3 Types of Data Breaches (you need to know)
If there is one dominant theme which defines corporate life during the early years of this century it is data. Not so long ago, data was something which was gathered for governmental, scientific or medical research, and not by companies whether large or small.
Yet the digitisation of our lives has radically altered this. Data is being gathered and stored in ways and amounts which were unthinkable thirty years’ ago: from smartphones to photocopiers, PCs to laptops, cloud-based systems to on-premise servers, and not to mention the many ways in which data can be shared.
While all this data helps to run our companies with great productivity, it also comes with great responsibility. Failure to understand your duty concerning the storing, and ultimately the destruction of data has become a serious offence.
First American Financial Corp, one of the largest title insurers in the US, was sued by a client who claims that the company’s lax security measures put him at risk of identity theft, along with millions of others whose personal information could be accessed through its website.
Treating this data with its due respect prompted authorities in Europe to usher in GDPR and during its first year, 206,326 cases were reported across the 31 countries in the European Economic Area. Furthermore, a total of €56m in fines have been levied at those found in breach.
As for the worse offenders, the Netherlands with 15,400 data breaches tops the list, Germany is in second with 12,600, while the UK is in third place with 10,000 breaches.
Managing data has always been a part of the IT lifecycle. However, with the advent of GDPR, data breaches mean, not only a possible loss of corporate reputation and financial loss, but hefty fines too. Therefore, it’s essential to have robust processes in place to manage your data and mitigate against the associated risks.
GDPR defines three types of data breaches – it’s vital to be aware of them.
When data breaches are reported in the media, they are usually the preserve of large corporations who have leaked millions of personal records and are now facing serious legal action. While such stories grab the headlines, data breaches can – and do – affect companies of any size that hold other people’s data.
To ensure that you are not subject to a data breach, it’s important to understand what one actually is. In general, GDPR is concerned with data breaches governing personal data which reveals ‘A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to, personal data transmitted, stored, or otherwise processed.
In other words, any information which is clearly about a person and may include their ID number, online identifier, location data, or specific information relating to the physical, physiological, genetic, mental, economic, cultural or social identity, of that person.
According to GDPR, there are three types of data breaches:
- Confidentiality breach
A breach of confidentiality is when data or private information is disclosed to a third party without the data owner’s consent. Whether an intentional breach, accidental error or theft, the data owner is entitled to take legal action for potential losses or damage that comes as a result of the breach of confidentiality.
- Integrity breach
This is when there is an unauthorised or accidental alteration of personal data. For example, hackers could target a company database in order to erase files or disrupt processes.
- Availability breach
This occurs when there is an accidental or unauthorised loss of access to, or destruction of, personal data.
While these three categories are enshrined in GDPR legislation, they are often known as the CIA triad, and are the building blocks of information security. Understanding such threats is the first step in their prevention.
GDPR and data management is a process which will be with us for the foreseeable future.
According to Gartner Research, the average lifespan of a desktop PC is 43 months, and 36 months for mobile PCs. The consequence of this is that every three to five years, you will, not only be replacing such computers, but have to manage the data and assets too.
With this in mind, it’s vital to develop an ongoing strategy when disposing of your IT assets. This will ensure that your old assets are disposed of in line with data regulations and help to prevent against certain types of data breaches.
A certified and professional ITAD strategy incorporated into your IT Asset Management process will typically achieve a 30% cost savings in the first year, and at least 5% cost savings in each of the following five years.
Lastly, you must ensure that your strategy keeps apace with technology. GDPR is not like the Millennium bug, it cannot be ‘solved’ by adapting certain processes and then forgotten about. Instead it’s an ongoing approach to data which, as more and more data is produced every day, will become embedded in all your IT processes.