Expert Witness: Emerging difficulties with personal data

It’s no longer simply a question of having data stolen, but also the concern that the data will be altered to make it unusable or incorrect — and your company may not even know it!  It is therefore critical that companies establish the most effective strategies to protect important data. Once they have ascertained the criticality of what needs to be protected, they can prioritize and allocate resources to avoid and mitigate cybersecurity threats. 

Email for example, involves both data at rest and data in transit. When an email sits in your inbox, it’s considered data at rest. Once you create a new message and click “send,” it becomes data in transit. When it arrives in your recipient’s email box, it again becomes data at rest.

The use of encryption is an important component of data security for both data in transit and data at rest.  When you transmit information over an open network such as the Internet, you have no control over which servers and devices the information will pass through along the way. This is why it’s imperative that everyone within your company uses a secure, encrypted connection via your website. Data at rest is subject to cyberattack. This is also why it is also important to use methods of data at rest encryption which involve the use of third-party encryption solutions to protect important data.

Cryptography Law deals with legislation ensuring that information is secure and transmitted confidentially. It’s important to be aware that  GDPR, for example, applies to organizations inside and outside the EU who handle the personal information of EU citizens, and PCI DSS applies to virtually anyone who handles card payments. These laws will change but so will the state of encryption. There is now, for example, Homomorphic encryption which transforms data and algorithms before processing and analytics. It enables algorithm providers to protect their algorithms and data owners to keep data private. 

Thinking about the issues and unpacking them, it will be increasingly difficult to protect data and ensure compliance as security becomes more complex and opaque.  As the increasing demand for data grows with artificial intelligence and other applications, the litigation surrounding data privacy and security will also grow.