Why Data Protection Is More Than Compliance: The Strategic Importance of Privacy by Design for National and Business Resilience
 |
Written By: Katja Rothsten Data Protection Specialist at Privaon |
In Ireland, data brokers from the marketing and advertising industries have made personal data revealing movement patterns of tens of thousands of smartphones available. From this accessible data, it is possible to identify specific individuals and their movements. Among the locations tracked by the smartphones are among others Leinster House (Irish parliament), military bases, high-security prisons, and health clinics. These findings were uncovered during an investigation by the Irish RTE’s undercover Prime Time.
In Sweden, a system supplier was recently targeted in a cyber-attack, resulting in personal data of 1,5 million people (10 % of the entire population) being published in the Darknet. Persons who have been affected are employees or former employees of many municipalities and companies who use the system, some persons with protected identities. Among the affected persons are also employees at Swedish aviation and defence industry closely related to Swedish defence forces. The data that the attacker has accessed and published in the Darknet consists of names, personal identity numbers, addresses, contact details, and rehabilitation related information.
What do these two cases have in common? In both cases, an excessive amount of personal data, including very sensitive data was revealed. The severity of both cases is increased due the data is publicly available. Anyone can potentially have access to this personal data, which is related to persons who are representatives of the public sector or companies working closely with these.
The risks are profound. Not only can these persons suffer from serious physical, mental or economic harm but those persons in possession of sensitive information about national security-sensitive operations can be approached by foreign intelligence services and become new targets of recruitment for these. Persons with a refugee status can be controlled by authorities of their countries of origin.
From a national security perspective, protecting personal data safeguards the fundamental rights and freedoms of residents in a country, and defends the integrity of democratic institutions, securing the democratic decision-making processes and the sovereignty of a country.
The aftermath of these kinds of incidents takes a much longer time to handle than when they still have some news value. The personal data won’t just disappear once it has been made accessible. This is why it is crucial to recognise the protection of personal data not only as a fundamental right but as a part of national security. Data protection needs to be seen as a fundamental part of cybersecurity, and organisations need to ensure e.g. that Privacy by Design is integrated in all systems and digital operations. This is every organisation’s responsibility.
We support companies worldwide in safeguarding their data and ensuring compliance is integrated into their core business functions. Get in touch today and discover how Privaon takes the guesswork out of EU data compliance and evolving data demands.