With consumers required to divulge personal details to access many apps, ensuring the safety of data has become a collective responsibility. NEIL COSSER, Identity and Data Protection Manager for Africa at Gemalto, believes encryption is key to safeguarding data.
As technology continues to shift and shape how we connect with each other and brands, personal data has become a highly valuable and lucrative commodity. With consumers required to divulge personal details to access most of the plethora of apps available, ensuring the safety of data has become a collective responsibility: shared between service providers, app developers and the individual themselves. What does this mean for mobile providers, banks, government and brands, especially as South Africa starts grappling with the Protection of Personal Information (PoPI)? And what does it mean for consumers and corporates doing business across our shores, many of whom are still blissfully unaware of the risks involved?
Driven by relentless news of security breaches and data loss, many governments around the world are considering introducing or are in the process of introducing legislation that will help protect the personal data of their citizens. For example, the European Union has adopted the General Data Protection Regulation (GDPR) in April 2016. There are obvious signs that significant risks lie ahead if companies do nothing to change how they protect data because the new regulation will have major implications for all the ways in which data is collected, stored, accessed and secured. Locally, certain sections of the Protection of Personal Information Act (PoPIA) have already commenced (under proclamation No. R. 25, 2014).
But what does compliance mean for local businesses?
Given the proliferation of technology and what it has come to mean for companies, it is now an imperative for businesses to deploy suitable mechanisms to process personal information of employees, customers or other business stakeholders. This is done with the view to implement organisation-wide privacy initiatives in order to comply with the conditions of the Act. Compliance will have an impact on the processes, technology and manner in which stakeholders – particularly within the employer and employees parameters – handle and process personal information.
According to renowned provider of legal solutions, Michalsons, GDPR’s grace period has been earmarked to end on 24 May 2018 – thus making it legally enforceable from that period onwards. Locally, we can expect PoPI’s grace period to end soon after the GDPR’s. Organisations that have to comply with both the PoPI Act and the GDPR might focus on complying with the GDPR first and then POPI second. Taking this approach could offer prudent lessons for businesses through the compliance of GDPR that can be applied to PoPI.
The writing on the wall
The release of Gemalto’s 2016 Breach Level Index (BLI) report has offered an intriguing backdrop to the issue of data management (particularly where data protection is concerned) in the local context. A key takeout from the 2016 report highlighted that that we cannot argue that we have a growing data security crisis evidenced by the almost 1.4 billion records being compromised during 2016. The sad truth is that this number is actually higher, because most breaches go unreported worldwide. This is particularly worrying given the impact that a data breach can have on an organisation’s reputation and ultimately revenue.
The Ponemon 2016 Cost of Data Breach Study indicates that the average cost of a data breach to a businesses now stands at $4 million (average cost per record $158), with reputation and the loss of customer loyalty most heavily impacting the bottom line. In fact, our research revealed that two thirds (66%) would be unlikely to do business with organizations responsible for exposing financial and sensitive information.
It’s all about action
The debate surrounding data protection vs. impact on reputation and revenue is not a new one but it seems that many executives agree that the issue is of data security is still taken for granted by those businesses with a big user base. This was the sentiment shared by the panelists who formed part of our Gemalto BLI roundtable event hosted on 28 March 2017 in Johannesburg.
Justin Williams, Executive: Group Information Security at MTN reiterated that consumer data is a prized commodity and it cannot and should not be taken for granted. “There is a concerning lack of regulation in Africa. Beyond the strict requirements of the regulations, what companies really need is to shift to a new data security mindset,” he explained. He added that now is the right time for businesses to start taking steps now to prepare for implementation of the new rules.
Williams’ advice begs the question, what should organisations do to limit their risk of breaches and ensuring that consumer data is protected against all odds. The answer to this is simple; securing a breach is the first point of call. Organisations should consider three factors when building a comprehensive data protection strategy. Firstly, we need to analyse where data being stored – is it in a database, file servers, virtual environments or the cloud? Secondly, how and where are encryption keys being secured? Finally, who’s accessing the data and more importantly, how is this access being controlled?
Once these three factors have been understood, this can then be converted into a three-step approach to data protection which includes encrypting all sensitive data, storing and managing encryption keys and lastly, controlling access.
Fail to prepare, prepare to fail
Today’s security strategies are dominated by a singular focus on breach prevention that includes firewalls, antivirus, threat detection and monitoring. But, if history has taught us anything, it is that walls are eventually breached and made obsolete.
The next and last layers of defense need to be around both the data and the individuals that access the data by surrounding them with end-to-end encryption, authentication and access controls that provide the additional measures necessary to protect customer data.
Security professionals will always need to consider the need to perform specific risk analysis in order to implement the organisational and technical measures that are needed to prevent, detect, and block data breaches. Data encryption solutions provide an essential basis for achieving reliable data unintelligibility. When encryption is combined with other measures, such as secure key management and access controls, these mechanisms provide a robust foundation for achieving compliance with applicable EU data protection laws.
The reality is that our world is quickly becoming an Internet of Things where every person, place, thing and organisation is connected to each other through the Internet. The proliferation of the cloud, digital content, mobile device usage, online banking, e-commerce, and social media means that we are creating, accessing and storing data and conducting transactions in more places than ever before. We simply have more to manage and more places of exposure.
For Joe Pindar, Research & Development Director: Identity & Data Protection at Gemalto, transparency is the best paved road to ensuring consumer trust. Security should be a key consideration for all businesses going forward. Telling customers about the security measures your organisation has put in place to protect their data can go a long way in cementing customer loyalty. “If you are doing something better than the rest of the industry, like encrypting data end-to-end, then you might be seen as a trusted innovator.”
As we look towards the future of data management and in order to be ready for upcoming legislative changes, companies need to start taking steps now and change their security mindset about protecting customer data. The signs for taking action are obvious. It’s clear that being breached is not a question of “if” but “when. Companies should move away from the traditional strategy of focusing on breach prevention, and move towards a ‘secure breach’ approach. This means accepting that breaches happen and using best practice data protection to guarantee that data is effectively useless when it falls into unauthorised hands. Traditional approaches to data security do not work anymore, and if companies don’t wake up to this new reality soon, the consumer revolt will come.
Meet the ambassador to the future
Tilly Lockey, 14, lost her hands as a toddler, but sees it as a massive opportunity to embrace technology. She chatted with ARTHUR GOLDSTUCK about the human of tomorrow.
It is a description that defines 14-year-old Tilly Lockey: She lost her hands at the age of 15 months, and now uses bionic hands to show the world how to overcome disability.
That could easily read as an advertisement for a prosthetics company, but Tilly refuses to be defined by marketing messages. She has not only embraced what is supposed to be a disability, but wants to become nothing less than an ambassador to the future.
That is in effect what she is achieving by pushing the boundaries of what is possible with artificial hands. It means that, eventually, she will have more capabilities built into her body than most able-bodied humans can imagine. She collaborates closely with Open Bionics, a start-up that is using 3D printing to create low-cost prosthetics with high-tech capabilities.
“I have very high hopes for the future,” she said during a chat on the sidelines of the SingularityU Summit at Kyalami north of Johannesburg. From Newcastle-on-Tyne in the United Kingdom, she was at the Summit as a guest speaker, chaperoned by her father Adam and sister Tia.
“When I started working with Open Bionics, I wanted it to include lighting, music, Bluetooth, a projector in my palm, all over-optimistic things. But then I feel that is not too far away, and then a disability would turn into and enhancement of normal human hands. I’m really excited about it.
“I know there’s a couple of things they are working on right now, like trying to get the built-in battery thinner, because it’s hard to get overcoats and jackets over it, so they are trying to get the hands slimmer. They’re working on haptic feedback, to give a sense of touch of vibration, which tells me of I have a good grip on something. It could be coming soon. These hands I’m using now were made in the past five years. In another five years, I think we’ll have all of it.”
The hands in question are called Hero Arms, which its creators, Open Bionics, say is “the world’s first clinically approved 3D-printed bionic arm, with multi-grip functionality and empowering aesthetics”.
Click here to read more about the development of Open Bionics’s Hero Arms.
How Tilly Lockey became a Hero
Part 2 of ARTHUR GOLDSTUCK’s interview with Tilly Lockey explores her amazing career.
This is the second part of this series of articles. To start from the beginning, click here.
Tilly Lockey was diagnosed with Meningococcal Septicaemia Strain B when she was 15 months old.
Her mother spotted the tell-tale signs one day in 2007: a fast-spreading skin rash that looks like pinpricks, along with symptoms like lethargy and bruising. She was rushed to hospital, but the bacterial poisoning spread so aggressively, doctors gave Tilley no chance of survival. They had to make a quick decision to amputate her hands to save her life.
Twelve years later, her future truly came into focus: “I was surprised with really cool Alita: Battle Angel bionic Hero Arms and went on the blue carpet at the world premiere of the movie with Rosa Salazar and director James Cameron.”
That pivotal moment in her life would not have been possible without the intensive efforts of her mother, Sara, to raise funds to buy something better than the metal prosthetics issued by the National Health Service in the UK. She increased Tilley’s profile with a campaign to “Give Tilley a Hand”, and today works as a fundraiser and events organiser for the Meningitis Now support group. Her involvement in an event meant she was unable to join Tilley on her trip to South Africa last week, when she spoke at the SingularityU Summit. After coming off stage, Tilley told us that Sara was her biggest inspiration in her life, and the closest to a role model.
“I’m usually a speaker at her events. I tell everyone my story and what I’m doing now and give these kids inspiration, because they often feel they can’t do anything because of what Meningitis did to them.
“I am home schooled now, which is pretty cool, because I’m able to have a career and get educated at the same time. I feel I can do a lot of things that friends can’t do. I can take a whole class on an aeroplane. I have a great time traveling and meeting so many inspiring people who are making a difference in the world.”
The form of Mengingitis that attacked her leaves hidden scars and issues that only become apparent years later. She is almost absurdly cheerful about the challenges that have faced her.
“I personally figured out that my left leg had stopped growing. I’m still finding out things it has caused, but you survive. At least I’m here and I’m alive.”
It does help that she’s comfortable in the spotlight, happy to give interviews, and eager to show what she can do with her bionic hands.
“I want to go into public speaking a lot more, and it could be an option as career. I want it to continue because it’s a lot of fun, and I feel I’ve got a story to share. If I can inspire people to change the world, I will. “
Her travels this year will still take her to Barcelona, Jakarta and New York. In the Big Apple, she will accept a humanitarian award, and intends “to give a funky speech”.
In Jakarta, Indonesia, she will take part in a fashion catwalk and do a makeup tutorial live. She learned to do makeup with one of her bionic hands when she fractured her right elbow in a fall at school
“I got makeup for Christmas and wanted to play with it, and got the idea of doing it with an open hand. It took a lot of perseverance and patience, but after studying how to do it, I was able to recreate a full makeup routine using one hand. It wasn’t a great situation at the time, but now I’m happy it happened because it got me into doing what I do now.”
What she is doing with makeup is remarkable in its own right. She gives tutorials on YouTube, where she says she is “kinda new”, as she has “only around 16,000 followers”. That may well soon expand into cooking videos.
In other words, everything is an opportunity: “I could be sad, just sit on my bed and cry, or I can live my life and realise what I’ve got: these amazing bionic Hero Arms.
“All I want to do is help give people confidence in themselves, accept who they are, accept their scars and everything about them. That they don’t have to impress everybody and just be themselves.”
Read more in the third article of the series about how family remains at the centre of Tilly’s life.