Thursday, October 11, 2018

Why the user will know before the next security breach

Why the user will know before the next security breach

Companies must inform those affected in less than 72 hours

   In the same week there was a significant security breach in Uber two years ago and the fact that Google was still geolocating all Android users even if they did not have the GPS position activated. Two incidents that place the protection of user data on the target again. Does privacy have the days counted?

In 2010 Mark Zuckerberg declared that the era of privacy was over. Almost eight years after that controversial phrase, experts say that we live in the data economy, which has become the new oil, the basis with which companies do their business.

    And although it is true that there is a different way to regulate the protection of personal data in the United States and Europe, on both sides of the Atlantic controversy and controversy have generated two known news in the same week: the hacking of the accounts of all users of Uber and the fact that Google continued to know the position of Android users, even with the GPS sensor off the terminals.

In the case of Uber, one of the controversies is that the incident was known two years after it happened. The seriousness, here, is that you can filter the personal data of those who have been users of this service and that this may cause other security problems in other websites and applications.

In the case of Google, the company voluntarily collected geolocation data from people without their consent. "The amount of information that these data offer is problematic, not only because they can make traceability of all your movements, but because they can cross that data with all the information that Google has for each person, such as search histories and other information" , explains Marcos Judel, lawyer and partner of Audens.

Was Zuckerberg right when he asked us to say goodbye to privacy? "It is very difficult to define what privacy is, but everyone knows when it has been affected," explains Marcos Judel, lawyer and partner at Audens.

New directive in 2018
Precisely for this reason, the European Union has legislated what is known as the General Data Protection Regulation, which will come into force on May 25, 2018 in the 28 countries that make up the Union. "The aim is to raise awareness about data protection and user rights," explains this expert.

Obviously, security breaches will continue to exist because complete security and 100% does not exist. In addition, we must bear in mind that "hackers want precisely to exploit security systems and access them."

What changes then with the entry into force of this regulation? That the companies that suffer a security incident of this type have 72 hours to communicate it, both to the competent data protection authority and to the users whose information may have been compromised as a result of this incident. "Not only do you have to comply with the security measures imposed by the regulation, but you have to show that they are true," explains Marcos Judel. In other words, this lawyer believes that cases of abandonment will be avoided and the user will be put at the center of all developments and policies.

Thus, companies must report what measures they have adopted to try to avoid this type of attack and the solutions that will be applied to mitigate the effects of this security breach. "The fines are ponderable, not fixed, and the competent authority decides," says the lawyer and expert.

In terms of situations like those carried out by Google this week, the new regulation also aims to prevent the terms and conditions of agreement that we accept from being so long and cumbersome. «One of the main bases that it imposes is the consent of the people. It is necessary to clearly inform what type of data is going to be collected and for what purpose and what use, "explains Judel. In addition, this information will have to be transparent and the applications and services should be as restrictive as possible by default. "The user will then be able to open and decide how much of the public they want their profile and information to be," says the expert.

No comments:

Post a Comment