Last week the Information Comissioner’s Office (ICO) in the UK issued Facebook with a fine of £500 000 after it failed to safeguard the information of its users, breaching the Data Protection Act of 1998.
If you happen to be a business owner that handles customer data you are likely worried about how regulations such as the General Data Protection Regulations (GDPR) in the UK and South Africa’s Protection of Personal Information Act (POPIA) will affect your company.
In a bid to find out more about how ICO’s ruling affects local business, we spoke to Juan Furmie, COO and Co-Founder at ThisIsMe.
ThisIsMe specialises in identity verification and know your customer (KYC) solutions for business. For individuals ThisIsMe offers identity theft insurance, credit monitoring and identity alerts.
“The introduction and implementation of new regulations such as GDPR and POPIA is definitely a step in the right direction. Although the fines facing Facebook are pretty irrelevant in a financial sense, they are a necessary market signal to all organisations, big and small, that data privacy is a real issue and needs to be taken seriously,” says Furmie.
It sounds simple enough but running a business is tough, and it’s easy to get caught up in the day to day operations while forgetting about data security.
That having been said, telling a judge you were too busy worrying about accounts to concern yourself with cybersecurity, is not something that would avoid a fine.
Prevention is better than cure
Surprisingly the first bit of advice Furmie gives us about mitigating the risk of a data breach – and the regulatory hammer that would follow it – is to be honest with your customers.
“At ThisIsMe we’re always open and honest about why your information is being gathered, so that users know why we are gathering data and its purpose,” Furmie tells us.
Informing users puts the power in their hands as they are at liberty to decide whether or not they want to hand data over to a service or not.
There is some responsibility on the part of users as well. “If you aren’t happy with your data being stored on a server in Ireland for example, then you have every right not to use the service,” says the COO.
“I think businesses need to move toward this model so the customer knows what they are doing. It’s a step in the right direction,” he adds.
Businesses should also conduct a full assessment of how sensitive information moves, where it’s stored and that data’s retention period.
“Once you’ve done that you’ll have a clearer picture of where your risk lies and then you can start mitigating it,” Furmie stresses.
Insurance is vital
Any company that handles user data should be taking out cyber insurance says Furmie, irrespective of the size of the firm.
“You have to get insurance for breaches and a couple of forward thinking insurers and underwriters in South Africa have already started offering and issuing those sorts of policies. Insurers will also require you do an assessment of your data practices but will often guide you through this process,” he notes.
The co-founder reckons that by the end of the year the cyber and identity theft insurance sector in South Africa will be highly competitive. The reason for that is simple, the threat is very real and we’ve seen this with firms like Liberty Group recently disclosing a breach of its network.
As many cybersecurity experts will tell you, it’s not a matter of if you will be a victim of cybercrime but when. This goes for individuals as well as business as Furmie explains.
“If you think ‘Oh what does it matter if they have my information and that they can pretend to be me’ well they can pretend to be you and get access to credit and identity theft. This can lead to not only financial damage but result in reputational damage as well. It’s going to be necessary for everybody to protect themselves and take the precautions needed to secure their data.”
Data protection has become vital for any business especially with high-profile cases involving firms such as Facebook grabbing headlines. Now more than ever it is important to secure your data and the data of your customers or risk massive penalties.[Image – CC BY 2.0 Simon Cocks]