Software - How to protect data in the face of security breaches


 By Steve Latchem, Senior Vice President of Global Solutions, Mastek

 With the storage and transfer of electronic data now part of everyday life, data protection is more than just a legal requirement: it is also a moral one. Every individual has the right to privacy when it comes to his or her personal data, yet mistakes can and do happen, and private data can be easily exposed.

 In many of the recent highly publicised data breaches, the organisations involved have no doubt made significant investment in traditional security measures, like locked-down firewalls, secure sessions management, and perimeter protection around their data centres. However, no matter what level of security is put into place, if the raw identifiable data for customers is stored in databases and an attack breaks through, this data is openly available to be extracted.

 Furthermore, we are seeing more and more reports in the press of cases of human error, where data has been left on portable memory devices in public places – compromising the security of the individual’s data stored on these mislaid devices. The increasing number of cases relating to data security breaches, stolen laptops and mislaid memory sticks highlights the need for tighter controls and greater protection over private information and data, ranging from confidential company records to customer information.

 As such, any organisation that handles personal data needs to have an effective strategy in place to meet all of the relevant legal requirements in this area, not only to protect themselves against the risk of incurring significant fines, but also to avoid damage to both their brand and reputation as the result of non-compliance.

 Mastek recently commissioned some research in this area in order to determine current attitudes towards data protection in financial services. We found that a great number of respondents in financial services (64%) felt that tighter controls are needed to protect sensitive information and data, even though more than half (56%) of this same group were unaware of the maximum fine for breaching government data protection policy.

 An effective solution to this need for tighter controls lies with pseudonymisation, where raw identifiable data is replaced with real, but non-identifiable data values. With this model, even if the data is left on a memory stick on a park bench, there is no risk to the organisation’s reputation, or its customers’ security.

 Pseudonymisation technology works by transforming identifiable user data into "less identifiable" forms, by replacing those identifiable fields within a data record with one or more artificial identifiers. For example, the name ‘Steve Latchem’ is magically changed to ‘John Smith’, therefore any attack will sadly, for the hacker, bear no fruit. As opposed to anonymised data, pseudonymised data can be linked back to the individual concerned by the data sender, if required. As such, it must be noted that, even though data encryption and pseudonymisation both protect privacy, their usefulness may vary depending on the usage of the data, so organisations will need to seek advice and carefully consider which technique will best support their particular needs.

 The key issue with encryption is that to share the data, the key must also be shared, meaning that once the recipient has used the key to decrypt the data, the raw data is once again uncontrolled, and therefore vulnerable. T he overzealous use of encryption can also sometimes damage an organisation's ability to share important data, whereas pseudonymisation can often help to streamline this process, without the need to compromise on security.

 The overall aim of implementing pseudonymisation is to facilitate the multi-party management of private data. It is an important function for any modern organisation that needs to keep private data secure, especially in the wake of recent government legislation and a number of large fines from the ICO hitting the headlines.

 It’s encouraging to see that, from Mastek’s research, 50% of respondents from financial services said they expect to use encryption of electronic data before transmission more often in the next three years. This focus on data security is a vital necessity, as new threats to privacy are emerging on a regular basis, whether through user error, system malfunction, or as the result of malicious intent. Organisations must therefore make a firm commitment to maintaining the security of their data, not only to protect themselves from negative publicity, fines and other sanctions, but also because the right to privacy is an inherent right for everyone.
  

Back to Index


Similar News to this Story

D Day 10 Facts
On D-Day, 6 June 1944, Allied forces launched a combined naval, air and land assault on Nazi-occupied France. The 'D' in D-Day stands simply
Mike Johnson joins Hymans Robertson after two decades at Aon
Hymans Robertson has appointed Mike Johnson to join its Birmingham office as a Partner in DB Investment. He will focus on growing the office’s Defined
Up to 55x faster modelled results with Remetrica V8
As analysts, you require faster runtimes and more efficient ways to build and expand risk and capital models. As management turns to modelled insights

Site Search

Exact   Any  

Latest Actuarial Jobs

Actuarial Login

Email
Password
 Jobseeker    Client
Reminder Logon

APA Sponsors

Actuarial Jobs & News Feeds

Jobs RSS News RSS

WikiActuary

Be the first to contribute to our definitive actuarial reference forum. Built by actuaries for actuaries.