The importance of data protection in business – Knowledge is power
By Beth McGuinness, Data and Analytics lead at IQbusiness
The old adage that “knowledge is power” remains as relevant today as ever. This is the very premise on which knowledge giant, Google, has made its impact on our modern world – and indeed its fortune too. But what happens if the information used to enable that knowledge is at risk? Companies need to recognise the value of their data and take steps to protect it if they are to thrive in the knowledge economy.
If knowledge is power, then data is the key to unlocking that power
The sheer volume of data that is processed daily is growing exponentially. Big data stats for 2020 estimate that every person generates 1.7 megabytes in just one second, while Google gets over 3.5 billion searches daily! At an organisational level, 97% of organisations are investing in big data and AI. Having access to accurate data changes how companies make business decisions, which technologies and products they use, how they interact with their customers, and how their partner ecosystems are built.
The need for data security
Data is a valuable business asset, but when this asset lands in the wrong hands, the results can be devastating. This was witnessed recently in a security breach at credit reporting agency, Experian. While it is reported that the threat was contained for the most part, the South African public and business sector were shaken, and confidence was lost as many realised how vulnerable our personal information still is.
Protection of personal information
While the protection of information is everyone’s responsibility, it is the duty of those entrusted with access to sensitive personal information to be scrupulous about keeping it secure. In South Africa, up until very recently, there was no legal obligation on the part of an organisation to inform its members or customers that their personal information had been compromised when they experience a data breach.
The recent commencement of most provisions of the Protection of Personal Information Act, 4 of 2013 (POPI), as signed into law in South Africa on 1 July 2020, has done much to change that. From now on, responsible parties are required to take steps to secure the integrity and confidentiality of personal information in their possession. They need to take measures to prevent the loss of, damage to, or unauthorised destruction of personal information. They also need to prevent unlawful access to, or processing of, personal information. They must identify reasonably foreseeable risks to personal information; implement safeguards to reduce these risks; and ensure that the safeguards are effective and continuously updated in response to new risks. This applies to all personal information that companies are collecting, whether it’s related to customers, staff or suppliers.
According to the new legislation, responsible parties have a 12-month grace period in which to comply. After that, failure to protect personal data or to notify any affected parties of data breaches is constituted a violation of the POPI Act and may result in a hefty fine, imprisonment, or both. Damages may also be awarded against the responsible party, whether the breach was notified or not.
The importance of ethical practice
After their data breach, the Experian brand will take some time to recover from the public’s perception of their negligence. For this reason, it’s crucial for organisations to ensure a faultless approach to data protection. With stringent security measures in place and demonstrable ethics to support them, companies will establish and reinforce public trust in their brand. The more this is realised and felt throughout the organisation, the greater the levels of consumer and investor loyalty will be. As well as this, if a data breach does happen, and an organisation has a clearly outlined code of ethics associated with data protection, that organisation will not be subject to penalties, fines, or civil suits.
The role of cybersecurity
Security technology is a critical part of IT infrastructure required to defend against the rapidly evolving threat to data protection. Gone are the days of simple firewalls and antivirus software being the length and breadth of a company’s security measures. Virtual servers automatically generate system backups and recovery in the event of suspicious activity or lost and stolen devices containing crucial information. In fact, with virtual servers, sensitive data no longer needs to be stored on company or personal devices at all as it’s maintained securely in a centralised server. In addition, virtual server hosting solutions allow businesses to scale up or down, as required. Any new users can be allocated access to specific information only, ensuring that sensitive company data remains ring-fenced.
In conclusion, individuals and businesses need to take responsibility for the security of both personal data as well as that of their customers. The consequences of negligence are costly and long lasting – both to your bank balance and your brand reputation.