In today’s blog, we are going to continue with the theme of what Cybersecurity could be like next year, for 2021.  In yesterday’s blog, we talked about the theme of the Cloud based environments, especially that of both the AWS and Microsoft Azure. 

But there is yet another one that is out there, and is it is predicted that it will become very resonant next year.  Many of the folks in Cyber have heard and even dealt with it, and to the normal, everyday American consumer, some may or may not have heard about it.

That is, the issue of Data Privacy.  True, this is a subject that has always been around to haunt us in some way or another, but not to the degree that it has this year.  A lot of this has been fueled by the COVID19 pandemic, and the Remote Workforce that has precipitated as a result of it. 

Another sub catalyst for the emergence of Data Privacy has been the meshing of both the home networks and corporate networks as many Americans are WFH and are expected to do so for a long time yet to come.

Because of this being all intertwined with another, there is the grave fear that critical information and data about a business will be more prone to malicious third-party interception more than ever before.  While the corporate networks may all of the needed security precautions embedded into them, this is not true of the home networks. 

Most households have probably just a simple wireless connection, which is protected by a mere password.

This is a technical issue that still needs yet to be resolved, even going into 2021.  So back to where we started…how will the Data Privacy landscape evolve next year?  Here are some predictions:

*More Data Privacy Laws will be coming down the pike:

The two biggest pieces of legislations in this regard are the CCPA and the GDPR.  While the main thrust of these two, all encompassing laws are to protect the Personal Identifiable Information (PII) datasets of citizens (as well as to give them more rights), they have different purposes to varying degrees.  With the CCPA, the legislation is primarily designed to protect residents and consumers that live out in California.  The GDPR is also supposed to do the same, but for people that reside in the European Union (EU).  Also impacted are business that conduct transactions and have a physical presence in both geographic regions.  Typically, if a company is suspected of any misuse of the PII datasets, they can come under the eyes of both state and federal auditors and be totally scrutinized.  The end result is a horrible financial penalty (under the CCPA, it can range anywhere from $2,000.00 to $8,000.00, and for the GDPR, it is 4% of the gross revenue of the business in question).  But because once again of COVID19, many audits have been put on hold, as well as the financial penalties.  But this is expected to ramp up quickly in 2021, and thereafter.  Because of this, many states are now starting to formulate their own versions of the GDPR and the CCPA.  While this may be good for residents living in those particular states, it just makes things that much more complicated for businesses that have a physical presence in those areas.  For example, if a business has a physical presence in both California and say Illinois, they will be forced to address varying compliance issues.  In fact, companies are already complaining today that it just takes too much time and money to already come into compliance with the both the GDPR and the CCPA.  Now imagine this scenario if each of the 50 states adopted their own Data Privacy Laws in 2021?  Or worst yet, more countries around the world adopt their own frameworks for this?  While the intent of these laws are good, the real ramifications are going to be very difficult to deal with in 2021.  Therefore, there have been cries in DC for both the Congress and the White House to come up with a Data Privacy Law that can be passed at the federal level, so that there will be a uniform set of standards and best practices that can be adopted and followed.

*Gaining access to Encrypted Information:

It is expected that in 2021, that governments around the world, especially here in the United States, will want to gain access to such information and data in the name of national security.  Probably some of the most efforts in this regard has been the FBI asking Apple to give it the ability to jailbreak into its iPhone device, in order to collect digital evidence that was going to be used in certain federal cases.  Of course, Apple never gain in, claiming that it is trying to protect the Data Privacy of its consumers.  The technical term for these Encrypted communications is the “Backdoor” – which should not be confused with backdoors in the world of software development.  However, this topic is going to be a difficult one to resolve.  The real fear here is that if a government can gain access to this, how far can they go in spying on its own citizens.  Therefore, there are talks now of trying to find a balance here – for example, giving law enforcement agencies just enough of what they need, and no more, in an effort to protect the Data Privacy of the citizens.  In fact, the EU is already considering a unique way in which to gain access to Encrypted information and data without actually having to break into the Encryption protocols that are being used.  More information about this effort can be seen here at this link:

https://www.darkreading.com/endpoint/whats-in-store-for-privacy-in-2021/d/d-id/1339529

*The Misuse of Artificial Intelligence (AI) and Machine Learning (ML):

These are some of the biggest buzzwords that are being bandied about in the world of Cybersecurity today.  While the intent of these two technologies is good, it is expected that there will be a lot of fear of their potential misuse in 2021.  It all comes down to this:  Just because somebody has posted a picture or a video on the Internet (such as You Tube), does that give the legal right for some other entity to take that very same thing and replicate using either AI or ML?  For example, if a company posts a video about a new product that is going to come to market, can somebody else take that, replicate the video making use of Deepfake technology for their own nefarious purposes?  In other words, does the term “public domain” translate into the legal right to use without explicit and written consent?  The real issue that is going to come about here in 2021 is how far will the copy right laws that are established in the United States go in terms of protecting and enforcing the tenets of Data Privacy?  This is going to be one that will be fought in the courts, and perhaps not so much on the Cybersecurity Landscape.  Once this has been evaluated the next big question is how can the GDPR and the CCPA (as well as the new Data Privacy laws that are coming out) be modified in order to reflect the intersection of copyrights and Data Privacy?

My Thoughts On This

The bottom line is that Data Privacy is going to be a much more complex issue in 2021 than ever before.  It is simply is not going to mean anymore merely keeping your database locked up tight, it will be much more than that, especially as new laws/regulations and technology quickly start to evolve.  It can truly be overwhelming to a company to put their heads around all of this.

Probably the best piece of advice that can be offered (IMHO) is to simply take things step by step, and one day at a time, and to make sure that you always come into compliance with what is relevant to your business today. 

Remember also that there a lot of Cybersecurity companies out there that specialize in handing just these very issues, so as a business owner, it could very well worth your time and effort to get a free audit done by them.