Consumers once owned and protected their data independent of anyone else. Handwritten letters, paper bank statements, medical records locked up in a doctor’s office were once the norm. The online era of digitalization and social media has ensured this is no longer the case. The responsibility for both the security and privacy of data is rapidly becoming a joint effort between consumers, Service Providers and businesses as all three groups begin to coalesce around the concept of trust.
Reservoirs of information are being generated daily through the capture, distribution, storage, and analysis of data. IDC calls this the “global datasphere” and it is rapidly growing to a tune of 175 Zettabytes (ZB) by 2025 up from 33 ZB today. There is a massive multiplier effect also taking place as data creates data unto itself and can start to become far removed from the person impacted by it or making decisions with it.
We can all agree in order to make good decisions, you need good data. However, questions about the process have begun to emerge: Can I trust the data? Can I trust how it was collected? Can I trust how it was distributed? Can I trust how it’s stored? Having faith in the systems that touch the data every step of the way is essential. We used to take it for granted, yet major corporations have recently shown us how easily it can be abused. Now more than ever, organisations need to demonstrate they understand the seriousness of this responsibility with the actions they take. Respect for policy and respect for privacy will be a big part of the decisions on where to place data moving forward.
Cloud providers, social media companies, data center providers, businesses, and even governments, all need policies that put security by design and privacy by design as the fundamental pillars to build upon when it comes to protecting data. Consequences will be catastrophic if we don’t do the right thing in the right way in the right order.
Security by design comprises of the policies and procedures data center operators put in place to ensure the campus is safe from external threats and attacks. This includes the physical components of data center that need to be protected from any sort of theft or malicious attack – the connectivity, infrastructure, cabinets, etc. There are many long standing best practices in this field that make this pillar no less complex, but certainly more straightforward.
Privacy by design, on the other hand, needs to secure the data you can’t physically see. It’s not just protecting data from bad actors with dishonorable intentions either. It also needs to take into account human error in both individuals and within companies. Human nature is to make mistakes, but organizations need to have an awareness of those mistakes and understand the impact to society. It can’t be 100% accurate all the time, nor should the expectation be that.
When you look at flying in an airplane or driving a car, mistakes happen that can have deadly consequences, but society still carries on using those modes of transportation. Over the decades the aviation and automobile industries have had to figure out how to make transportation safer. We never expected people to stop driving or flying.
It should be the same in how we think about our data. Data will continue to be created. It’s not realistic to think individuals will stop using devices to prevent that from happening. However, it is up to the content generators, service providers, data center industry, etc. to determine how to make it safe for everyone to use. Consumers also need to not just tick the box when the terms and conditions pop up on a website. They have a duty to better educate themselves on what they are willing to give up in order to take advantage of the conveniences that are readily available. This is the foundation for building trust in a digital age – a responsibility we all share.
By Garry Connolly
