I had a great podcast yesterday, in which I interviewed a CEO and owner of one of the top Cybersecurity firms located out on the West Coast. We did talk to a very small degree about COVID19, but the main intention of what was to discuss some of the ramifications from it.
Of course, this something that I have elaborated upon quite a bit in past blogs, so need to enumerate on them again. But keep in mind that as the Remote Workforce is now going to be a reality for probably quite a long time to come, there are other issues that are coming about as well.
For example, one is about the motivation of the IT Security teams (this was actually the main focal point of the podcast). As we know, they are totally overtaxed today, as they are not only trying to keep up with their job duties, but now have been asked to help out their IT Department as well.
Another key issue, although not a new one, but is starting to remerge again is about data privacy and compliance.
When COVID19 first broke out, the first main fear and fire to out was that of all of the new threat variants that were emerging. Although this still continues, people are now starting to worry about how their Personal Identifiable Information (PII) records will be kept protected now that Corporate America seems to be now morphing closer and closer to a 100% virtual world.
In this blog, we further examine these fears and concerns through a series of studies that have been conducted by various Cybersecurity firms. Here we go:
*The Issue of Data Privacy:
This is a study that has been conducted by the Ponemon Institute. As you can see from the graphic up above, the misuse of the PII records is a huge concern amongst the people surveyed. For example, the biggest concerns are loss of Civil Liberty rights (at 56%) and ID Theft (at 54%). To be honest, I am sort of surprised with the first finding. Many people, especially those living in California or are customers of California based businesses, now have much greater control over their PII and how it can be disseminated by the CCPA.
This is a study that has been conducted by Akami. It specifically deals with the CCPA, as just previously described. Although this piece of legislation was passed in 2018, it wasn’t actually starting to get enforced until this year. The penalties for not coming into compliance can quite harsh, from a financial standpoint. But according to the illustration above, there is still a huge gap of miscommunications between the state of California and all of the municipalities that are in it (at 47%), but worst of all, 46% of the businesses there do not even know what kind of PII datasets their particular databases hold. This is a huge liability, as residents in California can now have their PII records deleted upon request. How can this happen if businesses don’t even know what they have???
*Loss of Control:
This the same study conducted by the Ponemon Institute. According to the graphic above, many people, despite the passages of both the CCPA and the GDPR, still feel powerless as to how their PII datasets are being handled. For example, 74% of the respondents feel that they have no control over this as their PII is being shared with other, external third parties (at 74%), and 46% of them simply do not even submit their PII as much as possible. This is quite surprising, as one of the biggest requirements of the CCPA is that they must stipulate to both California residents and customers how their PII records are being used by third parties, and the justification for doing so. Also, if they don’t want to share their PII with external, third parties, then the businesses in question must abide by that request, provided that it is submitted in writing of some sort (either a hard copy letter or an Email).
*The Tracking of People:
This is a study that was conducted by Pew Research. And, it is going to be a huge hot button topic, as it deals with the tracking of people who have tested positive for COVID19, or those that have come into contact with others that have the virus. For example, as one can see in the illustration up above, 62% think that it is totally wrong that federal government can use data captured from the cell phone in order to enforce social distancing rules. This fear also transcends down to the levels of the local governments and law enforcement. 54% believe that contact tracing should be banned all together, and a 48% of the respondents feel that the data collected from any type or kind of mobile tracking app should not be made available for third party research.
*The Need For Accountability:
This is from the same study that was conducted by the Ponemon Institute. According to it, the respondents feel that both Corporate America as well as the Federal Government need to maintain some degree of accountability for the various legislations that are passed to protect the data privacy rights of American citizens, especially starting off with that of the CCPA. Quite interestingly, almost 30% of the respondents feel that some sort of combination from both businesses and the federal government is required.
My Thoughts On This
As mentioned, data privacy is now going to be a huge issue that is going to further brew and explode onto the scene in a big way probably starting around 2021. The main catalyst that is going to further drive this are the fears surrounding COVID19, especially when in it comes to use mobile apps to track you down.
Although I understand the need for something like this, I am totally against its use. I don’t want to be tracked by the government, no matter at what level it is at. Further, I don’t even want to be tracked down by law enforcement either.
To the best of knowledge, there have been no studies that have been given as to the reliability and effectiveness of such tracking tools. Further, the use of such mobile apps can be a huge Cybersecurity threat as well, after all any kind of rogue application can be created which looks completely authentic and real looking.
If people want to use such a mobile app, then they should be able to, but they should be given that choice, it should not be mandated by any entity, whether it is public or private.
As regards to the issue of Accountability, this in my view, is going to be very difficult to enforce, The primary reason for this is that now all of the remaining states want to start to create and enforce their own versions of the CCPA.
Now, if there are 50 different versions of this, how in the heck is this going to be enforced??? As a result, there now have been cries Washington, DC for a bill to enact a federal Cyber data privacy law, so that it can be enforced in one fell swoop, something that would very much closely resemble the likes of the GDPR.
Although the idea of this is certainly plausible, don’t expect it to happen any time soon. Heck, if the lawmakers can’t even come into agreement for a second COVID19 stimulus bill, do you expect them to act quickly on this? Probably not.