UK Government must uphold data privacy values

UK Government must uphold data privacy values
(Image credit: Altalex)

The message of the UK’s new Integrated Review of Security, Defence, Development and Foreign Policy is that data and a regulatory standard will be pivotal to a comprehensive cyber strategy that is able to sufficiently detect, disrupt and deter adversaries. However, with the increased emphasis on data, complacency when it comes to data protection is not an option.

Establishing cybersecurity standards and safe software development principles, exercising zero trust across entire systems and ensuring that every security protocol is implemented and enforced to avoid any blind spots in perimeter defenses, should be an integral part of the UK’s new cyber strategy.

About the author

Adam Enterkin is Global Head of Sales and SVP BlackBerry.

The cyber landscape is vast and advancing at an unprecedented rate and a prevention-first ‘whole-of-cyber’ approach will be essential if the UK is to build a resilient and prosperous digital UK. With this new approach an effective communications strategy will be critical. Like many modern day, security conscious businesses, the UK Government must establish a protocol and secure platform to communicate, cooperate and react decisively to any incident, event or emergency situation will be instrumental.

Security + privacy = trust

The Government must start by listening to the people’s concerns around data privacy. The 2020 Consumer Privacy Survey from Cisco found that 60% of survey participants are actively concerned about how their data is being protected, as they work, learn, and even visit the doctor remotely, using video streaming and cloud applications.

The recent Protecting Data Privacy During the Pandemic and Beyond report from Cisco sought to identify the top concerns that people have regarding personal data during the pandemic. Nearly a third (31%) worry that their data will be used for unrelated purposes. Almost a quarter (24%) have suspicions that their data will not be deleted or anonymized when it is no longer needed for its original purpose.

The Cisco report illustrates why transparency around the use of collected personal data is crucial, not just in private organizations but in the public sphere too. It is a telling statistic that just under half of those surveyed do not feel they can adequately protect their own data. The top reason given among 79% of respondents is that they don’t have adequate insight into what is being done with their data. It is difficult - if not impossible - to establish trust when there is no transparency between a government and its citizens.

Respecting privacy and protecting personal data

One of the greatest legacies any modern organization or government can have is that they protect and respect the personal data of their customers. It should be a constant focus – not just in the frame when a new legislation arises or poor data privacy enters the media spotlight once again. If organizations truly believe in protecting customer data, they will continually explore and invest in high-tech products and services with privacy embedded by design.

From there, data privacy strategy should be founded on four simple tenets. Employees of every company can learn to uphold these data protection values:

Know what makes data personal

The definition of personal data is broad and applies to any information relating to an identified or identifiable natural person. It’s nearly impossible to protect personal data without knowing what it is.

Start with why

There must be a clear and lawful business purpose for collecting personal data. If you can’t credibly answer the “why”, don’t collect it. Also, just because you may be able to access personal data, doesn’t mean you can use it for any purpose. The use of personal data needs to be limited to the original purpose for which it was collected - this is a fundamental pillar of creating and maintaining trust.

If you collect it, protect it

If you collect personal data, it is imperative to ensure that appropriate security controls are implemented to keep it safe from inappropriate or unauthorized access. 

Security ≠ privacy

While it’s possible to have security without privacy, it’s impossible to have privacy without security. Privacy is about the ethical and responsible handling of personal data. This is why security is an integral part of ensuring that transparency of privacy practices can be achieved.

All employees in the public and private sectors can play a role in protecting and respecting the privacy of customers, citizens, prospects, partners, and visitors and identifying practices that don’t support this important mission. On an individual level, the simple (yet effective) message to convey to employees is a familiar one to us all: “if you see something, say something.”

We all have a responsibility to protect data and ensure privacy. We are all in this pandemic together, but those that demonstrate responsible and transparent practices in the handling and protection of customer, citizen, partner, and employee data have the ability to inspire much-needed trust.

Adam Enterkin is Global Head of Sales and SVP BlackBerry.