The world is having trouble agreeing on what exactly is at threat yet still move forward making policies with the understanding that the current digital business environment cannot continue unchecked. How are they able to move forward when so many questions like “what is personal data”, “what constitutes a threat” or “risk”, “privacy” and “who is responsible for a data breach”, are so vaguely defined?
The European Union (EU) set in place strict privacy legislation, The General Data Protection Regulation, in May of 2018. Many EU businesses still do not fully comprehend what is expected of them, only truly learning by going through the unfortunate process of being hacked. It has been interesting to see the business culture change to where businesses have begun policing one another. If one business isn’t compliant, or actively pursuing it, why would a business that is want to align themselves with them? There is no guarantee that a commercial transaction with another business won’t get you in trouble down the road, by no fault of your own, so best to not.
The EU isn’t the only stretch of nations creating policies and legislation, and the regional differences are not the main issues stalling universal verbiage. Industry, government and citizens are in constant disagreement on what exactly constitutes “personal data” and what does not. Even the term “data” is far too broad to have a good understanding of the many areas of data that are, to date, not clearly defined enough to allow for the same rules to apply to them all.
By 2020, an estimated 50 billion devices will be connected wirelessly around the globe and the majority of data will be collected passively, through machine-to-machine transactions. Information created by an individual person actively entering it will decline but the data created will increase. Reviewing this data could potentially find trends that marketing companies will use to strengthen their brands but more maliciously, this data will be valued by the black market even more.
This is a brief introduction to the growing issues of data security around the world, with EU, USA, Canada, and other capitally-developed nations creating data compliance legislation, can they come to terms with universal definitions of “data”, “personal information” and “risk”, ultimately creating a global framework by which all businesses can adhere to?
We will delve deeper into the process in Part 2 – Defining Data!