RANSOMWARE TRACKING MAPS

Recent problems experienced with Ransomware are evident from infections, which have occurred in 99 countries including China and Russia. The organization that was worst hit by the attack was the National Health Service in England. It was reported that there was a WannaCry programme that demanded...

Why Data Minimization Cannot Be Ignored

Data Minimization

With big data coming in full form to help Internet of Things (IoT) devices, companies are collecting more and more user data to help them create better products. In fact, some companies never delete user data, even if they are probably never going to use it. If you work in a tech company, we are sure you have never, ever heard your boss say – “Delete it.” Nobody deletes anything in the IT industry. Documents are versioned, and every version of them is kept safely on the company’s servers. In fact, Amazon’s CEO, Jeff Bezos was quoted saying, “We never throw away data.”

But, that’s just one part of the story. As the data increases at an exponential rate, companies need to get more servers, hire more staff to handle those servers and at the same time they have to make sure that all the data on their servers is secure, and it follows the guidelines set out by the government. This obviously increases costs, and it doesn’t make sense to pay for data that you are never going to use.

2016_Predictions_Infographic_001

(Infographic Source: Datameer)

This is the reason organizations are finally realizing that when it comes to data, “less is more” approach can go a long way. Governments are also taking note of the fact that companies all over the world are collecting more user data than they actually need in the first place, and this violates user privacy.

The European Union has already introduced an amendment to the Data Protection Act and according to this amendment, “Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.”

And this is the very core purpose of data minimization

What is data minimization

Basically, data minimization means only collecting a part of the data which is required by the organization and relevant to it as well. There was a time when collecting a large quantity of data suddenly became easy, organizations were bombarded with a large amount of data and they decided to save it all.

But as the IoT grows, organizations have several other ways to collect various kinds of data, and that also includes users’ private data. The main reason why organizations are continuously saving data even though they are not currently using it is because they think this data might come in use in the future. Though the fact is, it is technically data hoarding, and it is already causing organizations a lot of money.

Organizations need to practice data minimization

Google already announced last year that it will be taking user privacy seriously by offering more personalized features and storing less user data on its servers. Apple also followed the lead and announced that it would not be storing user data on the cloud on iOS 9 and the subsequent iOS versions. Instead, the private user data would only be stored on the local machine.

meta-data

As we mentioned, the major benefit of data minimization is lesser costs. After all, storing data costs a great deal. At the same time, storing less data also means the organizations are less prone to risks and breaches. If you are a rookie to regulations and compliances, then you should know that every company in a specific sector that stores user data online has to follow certain rules. And if they don’t, the government can file a case against them for breaching those regulations. For instance, companies in the health sector have to follow HIPAA and HITECH compliances.

But, what happens when an organization loses some of its data? Even though that data wasn’t useful for the company at all, they lose their reputation in the market, and they would also have to pay for data breach. According to a study conducted in 2009, the per-record cost of a data breach is $209. So basically, if a company loses 100,000 records of user data, then they would lose $20 million.

And with the new amendment in the European Union law, many European companies would now have to practice data minimization and make sure they are not collecting unnecessary user data.

In Summary

Organizations all over the world now need to think carefully before storing data. They have to analyze and decide if the data they are collecting is useful right now or it would be useful in the next five years, and they also have to decide if lesser sensitive data could be collected instead. Governments slowly realize the power of data and their laws will only get tougher from here.

By Ritika Tiwari

About Ritika Tiwari

Ritika is a Software Engineer by degree and a self proclaimed geek. She quit her IT job to become a writer and now, she writes about everything tech.

SYNDICATED NEWS SOURCES

Hack of U.S. securities regulator rattles investors, stirs doubts

By CloudBuzz | September 21, 2017

WASHINGTON/NEW YORK (Reuters) – Wall Street’s top regulator faced questions on Thursday about its defenses against cyber criminals after admitting hackers breached its electronic database of corporate announcements and may have used it for insider trading. The incursion at the…

Leaking Cloud Databases and Servers Expose Over 1 Billion Records

By CloudBuzz | September 21, 2017

Servers Expose Over 1 Billion Records As The Wall Street Journal recently pointed out, some clients of cloud service providers such as Amazon and Microsoft are accidentally leaving their cloud databases exposed due to misconfigurations of their services. Coupled with recent headline-making…

Thales Joins the Microsoft Enterprise Cloud Alliance

By CloudBuzz | September 21, 2017

SAN JOSE, Calif., Sept. 21, 2017 /PRNewswire/ — Thales, a leader in critical information systems, cybersecurity and data security, is now a member of the Microsoft Enterprise Cloud Alliance (ECA). Designed to foster innovation and promote awareness of partner solutions, the ECA membership…

Addressing the UK NCSC’s Cloud Security Principles

By CloudBuzz | September 20, 2017

As your organization adopts more cloud services, it’s essential to get a clear picture of how sensitive data will be protected. Many authorities, from government regulators, to industry standards bodies and consortia, have provided guidance on how to evaluate cloud…

RiskVision Named 2017 Cybersecurity Breakthrough Awards Winner

By CloudBuzz | September 20, 2017

RiskVision Named 2017 Cybersecurity Breakthrough Awards Winner for Enterprise Risk Management (ERM) Software of the Year SUNNYVALE, CA–(Marketwired – Sep 20, 2017) – RiskVision, the enterprise risk intelligence company formerly known as Agiliance, today announced that the RiskVision platform has…

Amazon working on ‘smart glasses’ as its first wearable device: FT

By CloudBuzz | September 20, 2017

(Reuters) – Amazon.com Inc is working on its first wearable device – a pair of ‘smart glasses’, the Financial Times reported on Wednesday. The device, designed like a regular pair of spectacles, will allow Amazon’s digital assistant Alexa to be…