Story image

Why you can't afford to ignore data breach legislation

16 Apr 18

As more countries adopt data privacy legislation such as the European Union’s GDPR, businesses are under more pressure than ever before to keep customer data secure – and they can’t afford to ignore it.

That’s according to enterprise tech provider Intralinks, whose senior vice president of sales for Asia Pacific and Japan, Allan Roberson, believes that the costs of a data breach are high.

Those costs include financial losses and damage to an organization’s reputation, but with breach legislation those damages can also include fines and penalties.

“New Zealand’s Privacy Commissioner has mooted the idea of a NZ$1 million fine for a company that experiences a data breach. This highlights the value of data, the costs of leaving it inadequately protected, and the risk to businesses that don’t take data security seriously,” he explains.

Of course, New Zealand isn’t the only country looking to put legislation in place. Australia’s Privacy Act (Notifiable Data Breaches) legislation (NDB) takes a similar approach.

“Given the high stakes involved in data security, companies need to retain as much control as possible and to know that their customers’ data is secure. They can’t leave security up to chance and it’s no longer good enough to leave it purely in the hands of the IT team. Information security must be a board-level issue with companies’ security posture mandated by senior leadership,” Robertson says.

“Even if a company isn’t subject to NDB or GDPR legislation, it’s impossible to overstate the value of retaining full control and visibility into where data is stored, who can access it, and what they can do with it.”

While it’s easier to keep information secure when it’s inside a firewall, businesses need to know what happens to that information once it leaves the firewall. These situations will be more common as companies do business with partners and customers across international borders.

They need to define a new global perimeter that protects this information to a level that meets international data privacy requirements, the company says.

“This requires businesses to implement information security measures that put the power of protection back in their hands. For example, they need to know where their encryption keys reside to protect their confidential data in the cloud, as well as how sensitive and confidential information is consumed, downloaded, and edited at the file level, no matter where it is in the world.”

Palo Alto Networks integrates RedLock and VM-Series with AWS Security Hub
AWS Security Hub is designed to provide users with a comprehensive view of their high-priority security alerts and compliance status.
Juniper simplifies data integration to improve threat detection
Updates to the Juniper Advanced Threat Prevention Appliances leverage third-party firewalls and security data sources.
Is mobile shopping compromising your enterprise security?
When employees do their holiday shopping on company resources, security teams have a challenge with the surge in browsing and online transactions.
Different approach to malware detection needed – VMware
Security needs to move away from the traditional approach of chasing after arbitrary forms of malware.
Modernising ERP systems can help organisations comply with GDPR
“Organisations need to look for modern ERP systems that are specifically designed with GDPR in mind."
Cyber attacks develop complexity, target Windows sysad tools - report
The report explores changes in the threat landscape over the past year, uncovering trends and how they are expected to impact cybersecurity in 2019.
DanaBot banking Trojan: How to protect your organisation
DanaBot is a Trojan written in the Delphi programming language that includes banking site web injections and stealer functions.
Ping Identity announces new Identity-as-a-Service solution
PingOne for Customers is built for the developer community and provides API-based identity services for customer-facing applications.