Freedom to walk our digital streets in safety

Another day, another news story about a corporate data breach. Most organisations want to do the right thing, but when we hear these stories there is often a twist where if only they’d done this or not done that then the impact on their customers wouldn’t be so serious. Is our personal data as safe with organisations as we can reasonably make it? No, it isn’t. Because of hard work across generations and lots of societal factors, violent crime in the western world is steadily falling - and most UK streets are incredibly safe to walk on - but the harm to people around misuse and theft of their personal data is rising and rising.

What do we, BCS, want? Our aim should be that people don’t have to worry about their personal data. People should be as safe walking our digital streets as they are our physical ones. That doesn’t mean zero harm, it means minimal risk. It also means minimising the impact. For example, it is crazy that someone knowing our name, address, date of birth and mother’s maiden name should represent a risk to us of anything other than a birthday card.

It’s not much fun for organisations either. The business of most organisations is not personal data, but personal data is intimately involved in most businesses. What that means is that on a day to day basis the number one priority for leaders in those organisations is to be successful at what they do. Every day where data risks dominate their attention is a day not spent doing more valuable things. We need organisations to be trusted and trustworthy custodians of our personal data; they simply must do what is necessary to protect us. The simpler and easier it is for them to do that, the better. We want them to get on with their main job without putting us at risk, and it could be a lot easier than it is now.

So today is a very bad day for TalkTalk and their customers - and tomorrow or next week will be a bad day for another organisation and another set of customers. We’re currently in a world where falsification of accounts is relatively rare and often ends in criminal prosecution, while data breaches are very common and not much seems to change. When it comes to personal data, it’s like we’ve got an Enron scandal every other week.

Perhaps the most frustrating element of all of this is that technology, methods and processes exist that could dramatically reduce both risk and impact of breaches. The question is why we don’t make use of them. There are some simple reasons and some more complex. The simple reasons are that there aren’t enough people who know how to do things better, and we have for too long designed systems without basic protections. Encryption, tokenisation, many different technologies that have been around forever should be used as a matter of routine, and as we get more advanced in our methods they should be routinely adopted.

The more complex reason is that the ecosystem around personal data is dysfunctional, and unless we change that the problems will continue to spiral - perhaps until a massive data breach and severe personal harm isn’t national news, it’s just another day at the office. That’s not an acceptable future, and we all need to get together to make sure that’s not the world we create.

There are no comments on this item

Leave Comment

Post a comment

About the author

Thoughts on membership, the profession, and the occasional pseudo-random topic from the BCS Policy and Community Director.

See all posts by David Evans

Search this blog

October 2017
M
T
W
T
F
S
S
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31