
Specifically, since the data in a fully-distributed blockchain is
immutable, it is a problem to erase it as per the right to be
forgotten (Warren, 2018). Thankfully, a number of solutions
have been proposed to provide means of increased control and
management of information with block chains. These include
making transactions anonymous, secret contracts as well as
anonymous voting systems among others (Vakilinia et al, 2017).
One of the technologies developing quite rapidly today is
artificial intelligence (AI) that can be used in cyber security
systems why they can make automated processes that will allow
identification of new threats as well as come up with new
technology controls and protection. However hackers have come
up with ways to weaponize this technology through creating
systems that detect vulnerabilities regarding behaviors of social
network (Warren, 2018). In fact, there may be privacy issues
with AI applications given the large amounts of data that is
required when developing the model. The black box lacks
transparency to show what logic is used by AI units to make a
conclusion about a person.
Some companies are coming up with outward-looking tools and
platforms that allow users to have control over usage of their
data. Most notably is Facebook who have come up with a
unified privacy dashboard as well as tools that will enable users
to clear history. These kinds of tools are invaluable and go a
long way with compliance with the necessary regulations
(Zoltick & Maisel, 2018).
In conclusion, there is need for businesses to recognize the new
and changing international course of action and security
regulations as prerequisite now that there are imminent risks
faced regarding penalties from lawsuits as well as the negative
impacts that data breaches have to the business. Implementation
of a compliance programming as well as effecting the correct
set of best practices will indeed go a long way in ensuring that
7. the business mitigates these risks. However, consistent
continuation of this as a process will enable the company to
avoid problems when enrolling new technologies and systems.
This will make it possible to integrate newer technologies such
as AI and blockchain given they in one hand offer advantageous
aids to security and privacy at the same time bringing to light
new vulnerabilities on the other. Therefore, companies will
more often than not be served with an approach that promotes
privacy and data security compliance from the beginning so that
risks can be mitigated down the road.
References
Bhatia, J., Breaux, T. D., Friedberg, L., Hibshi, H., & Smullen,
D. (2016, October). Privacy risk in cybersecurity data sharing.
In Proceedings of the 2016 ACM on Workshop on Information
Sharing and Collaborative Security (pp. 57-64). ACM.
Burn, A. (2018). Privacy and Cybersecurity are Converging:
Here’s is Why That Matters for People and for Companies.
Havard Business Review. Retrieved from
https://hbr.org/2019/01/privacy-and-cybersecurity-are-
converging-heres-why-that-matters-for-people-and-for-
companies
Dua, S., & Du, X. (2016). Data mining and machine learning in
cybersecurity. Auerbach Publications.
Harroch, R. (2018). Data Privacy and Cybersecurity Issues in
Mergers and Acquisition. Forbes. Retrieved from
https://www.forbes.com/sites/allbusiness/2018/11/11/data-
privacy-cybersecurity-mergers-and-acquisitions/#460ee3a572ba
Mylrea, M. (2017). Smart energy-internet-of-things
opportunities require smart treatment of legal, privacy and
cybersecurity challenges. The Journal of World Energy Law &
Business, 10(2), 147-158.
O'Brien, D., Budish, R., Faris, R., Gasser, U., & Lin, T. (2016).
Privacy and Cybersecurity Research Briefing. Berkman Klein
Center Research Publication, (2016-17).
Taeihagh, A., & Lim, H. S. M. (2019). Governing autonomous
8. vehicles: emerging responses for safety, liability, privacy,
cybersecurity, and industry risks. Transport reviews, 39(1), 103-
128.
Vakilinia, I., Tosh, D. K., & Sengupta, S. (2017, July). Privacy-
preserving cybersecurity information exchange mechanism.
In 2017 International Symposium on Performance Evaluation of
Computer and Telecommunication Systems (SPECTS) (pp. 1-7).
IEEE.
Warren, S. (2018). Data Privacy or Cybersecurity. Which is
More Important. Security Privacy Bytes. Retrieved from
https://www.securityprivacybytes.com/2018/10/data-privacy-or-
cybersecurity-which-is-more-important/
Zoltick, M. & Maisel, B. (2018). Data Privacy and Cyber
Security: The Importance of Proactive Approach. Financier
World. Retrieved from
https://www.financierworldwide.com/data-privacy-and-cyber-
security-the-importance-of-a-proactive-
approach#.XLHs3zBKi00.