Breach accountability: Who’s responsible for data protection?

Last updated: 25 June 2016

Breach accountability - security responsibility banner

In 2004, PCI DSS revolutionized data privacy for the payment space. Setting the bar for the compliance measures to follow including, HITECH and regional data privacy regulations, including GDPR.

What these mandates have illustrated to us, in the years since, is that no matter how stringent the regulations, no matter how much it evolves, there will always be gaps, and savvy fraudsters will find a way. But this doesn’t mean to give up.

The evolution of data protection regulations

We have been tracking breaches since 2013 in the Breach Level Index. During this time we have noticed several trends. For starters, the industries impacted have changed, from retail as #2 in 2013 to dropping to #5 in 2015 and Government taking the unfortunate top billing.

We have seen the number of records stolen decrease but the number of breaches skyrocket. This type of analysis and validation is much dependent upon breach notification laws such as those that exist in the US, and have done wonders in keeping consumers and the market informed of the breach epidemic.

But in a society that wants to balance consumer data protection with national security, the state of order when it comes to mandating stricter identity and data privacy regulations becomes a challenge. It’ll be interesting to see how national and regional privacy regulations evolve in the next few years.

Data protection responsibilities

There is no doubt that consumers must be protected, and industry or government driven regulations will play a critical role. Previous regulations have proven effective—when enforceable. We are at the tipping-point; with more businesses moving towards, and more consumers using, cloud-based applications, platforms, and infrastructures, the vulnerabilities will only continue to grow by great magnitudes if we sit idle.

In order to secure the breach, we all need to take action.

  • Regulators need to continue to proactively issue new legislation that keeps up with the threat landscape
  • Businesses need to proactively balance cutting edge cloud offerings with security in order to stay competitive
  • Consumers need to proactively take advantage of network security, multi-factor authentication, fraud management, and the other identity and data protection offerings available to them.

Eliminate the “Not my problem” mentality

There is no one magic bullet; no one vendor that solves world hunger.

That is why, for businesses, it is imperative to look for vendors that provide interoperability, working with a multitude of technologies vendors, across your infrastructures—protecting Big Data, cloud-based services, storage environments, networks, SaaS apps, Internet of Things deployments, etc.—allowing you to protect your IT environment (on-premises or virtual), while streamlining administration, ultimately saving time and costs that could be used elsewhere to empower your business.

We cannot afford to turn a blind eye, and then point fingers when we see a hacker has transferred money from our bank account, made other fraudulent transactions, or when a data breach for our company makes headlines.

We are all accountable and need to get smarter when it comes to protection.

We as consumers, business professionals, and officials, need to take action.

Leave a Reply

Your email address will not be published. Required fields are marked *