November 20, 2015
Cyber-attacks on governments, corporations, and individuals have steadily risen since 2013, when they first became more than internet scams to rob gullible and vulnerable individuals of their money. It’s ushered in a new age of cyber security for everybody.
We have all heard of the various schemes that are commonly used. Within the past few years, however, cyber-attacks on government departments and multinational corporations have led to new data security laws and practices the world over. Most of them are still to protect the individual, because larger attacks on governments and multinational corporations require collaboration and partnerships. These are a bit more difficult to hammer out, although the UN has just begun some work in this area.
The Purpose of Data Security Laws
In an effort to protect its citizens from cyber security breaches of their personal data, most Western nations now have laws that strictly regulate how organization and entities, both public and private are to protect personal information of clients and customers.
Unfortunately, much of this legislation is rather piecemeal, designed and adopted only after a major breach has occurred, rather than overall cyber security environment. In general, however, laws provide for criminal prosecution and fines in the following circumstances:
- Collection of personal data without the individual’s knowledge and consent.
- Sale or transfer of any personal data by an entity to another entity without that person’s consent
- Failure of any entity to abide by its own privacy policies.
- For data collected by an entity, there must be a specific and stated purpose
- Individuals have the right to review the information that any entity has regarding them.
- Information should be deleted once it is no longer needed
- Exception to these “rules” are provided law enforcement
The UK has “The Data Protection Act” which provides all of the privacy protections that the U.S. provides through its laws, and includes what personal information can be used by any entity, individual access to that information, and methods by which individuals can files complaints.
The Personal Information Protection Act provides for the very same protections and rights as the U.S. and U.K. Laws.
Other Countries with Strong Personal Data Protection Legislations include Germany, France, Switzerland, Austria, Italy, Spain, and Portugal.
Countries with very weak protection laws include Latin America, Africa, India, Russia and China, along with a host of other developing and totalitarian nations.
The Necessity for Partnerships
To really protect personal data on a global level, governments and multinational entities will need to have far more cooperation than they currently have. While there is some voluntary sharing of information during times of breaches, (Sony, 2015), this is, after all, only voluntary. And pursuing international cyber criminals is often hampered by the failure of governments in developing and/or unfriendly nations to cooperate.
When Privacy and Governments Collide
The other key issue in personal data security has been the issue of governments being exempt from the laws that have been put in place for other entities. In totalitarian nations, collection and maintenance of personal data is common and unquestioned by their citizenry.
In democracies, however, the issue is highly controversial. Data collection began in earnest following the 9/11 attacks on the U.S. and resulted in U.S. government wiretapping without a warrant (this was always required before). Then, when Edward Snowden revealed just how broad the wiretapping activities were in the U.S., along with the cooperation of all major telecommunications corporations, thing heated up indeed. Citizens in other democratic nations began to ask how much of their personal data was begin collected, for what purpose, and for how long was it being held. And as other Western nations began to experience terrorist attacks as well, the issue became an even larger one.
Right now, the issue of government collection and metadata is a hot one in Germany, where the lower house of the legislature has already voted to allow metadata retention for up to 10 weeks. It is likely that this legislation will also pass the upper house. The implications of the law are clear: German Internet and phone providers will be required to retain information regarding use of phones, including calls, text messages, and detail about downloads, emails or browsing the Internet. While this retention does not include wiretapping per se, it does create a digital footprint on all citizens – therefore, lots of citizen outcry.
Other countries are following suit, including Canada and Australia (and the U.S. of course), and critics worry that, with so many people handling this information, mishandling it is a strong possibility.
Did you like this article?
Get more delivered to your inbox just like it!