Predictions for Data and Privacy in 2021 – What The Experts Say

  • In the spirit of Data Protection Day, TechRound has collected predictions for Data and Privacy in 2021 from industry experts.
  • As Richard Meeus puts it “Data Privacy Day is vital to continually raise awareness of the responsibility organisations have to protect the customer data they hold”.
  • Many highlight the importance of doing right by consumer privacy. 

 

Over the past year, the IT security industry has grown massively, especially because people are now working from home. But, in 2021, will security pros turn their attention elsewhere?

Data Protection Day reminds people of the most important responsibility of any organisation, and that is keeping all data safe and secure. Today, people are more aware of and concerned with how their personal information is collected, used and shared. In some cases, people are stopping business with a company if it can give away their data without permission.

This Data Protection Day, we spoke to 38 industry experts to understand what we can expect for the coming year.

 

Our Panel of Experts:

  • Richard Meeus – Director of Security Technology and Strategy EMEA at Akamai Technologies
  • Chris Harris – Technical Director EMEA at Thales
  • Gal Ringel – CEO at Mine
  • Safi Raza – Director of Cybersecurity at Fusion Risk Management
  • Cindy Provin – Senior Vice President and General Manager of Data Protection at Entrust
  • Jamie McCann – Founder of VuePay
  • Tony Pepper – CEO of Egress
  • Joseph Carson – Chief Security Scientist at Thycotic
  • Ed Williams – EMEA Director of SpiderLabs at Trustwave
  • Adam Brady – Director, Systems Engineering, EMEA, at Illumio
  • Paul Dant – Vice President – Product Management at Digital.ai
  • Mike Wood – CMO at Versa Networks
  • Chris Strand – Chief Compliance Officer at IntSights
  • Sanjiv Cherian – Head of Business Development at A&O IT Group
  • Ross Nicol – VP EMEA of Zefr 
  • Calum Smeaton – CEO of TVSquared
  • Phil Acton – Country Manager, UK & BeNeFrance at Adform 
  • Nick Flood – Global Commercial Operations Director of Future Plc
  • Dominic Satur – VP of Business Development EU at Flashtalking
  • Filippo Gramigna – Strategic Advisor at Audiencerate
  • Jürgen Galler – CEO and Co-Founder of 1plusX
  • Pablo Dopico – Head of Brand & Agencies EMEA at VidMob
  • Amy Yeung – General Counsel & Chief Privacy Officer, Lotame
  • Dr. Chris Whittle – Founder of Q Doctor
  • Florian Malecki – International Product Marketing Senior Director at StorageCraft
  • Anurag Kahol – CTO and co-founder at Bitglass
  • Tim Bandos – CISO, VP Managed Security Services at Digital Guardian
  • Samantha Humphries – Senior Security Strategist at Exabeam
  • Jay Ryerse – VP of Cybersecurity Initiatives at ConnectWise
  • Stephen Roostan – VP EMEA at Kenna Security
  • Caroline Seymour – VP Product Marketing at Zerto
  • Simon Spring – Senior Account Director, EMEA at WhereScape
  • Thomas Cartlidge – Head of Threat Intelligence at Six Degrees
  • Terry Storrar – Managing Director at Leaseweb UK
  • Rishi Lodhia – Managing Director EMEA, Eagle Eye Networks
  • Animesh Chowdhury – Founder and CTO at Goodtill
  • Tom Gaffney – Principal Security Consultant at F-Secure
  • Ritam Gandhi – Founder and Director of Studio Graphene
  • Kaveh Cope-Lahooti – Senior Data Protection Consultant at Gemserv

 

 

For any questions, comments or features, please contact us directly.

 

techround

 

 

Richard Meeus – Director of Security Technology and Strategy EMEA at Akamai Technologies

 

Richard Meeus

 

“Data Privacy Day is vital to continually raise awareness of the responsibility organisations have to protect the customer data they hold and highlight the ever-growing threats of criminal hacking groups who will continue to search for ways to harvest data. With GDPR fines continually being delivered and heavy class-action suits for data breaches, in addition to the world becoming more digitally connected as a result of the pandemic, there’s never been more opportunity for hackers and more consequences for businesses.

As such, organisations can’t just focus on their own security anymore, but must ensure their third-party suppliers that connect to their network are secure too. To address this, organisations should evaluate their contacts and suppliers, especially the mechanisms granting access to systems from third parties, and frequently assess their detection and mitigation methods. So whilst the battle to protect data will remain, Data Privacy Day should be a reminder to organisations to continue the fight against criminals by regularly evaluating, analysing and updating their cybersecurity strategies.”

 

Chris Harris – Technical Director EMEA at Thales

 

Chris Harris

 

“At a time when regulators are clamping down with larger fines and attempts to put control back in the hands of citizens, Data Privacy Day is a crucial reminder for organisations to take security seriously or face the consequences. This year is even more crucial with Covid-19 driving the world online and almost every industry being forced to roll out their own digital transformation strategies to keep up with changing demands and ways of operating.

This has led to more data being produced at a time when it is at its most vulnerable with employees potentially accessing sensitive information from unsecure devices outside the company network because of new remote working policies. As companies do everything they can to get through this pandemic and start to look ahead, they mustn’t leave the back door open to hackers and ensure they protect their sensitive data at source through encryption and access management policies.”

 

 

 

For any questions, comments or features, please contact us directly.

 

techround

 

Gal Ringel – CEO at Mine

gal-ringel

Every year, consumers around the world provide their private information to a multitude of companies across the internet as part of their day-to-day life. On average, 350 companies hold our data at any given time. Since COVID-19 came into our lives, that number increased by 55% as we all moved online; some might say it even was the most digital year ever since the internet was invented.

Many companies who didn’t have a digital presence now moved their services online to stay relevant for their consumers. This was especially true in retail. Since the pandemic, we saw a 67% increase in signups to online shopping websites with a growth of 200% in registrations to smaller/ long-tail services.

Unfortunately, these services often don’t have the right security measures in place to keep themselves and their customers’ data safe from data breaches, which could lead to increased digital risks and breaches. In 2021 we anticipate that this phenomenon of sharing personal information will increase significantly as more and more people move their lives to the internet, which will result in a massive increase in data breaches and the number of digital risks.  A clear example of this is that in the months following the Cyber ​​Monday and Black Friday shopping holidays, the personal data of 1 out of 5 people are stolen from shopping sites. Looking ahead, consumers will be more aware of who they are sharing their private information with and what the associated risks are.

Privacy has become a mainstream concern. Fuelled by an expansion in data regulations globally that provide people with data rights, many consumers now expect to have ownership over their personal data. Consumers will prefer companies that provide them with transparency, easy access, and control over their data. This means that putting data privacy as a priority will become a brand necessity in 2021. Once companies understand and implement this, they will earn a lot of trust and credibility from their customers.

We see a shift in the commitment of companies that want to provide their customers with a better experience. However, many companies still struggle to complete privacy requests and respond to data requests at scale. At Mine, we learned a lot about it as a result of facilitating more than 1,500,000 data subject requests that 130,000 consumers have sent using our service.

To solve this problem, Mine developed a B2B product that helps companies streamline their privacy rights experience so they can focus on what matters most by- their customers. So far, 500 companies have joined the service, and we see this as an upward trend. Data Privacy no longer has to be a pain but can be a business opportunity.

 

 

Safi Raza – Director of Cybersecurity at Fusion Risk Management

 

Safi Raza

 

“Cyber criminals are always ready to seize opportunities to exploit security weaknesses for monetary and disruptive gains and this year will be no different, says Safi. Following the rise of remote working due to COVID-19, we can expect criminals to continue targeting the remote workforce as an entry point to companies and sensitive data – and home network cyber risks will become greater during the year.

In response, CTOs will likely continue exploring avenues to help mitigate this risk spend more time and money on endpoint security and end-user training.

Cybercriminals are money hungry, and ransomware is lucrative. Needless to say, we can expect ransomware threats to increase. Likely ransomware targets will include hospitals and other health and research facilities, as these facilities are responsible for patients’ highly sensitive information, and any disruption can cost lives, valuable treatment time and patient data endangerment.

Criminals are likely to target these organizations because they count on healthcare leaders to pay a ransom instead of gambling with patient health and information.

We will see criminals’ continued faith in the notion that humans are the weakest link, and can expect an uptick in social engineering, believes Safi. However, as more defensive technologies integrate with artificial intelligence, bad actors find it more difficult to compromise network boundaries.

This is where the dangers of deep fakes enter. ‘Deep fakes’, are audio or video recordings that combine existing information and develop it into a new image, video, or audio recording, which can be pooled with existing tactics to cause maximum damage. For example, a criminal can look and sound like the CEO of your company, and easily trick you into approving a large payment.

Lastly, third party risks continue to grow as our reliance on vendors increases and vendor networks grow. The COVID-19 pandemic highlighted the importance of vendor management, and how the failure of one element of a supply chain – whether it’s due to a cyber-attack, pandemic or other reasons – can impair a companies’ ability to continue to service its customers.

Cybercriminals are well aware of the third-party network and will continue to target vendors’ data as a stepping stone to larger partners.”

 

Cindy Provin – Senior Vice President and General Manager of Data Protection at Entrust

 

Cindy-Provin

 

“As digital life accelerates, organizations and end-users alike demand seamless, secure experience—without putting their data, identities and privacy at risk. It is imperative that business leaders ensure that they protect consumer data with strong encryption and high-assurance, cloud-based authentication while educating their customers on data protection best practices.

Entrust offers a comprehensive portfolio of data protection solutions – and the deep crypto security expertise organizations need to minimize threats and enable a foundation of trust for digital life.”

Below is research by Entrust which highlights contradictions in consumer sentiment toward data privacy and security:

77% of consumers are concerned about their data privacy, but few are willing to change habits:

  • UK consumers are willing to trade their personal data for personalisation
  • 63% of consumers are willing to exchange personal information with an app just for some form of personalisation
  • 82% are comfortable with storing personal biometric data – fingerprints or facial scans – with apps and services
  • News stories about attacks and security breaches are leading to increased concern about data privacy for UK consumers
  • 62% said concern / awareness about data privacy has increased over the past 12 months
  • 60% of consumers credit news stories as their top reason for heightened concerns, followed by increases in targeted ads based on their online behaviour (48%)
  • Despite growing concern, UK consumers are not taking the necessary steps to protect their personal information
  • 47% don’t carefully review the T&Cs before downloading a new app
  • Why not? 70% blame the amount of time it takes to read them and 29% said they don’t understandwhat the T&Cs explain

 

 

 

For any questions, comments or features, please contact us directly.

 

techround

 

 

Jamie McCann – Founder of VuePay

 

JAMIE MCCANN

 

“Users are becoming more aware of the ways in which their data is being collected and used. As a result we are seeing more platforms and applications that give users better data control. There are now various search engines and browsers that are selling on this aspect. My belief is that moving forward, as users gain more control over their data they will have more and better opportunities to monetise it.”

 

Tony Pepper – CEO of Egress

 

Tony Pepper - CEO 0f Egress

 

“As technology changed the ways we work, organizations first looked to secure their network layer and then their application layer. 2021 will be the year we secure the human layer. Remote working has amplified insider risk in 2020.

Most organizations rapidly went from centralized office locations that were people’s primary place of work, to their employees being scattered across states and even countries, and operating from dining tables, spare bedrooms and, for the lucky few, home offices.

Overnight, this magnified the risk that each individual poses to sensitive personal and privileged information. At the end of the day, most people are simply trying to do their jobs well and effectively – but we all make mistakes, like sending an email to wrong person or forgetting to redact non-pertinent data from a file.

When the pandemic passes, we won’t return to the old ways of working from single office locations – and securing individuals will remain a top priority for organizations in 2021 and beyond as they support flexible hybrid working between offices and homes for the foreseeable future.”

 

 

 

For any questions, comments or features, please contact us directly.

 

techround

 

 

Joseph Carson – Chief Security Scientist at Thycotic

 

Joseph Carson

 

“Data privacy will, and already is, evolving into a Data Rights Management issue.

Citizens’ privacy will continue to be under the spotlight in 2021. The end of privacy as we know it is closer than you may think. Privacy definitions are very different between nation states and cultures, however, one thing that is common is that privacy is becoming less and less of an option for most citizens.

In public and online, almost everyone is being watched and monitored 24/7 with thousands of cameras using your expressions, fashion, walk, directions, interactions, and speech to determine what you need, what you might be thinking, who you are going to meet, who is nearby, and even algorithms that determine what your next action might be.

Regulations will continue to put pressure on companies to provide adequate cyber security measures and follow the principle of least privilege to protect the data they have been entitled to collect or process.

I believe the big question, when it comes to data privacy, is “How is citizens’ data being used, collected and processed?” Ultimately data privacy will evolve into Data Rights Management which means rather than giving up personal data for so called free use of internet services, citizens should and can get paid for allowing their personal data to be used for marketing purposes.

It will become more about how the personal data will be used, and what monetization is resulting from the data. In the future everyone will become an influencer this difference is how much is it worth.”

 

Ed Williams – EMEA Director of SpiderLabs at Trustwave

 

Ed Williams

 

2020 was an incredibly impactful year for a number of reasons, one of which was data protection/data privacy. When I look at the work we’ve been conducting at Trustwave’s SpiderLabs, I see a specific emphasis on remote working solutions. While many organisations are being proactive with their assurance work, we’re seeing that this isn’t the case for all organisations. 

When it comes to regulations, as we begin 2021, I believe that GDPR will still have an impact in the short term, regardless of Brexit. Coupled with the digital transformation we’re seeing with organisations moving to the cloud, there are plenty of areas for organisations to come un-stuck. Businesses must be sure to remember that the cloud has a ‘shared model of responsibility’, in that both parties must ensure the security and privacy of data.

Moving forward this year, if the strategy for privacy fell under my remit within my organisation, with my penetration test hat on, I’d focus on looking to ensure that appropriate security and privacy training is given to all staff.  Given that many organisations are now working from home potentially using equipment that isn’t specifically work-related, and with threats and vulnerabilities abound, being able to identify these threats is imperative.

 Secondly, I’d focus on the data itself. Data is always valuable to the bad guys and ensuring that data is managed correctly should also be a focus. Having appropriate policy and procedures for data given the recent home working trend should be updated, with appropriate training and technical controls.

To round off, at a high level there are several broad security practices that can help with data privacy and protection however the two I’d prioritise are:  

a.      Enable multi factor authentication on services, especially those that you value, email being a good example of this, and I’d also consider using a password manager. 

b.      Always update software and operating systems to the latest versions available to prevent against the ever-growing threat of ransomware.”

 

 

 

For any questions, comments or features, please contact us directly.

 

techround

 

 

Adam Brady – Director, Systems Engineering, EMEA, at Illumio

 

Adam Brady

 

“With this Thursday being named as a day to recognise data privacy or data protection, it’s a great reminder that data protection should be something that should be a top priority for organisations every single day. And a big part of that should be stopping the spread of breaches to prevent access to PII. 

Ransomware is in the news almost daily, and that’s only going to continue for the foreseeable future. Organisations need to take the more pragmatic approach of assuming breach and consequently maintain an ongoing focus on protecting the data they store. Privacy and consumer data is such a high-value currency that if an attacker knows what they have, they’ll exploit it for every last penny.

For organisations looking to secure PII, micro-segmentation as part of a Zero Trust approach is a critical control. Traditional segmentation of the network is no longer enough to prevent the kind of lateral-movement-based threats we see.

Forward thinking enterprises need to be thinking about visibility, and micro-segmentation – where they can easily isolate high-value applications and environments, prevent lateral movement, enforce granular security policies, and apply the Zero-Trust posture of “never trust, always verify”.

Although we hope measures are already in place, today is a good reminder for organisations to pause, take stock and ensure they are protecting data to the best of their ability.”

 

Paul Dant – Vice President – Product Management at Digital.ai

 

Paul Dant

 

“Companies that require access to our data need to take responsibility and ensure they are putting all the relevant measures in place to secure this data as much as they possibly can. Apps often hold the most amount of data and they are tools everyone around the world uses every single day so we need to start at the beginning of this process and consider how we can ensure data privacy when handling applications.

Any company that requires its customers to use an app needs to implement Agile development methodologies with a DevSecOps model, leading to system security with operational visibility, that can identify and thwart hackers from attacking and disrupting the privacy of the company’s data.

Allowing the entire software development team to have a fully integrated view into the product development lifecycle and allowing them to have the understanding and knowledge of the importance of securing and testing a device will go a long way in helping organisations do their utmost to providing excellent data privacy.

This will ensure the company are on track to achieving their business outcomes because consumer trust is intact and their customers are retained – with the proper security measures in place, the chance of a data breach is less likely and therefore, their data remains secure and private and the integrity of the company itself remains intact.”

 

 

 

For any questions, comments or features, please contact us directly.

 

techround

 

 

Mike Wood – CMO at Versa Networks

 

Mike Wood

 

“We anticipate some drastic changes to the world of work as companies re-evaluate their use of traditional workspaces. With this in mind, organisations that have managed to scrape by on ill-suited and outdated remote working set-upsneed to take the opportunity to adapt their operations with a more long-term strategy. 

To enable a hybrid workforce, security is key, and integrating solutions such as SASE which includes services such as Secure SD-WAN, SWG, ZTNA, and segmentation, will allow the best security practices an organisation can put in place. Investing in and implementing solutions that can ensure privacy of your remote worker’s data is key this year and going forward because who knows how long we’re going to be in a situation where companies are supporting a hybrid workforce.”

 

Chris Strand – Chief Compliance Officer at IntSights

 

Chris Strand

 

“On Data Privacy day there are many perspectives on the protection of data that come to mind. I believe that an important example to focus in on is the rate of change that the world has experienced recently, and how that change has affected the value of data. Recent world events have accelerated the focus, concern, and value of data at all levels.

For example, the recent departure of the UK from the EU means that individuals and businesses alike, need to understand that the EU GDPR no longer applies to the UK.  That said, the Data Protection Act 2018 (DPA 2018) continues to apply for the UK, and it incorporates provisions of the EU GDPR with some adjustments and amendments that apply to the UK only.

For companies dealing with the EU-UK change, there are still many standard best practices to follow in order to protect consumer and personal data for the UK.  There is no need to change these standards under the UK DPA 2018 as the rules that have been put in place for the GDPR will help ensure that companies are complying with data protection.

UK companies should still strive to practice minimal data collection, and only collect the data they need in order to conduct business-as-usual activities.  With the change, now would be a good time for UK companies to revisit their operational policies as they pertain to data use within their business.

A good understanding of the BAUs will enable UK companies to limit the data required to conduct business just as it always has under the umbrella of the GDPR. UK companies may also want to consider a review of their customer consent policies and ensure that they are up to date for any data collection activities that they have in place or intend on modifying.”

 

 

 

For any questions, comments or features, please contact us directly.

 

techround

 

 

Sanjiv Cherian – Head of Business Development at A&O IT Group

 

Sanjiv Cherian

 

“As businesses and their employees have adapted to the need to work from home, for many organisations the question on how to secure their networks and ensure the integrity and protection of their critical information and data is one that many may now believe they have solved through the implementation of a variety of tools and solutions such as SD-WAN, VPNs, 2FA and a myriad of other products.

Yet, there is a threat that many won’t have considered and is, to a degree, slightly out of their hands – IoT and smart devices in the home that are all connected to the same WiFi.

While a connected fridge, for example, may not seem like the most obvious threat to data and an individual’s privacy, these kinds of devices don’t tend to have a high-level of security built in from the outset.

This means that once deployed and installed within a home, they aren’t held to account in the same way our computers and mobile devices are with regular patches and software updates automatically being pushed through.

As a result, these devices are the equivalent of an open backdoor for even the lowest skilled hacker, providing them with the means to get onto the network and stealthily move laterally until they find the data they are seeking and a whole lot more. While some of the onus should be placed on manufacturers of smart devices to ensure security is a priority, it is also important for organisations to make their employees aware of the potential threat to their privacy and data.

If employees are to host everything on the same home network, organisations must enforce stricter security policies and practices to ensure that the business network is sufficiently segmented and protected from threats.”

 

Ross Nicol – VP EMEA of Zefr 

 

Ross Nicol

 

“Conversations around data protection and privacy have gained considerable momentum over the last year, with tougher browser restrictions and consumer concern over the use of their personal data hitting the headlines. Advertisers are therefore re-evaluating how they target consumers online in the long term, ahead of a cookie-less future.

Contextual ad-targeting tools are fast adapting to the more nuanced needs of brands, who are increasingly unsatisfied with the limited engagement traditionally achieved through the use of block lists – despite the brand safety benefits.

Today, there exists a greater understanding about finding a balance between brand safety and data privacy, and maximising reach and ROI. A focus on finding placements that are suitable for ads rather than overzealous constraints on inventory has proven to be a highly effective means of low-risk targeting. 

What’s more, the application of brand suitable targeting technology doesn’t always have to leverage personal data and third-party cookies in order to be effective.

Instead, we are seeing other robust measures emerge, such as additional reviewing processes utilising human cognition and machine learning; allowing for relevant advertising based around content, rather than relying solely on user preferences.”

 

 

 

For any questions, comments or features, please contact us directly.

 

techround

 

 

Calum Smeaton – CEO of TVSquared

 

Calum Smeaton

 

“With viewers watching across different platforms and devices, “TV” is now the convergence of linear and OTT – it’s a digital channel. The information available through smart TVs, subscription services and other platforms also makes the TV industry an important player in the move toward greater protection of personal data. Encompassing linear and streaming, TV is in a unique position to lead the narrative around consumer choice and control, as well as the way data, especially personal information, is managed, processed and accessed.” 

 

Phil Acton – Country Manager, UK & BeNeFrance at Adform 

 

Phil Acton

 

“Chrome’s plan to switch off third-party cookies in the name of user privacy is definitely starting to loom on the horizon with the initial two-year window it suggested meaning sometime towards the end of 2021.

Without a sustainable identity solution to replace the cookie when Google makes the change, large parts of the advertising ecosystem will cease to function as they do today. This year’s Data Privacy Day is a stark reminder that the industry has less than a year to scale a viable solution.

There is a lot of noise around identity, but now is the time to stop talking and take action – we must collaborate to achieve a future-proof solution to the identity crisis.  Consumer-facing parties that can directly collect user consent and create first-party or log-in IDs provide the answer – it cannot be solved by intermediaries who only provide a technology or solution layer.

With log-in IDs a challenge to scale, first-party IDs are the most effective way to utilise identity solutions, while still maintaining user privacy.   

At the end of 2020, the industry took a significant step forward with the announcement of the general availability of a neutral, community-owned, open-source identifier known as SharedID, which provides the first real substitute for the third-party cookie.

Adform’s approach is to be agnostic in terms of working with all IDs, but we are fully supportive of the SharedID as an identifier and were one of the first providers to go live with it. That said, with other viable identity solutions likely to emerge, the industry needs fully flexible technology stacks that enable transactions on all compliant IDs without prejudice to one or the other.”

 

 

 

For any questions, comments or features, please contact us directly.

 

techround

 

 

Nick Flood – Global Commercial Operations Director of Future Plc

 

Nick Flood

 

“Last year the advertising industry saw the GDPR’s second anniversary, witnessed Apple diminish its IDFA, and started to prepare for Google’s impending removal of the third-party cookie from Chrome. Clearly, data protection will, and must, remain a priority in 2021.

As the industry grapples to truly progress and stay ahead of upcoming privacy regulations, publishers and brands must proactively provide clarity and transparency to their readers through a fair value exchange; providing them with relevant, engaging experiences in return for their data. 

Digital publishers must prioritise the diversification of their monetisation strategies and seek alternative ways to support both advertiser and reader needs, such as utilising first-party data, adopting universal IDs or exploring ecommerce and subscription-based content.

Meanwhile, brands striving to deliver tailored and effective campaigns should look to transform their business models by utilising data-driven insights and building strong media partnerships. Only then can publishers and brands help build a sustainable ecosystem with privacy at its core, while giving consumers quality experiences and complete control over their data.”

 

Dominic Satur – VP of Business Development EU at Flashtalking

 

Dominic Satur

 

“Without doubt data privacy is one of the most important conversations happening in digital marketing in Europe right now. Factors including Schrems 2, the GDPR, and the IAB consent framework have kept questions of data usage front and centre for some time now, and they will remain front and centre for some time still.

Ultimately, lawmakers will determine what is and isn’t permissible, but as an industry, and as individual platforms, our job is to go beyond the letter of the law and design our processes around the spirit behind it.  We must balance real consumer privacy concerns with the need for targeted advertising – both to enable content creators to monetize and to enable marketers to deliver tailored experiences. 

Despite a lot of fear and uncertainty within the ad industry over the past few years, I believe that we can indeed find this balance. For example, while some aggressive practices more closely associated with performance marketing might diminish in importance in the privacy-first world, others with perhaps more of a focus on creativity and brand building might flourish in their place. One way or another, marketers and their partners will find a way.”

 

 

 

For any questions, comments or features, please contact us directly.

 

techround

 

 

Filippo Gramigna – Strategic Advisor at Audiencerate

 

Filippo Gramigna

 

“Data Privacy Day 2021 feels more important than ever before, coming amidst a tidal wave of changes around the privacy landscape. Cookies are still expected to be on their way out, but already in 2021 we are seeing changes in the conversation, brought on by several global regulatory investigations into competition concerns.

With the increasing number of privacy committees and guidelines – from the CCPA and NYPA in the US, to the IAB TCF v2 framework in Europe, as well as the DMA, DSA and ePrivacy regulation –  there is a growing need for data players to take a more localised approach to their data assets on a regional or country basis.

By doing this they reduce the increasing risk of non-compliance and maximize the use of data to the extent permitted by the law. 

As the industry adapts to regulations and plans beyond the third party cookie, there will be a growing focus on first party data; brands and publishers can expect evolved solutions  that can help and support them through the data onboarding, modelling, activation and analytics stages, all in one centralised platform.

Of course, the post-cookie landscape is still developing, but being able to utilise tools like these could provide a surefire way to activate and act upon granular data, in addition to the rise of contextual targeting. The demise of the cookie doesn’t mean the end of user targeting, it signals a new opportunity for data activation with privacy at its core.”

 

Jürgen Galler, CEO and Co-Founder of 1plusX

 

Jürgen Galler

 

“The shift from cookie-based targeting reaffirms the industry’s efforts to keep consumers in control over their data, and businesses that prioritize compliance through their offering will be better placed to build trustworthy relationships with their consumers.

Strengthening first-party data strategies and processes will be crucial in a cookieless environment. This includes ensuring transparent mechanisms for user consent are in place and leaning on technologies that can secure the integrity of data collection and sharing through best practice such as anonymization, making sure that different data sets are not merged and are fully traceable by their sources.

Ultimately, consumer data is a vital commercial asset for every organization that operates in the digital space, and safeguarding this asset is not only a necessity from a “good business” perspective but also for supporting a more responsible and accountable approach to digital innovation.”  

 

 

 

For any questions, comments or features, please contact us directly.

 

techround

 

 

 

Pablo Dopico – Head of Brand & Agencies EMEA,VidMob

 

Pablo Dopico

 

“With IDFA now officially opt-in, mobile advertising will be challenged. When users are given the option, most are likely to choose not to be tracked, so creative will have to work a lot harder to connect emotionally with audiences and trigger actions. Even with anonymised data, technology can help us understand which emotions are driving the best performance and react quickly to make sure brands hit the right tone with relevant targeting, while respecting privacy preferences.

In an age of increased data privacy, the hallmark of 2021 will be rapid acceleration of creative measurement technology, as marketers look to optimize ad design to drive ROI gains.” 

 

Amy Yeung – General Counsel & Chief Privacy Officer, Lotame

 

Amy Yeung

 

“Data Privacy Day offers a good time to reflect and rethink. The increased advocacy and education of data privacy worldwide deserves celebration, but, our policies are creating unintended outcomes. The emphasis on consumer consent, while good intentioned and important, neglects to account for the operational aspects of data definitions, collection and combination. This is where we’ve lost the plot as a privacy community. Disclosures don’t change industry behavior nor do they make it easier for consumers. We need more voices in our debate, outside the legal community, and within and across businesses to make real change and do right by consumer privacy.”

 

 

 

For any questions, comments or features, please contact us directly.

 

techround

 

 

Dr. Chris Whittle – Founder of Q Doctor

 

Dr. Chris Whittle

 

“At Q Doctor patient data security and confidentiality is a constant priority for us.

We ensure our systems are robust and are regularly stress tested against potential cyber attacks. We use both internal and external testing with third party penetration testing.My advice to other companies holding data is to continuously stress test your systems and to follow your industry best practice guidelines.

At Q Doctor as well as constant security testing we follow the frameworks, accreditations and toolkits led by the NHS; namely the Data Security and Protection Toolkit and Cyber Essentials Plus, which is an information governance accreditation that we have achieved. It is because of our trusted security processes  that Q Doctor has passed NHS Digital’s stringent assurance process and is now under a national contract, funded for use by GP practices and their Primary Care Networks nationwide.

Our system is recognised as being so secure that it has been selected not only in healthcare situtaions but for local government too. During lockdown Stephen Timms MP’s office selected Q Doctor to host surgeries with constituents as he could be confident the conversations would be 100% confidential between the call participants and the MP’s office.”

 

Florian Malecki – International Product Marketing Senior Director at StorageCraft

 

Florian Malecki

 

“Investing in a ransomware strategy isn’t just a practical decision; it’s an essential one. While insurance can help if the worst happens, what happens to your reputation? What would your clients and prospects think? Rather than become a victim, take proactive measures now, so you never end up being held up by criminals.

The following are steps business leaders should consider to ensure their business has comprehensive ransomware protection.

  1. Ransomware and Security Audit

Any one of dozens of service providers can audit your business. Their services might range from penetration testing to vulnerability risk assessments and more. Look into working with an outside expert that helps you identify vulnerabilities your team might not be aware of. You might have more exposure to risk than you realise.

  1. Data Protection Strategy

If you had your company audited by an outside firm (step one), you should now have a detailed list of security issues you can address. It might be as simple as upgrading to a newer and more sophisticated firewall, spam, antivirus, and backup solutions for many companies. For others, it could instigate a complex process involving a network infrastructure overhaul, new hardware, and more. If you and your team aren’t sure how best to proceed, consider working with an IT managed service provider who can do all the heavy lifting. Companies like these can also offer ongoing support and maintenance for your crucial systems.

  1. Educate End-Users

The most iron-clad software and hardware is of no help if an employee is careless. Part of your strategy should include a plan for helping your users spot and avoid ransomware. Many businesses hold mandatory quarterly security seminars where admins help employees understand various types of cyber-attack.

  1. Backup and Disaster Recovery Plan

Most businesses have data backups, but few have a plan for restoring data should something go wrong. Be sure your team has established recovery objectives. That helps your business determine RTOs (recovery time objectives) that define how quickly systems must go back online if there’s an issue. It also establishes how much data your business can stand to lose if there’s a hardware failure, ransomware, or another issue (RPO or recovery point objectives). These metrics help your team develop a strategy that keeps downtime and data loss costs to a minimum.”

 

 

For any questions, comments or features, please contact us directly.

 

techround

 

 

Anurag Kahol – CTO and co-founder at Bitglass

 

Anurag Kahol

 

“This past year marked a pivotal change in how companies conduct business, with most being forced to rapidly shift to a remote work style of operations due to the global COVID-19 pandemic.

Now that we have begun to see distribution of the vaccine, some may think it’s only a matter of time before “normal” in-office work resumes. However, that is not likely to be the case. Instead, we are going to see a permanent blend of remote and in-office work, as well as mobile employees whose workspaces are constantly changing.

Unfortunately, many organisations lack the ability to achieve the above, and are relying on outdated tools that are designed for predominately on-premises operations and lack the granularity needed today.

To address these challenges, there are a few steps that must be taken. First, organisations must have an accurate inventory of data. This step is critical for adhering to data privacy regulations including GDPR and CCPA, because if companies don’t know the information they have or where it is going, then they cannot properly protect it.

What’s needed is a set of comprehensive activity logs that track all file, user, app, and web activity to reveal everything that is happening with consumers’ data.

Next, companies need to protect access to consumer information as well as the various systems that store it. This can become more challenging for improperly equipped organisations that adopt cloud technologies and other remote work capabilities, as consumer data can then potentially be accessed across numerous applications and on various devices.

To address this problem, organisations can require that employees attempting to access consumer data are authenticated via single sign-on (SSO) as well as multi-factor authentication (MFA). This will aid in ensuring that only legitimate, authorised users can handle consumer information.”

 

Tim Bandos – CISO, VP Managed Security Services at Digital Guardian

 

Tim Bandos

 

“Data is the lifeblood of most modern companies and the long-term negative impact on those who suffer breaches demonstrates just how serious the issue of data loss has become today. And for those of us who are now working from home, the threat level posed by the blurred lines of using personal devices to respond to work emails, or using our work laptop to buy something online, has increased exponentially.

“With such a high volume of data flowing in and out of businesses every day, effective data protection strategies must embrace the following: 1) visibility to all data, all the time; 2) analytics to understand and manage risk; 3) controls to enforce data protection policies and 4) a consolidated view into all threats targeting sensitive data.

“Taking a comprehensive approach while implementing cybersecurity controls is imperative for protection, especially when it comes to sensitive and valuable customer or financial information. Fundamentally, what we’re talking about here is no-compromise data protection for your no-compromise organisation.”

 

 

For any questions, comments or features, please contact us directly.

 

techround

 

 

Samantha Humphries – Senior Security Strategist at Exabeam

 

Samantha Humphries

 

This Data Protection Day, HR and IT teams should collaborate to understand what data their company is monitoring, and why. Transparency is key where data monitoring is concerned, and companies should aim to craft policies that are easily accessible.

Clear, concise and jargon-free communication will be valued by employees, especially if they are provided with an appropriate point of contact for questions. This best practice will pay dividends, as everyone wishes to work with organisations that respect the privacy and security of their customers and employees.

Whilst not all companies are required to comply with data privacy laws like GDPR or CCPA, they should still follow data protection competencies. It is good practice for organisations to question: Is data monitoring lawful and fair? Will it be used for a specific purpose? Are reasonable steps being taken to erase or rectify data? Is data deleted once it is no longer necessary? And is data being appropriately secured?

To maintain effective privacy, organisations should also make sure they continually educate themselves on new policies, practices and laws. This is especially important this year with the added

challenge of remote workforces; privacy due diligence may have fallen to the wayside amid the disruption of the last twelve months. Only by keeping privacy at the top of the agenda can companies confidently reassure employees their data is secure and protected.”

 

Jay Ryerse – VP of Cybersecurity Initiatives at ConnectWise

 

Jay Ryerse

 

“The age of data privacy and security is now. We are continuing to educate colleagues and our customers that data privacy should be built into everything we do. Service providers need to fully immerse themselves into the threat landscape and the best practices associated with securing data. Without cybersecurity, there is no such thing as privacy. This deep dive includes the governance aspect of data protection as well as the technical and physical controls necessary for the confidentiality, integrity, and availability of data.

Consumers and businesses need to start asking the tough questions of their vendors. They need to understand the supply chain for the services they outsource and what those companies are doing to provide the best in class cybersecurity protections. If those vendors don’t believe they are at risk, then it may be time to find a new provider.”

 

 

For any questions, comments or features, please contact us directly.

 

techround

 

 

Stephen Roostan – VP EMEA at Kenna Security

 

Stephen Roostan

 

“There are few organisations that don’t understand the importance of data protection – but when it comes to fighting the tsunami of security alerts thrown at them every day, many security and IT departments are simply overwhelmed. In 2020 alone there were some 18,000 new vulnerabilities published. For overstretched and often under-resourced teams, it’s often a case of too much, too fast, no time.

However, all is not lost. What’s needed is context. For example, of the 18,000 vulnerabilities published last year, less than 500 had exploits out in the wild. And not all vulnerabilities carry the same risk. A vulnerability that carries risk to one organisation could be harmless for another. The impact for every company is akin to a person’s DNA. It’s totally unique.

The answer is to determine what risk tolerance your organisation is prepared to accept and empower IT teams to prioritise fixing the vulnerabilities that pose the most serious risk to their IT environment. It’s impossible to fix every vulnerability – that’d be similar to boiling the ocean.

The trick is to use data science and predictive modelling to understand where to focus your efforts. Accuracy and speed are paramount. Pinpointing the highest priority vulnerabilities and tackling those first will minimise the risk of cyber criminals compromising sensitive and confidential data.”

 

Caroline Seymour – VP Product Marketing at Zerto

 

Caroline Seymour

 

“Data Protection Day this year marks the 40-year anniversary of the 1981 Council of Europe treaty that established the first binding international instrument protecting individuals against abuses around the collection and processing of personal data.

As we move into 2021, the rights this treaty established are more important – and higher up the corporate agenda – than ever before. With the accumulated digital universe of data now upwards of 44 zettabytes – or 40 times more bytes than stars in the observable universe – and growing more than 10 times every year, protection should be the mandatory starting point for any interaction involving data.

For businesses, this means ensuring the right tools are in place to protect and secure personal data from disruption – whether that’s avoiding outages and downtime that could expose data or preventing unauthorised access by third parties.

Take, for example, the recent malware attack on SolarWinds. According to Reuters the attack went undetected for months and left not only the company, but also its Fortune 500 clients’ and a number of national government’s data exposed.

A robust data protection strategy – including continuous availability as well as application and data mobility – Is essential in the digital, data-driven age we now live in. Together, these two critical elements will ensure your organisation can withstand any disruption and keep your data and applications truly protected.

Combine these with a platform based on a foundation of continuous data protection, visibility through analytics and full automation and orchestration, and your organisation will have all the elements required to proactively secure your data and applications.”

 

 

For any questions, comments or features, please contact us directly.

 

techround

 

 

Simon Spring – Senior Account Director, EMEA at WhereScape

 

Simon Spring

 

“When it comes to data protection and complying with regulations, such as GDPR, the only surefire way to protect the integrity of your data assets and customer information is by having total control and visibility of your data. Knowing where your data sits, how it’s being used and who has access to it is fundamental in strengthening your defenses when it comes to protecting one of your most valuable assets.

But where do you start? It has proved a challenge for many security teams, particularly in organisations where manually processing huge amounts of information effectively can be time-intensive, and error-prone. This is why organisations should not overlook the potential of Data Automation as a way of delivering significant value. When it comes to regulatory compliance, it can knock months or even years off your project time and reduce the risk of your organisation being in breach.

Automation software can help an organisation deliver on the key requirements of GDPR whilst also unburdening employees, helping them to do their jobs better, and allowing them to focus on more value-add tasks.

In 2020, we saw unprecedented challenges from a data privacy perspective. There were 331 data breach notifications per day across Europe – a 19% increase on 2019 – with the UK ranking second-highest for the total value of fines for data protection violations. There needs to be a shake up in priorities and how business leaders approach their responsibilities for data security. Automated processing of data could be that change we need to see.”

 

Thomas Cartlidge – Head of Threat Intelligence at Six Degrees

“Stolen data continues to be huge currency for cybercriminals, who leverage it to make money on the Dark Web, extort money from victims, and launch cyber-attacks using stolen credentials. Data Protection Day highlights the critical importance of protecting your data – and the sometimes-extreme lengths cybercriminals will go to in order to steal it from you.

When it comes to the methods cybercriminals employ, phishing emails – malicious emails containing links or documents laden with malware – continue to be a prominent threat. Cybercriminals design them to evade both technical and human defences, and organisations should expect phishing to remain one of the main threat vectors that hackers use to deliver both ransomware and business email compromise (BEC) attacks in 2021.

In order to protect their data, all organisations need to know how to best defend against phishing emails. But how can you adapt? Well, point solutions are all well and good but ‘defence in depth’ can only be achieved by understanding your security posture, aligning it to your risk appetite, continually assessing it for suitability, and equipping your staff with the latest information on threats to create a phishing-savvy workforce. Get it right, and you will significantly reduce the financial, operational and reputational risks you face.”

 

 

For any questions, comments or features, please contact us directly.

 

techround

 

 

Terry Storrar – Managing Director at Leaseweb UK

 

Terry Storrar - Managing Director at Leaseweb UK

 

“Now that Brexit has moved on to the next phase of maturity, I believe we should continue to see more clarity and comfort in terms of how data is managed and protected as it enters, or leaves, the UK. As with any change, it is very important to ensure you’re familiar with new languages and/or terminology that may be used in the EU and UK, to ensure a solid understanding of all implications.

Rather than following one set of GDPR rules, we will certainly have to consider both UK and EU regulations to make sure that contracts reference the correct and most appropriate terms for use. Ultimately it’s in everyone’s interest to ensure that data is protected and can flow freely in order for a business to thrive on an international stage.

The latest transition period provided an opportunity, with improved knowledge of how the future might look, to prepare. It is in nobody’s interest for organisations to be under so much red tape that they find it impossible to trade; in this regard, the upcoming adequacy assessment by the EU in respect of the UK will hopefully mean that change will be minimal and the current best practices that businesses have in place will only need minor tweaks.

The preparation that most businesses put in to prepare for GDPR will have put them on a much sounder footing to ride out these changes, and with some vigilance and continuation of the data protection measures that have been put in place, good businesses will continue to thrive.”

 

 

 

For any questions, comments or features, please contact us directly.

 

techround

 

 

Rishi Lodhia – Managing Director EMEA, Eagle Eye Networks

 

Rishi Lodhia

 

“Protecting sensitive data is a serious business – and those that fall foul of the rules risk not only an eye-watering fine, but reputational damage that might be impossible to recover from.

More than 90 percent of the business applications today are using cloud technology, including email, phone, backup, applications, and increasingly, video surveillance. Although these applications are all different, the common thread that binds them all is the need to protect sensitive data, whether that’s an individual’s PII (personally identifiable information), or an organisation’s IP (intellectual property).

When it comes to cloud-managed video surveillance, confidentiality, integrity, and availability of the networked systems and the data they contain are of utmost importance. But that’s not always easy to achieve as traditionally-built networked video management systems require a significant amount of highly technical configuration to operate as a cyber-secure system. However, today’s purpose-built video surveillance products are made with security pre-configured systems. They’re cyber-secure by design. Still, these systems have to be updated and upgraded, which can be a cumbersome and very manual process. When delivered ‘as a service’ instead, users can be sure that the platform is run by a professional team of experts as up to date as it can possibly be, thereby minimising the risk that sensitive data could be unlawfully accessed or worse, stolen.”

 

Animesh Chowdhury – Founder and CTO at Goodtill

 

Animesh Chowdhury

 

“The last twelve months have been a turning point for digital transformation. Particularly in the hospitality sector, organisations have needed to move fast to maintain continued operations in the face of a constantly changing business environment. For many organisations, this has meant – for the first time – deploying new software tools and platforms to facilitate click and collect, table ordering or online purchases.

For pubs, restaurants and cafes this has proven hugely successful – and not just in terms of keeping businesses afloat during the pandemic. New tools and technologies are laying a foundation for these businesses to leverage data-driven insights into customer behaviour that can drive brand awareness and build customer loyalty in the long term.

This transition will bring innumerable benefits for businesses, but it will also come with new challenges. The value this data holds and the benefits it brings also comes with a responsibility to ensure it is kept safe, protected and its use is compliant with all the relevant data protection regulations.

Managing this data can be a tough job for organisations not already familiar with protecting this kind of information, so selecting a technology partner that can help make this as easy as possible – likely by keeping customer data securely in the cloud – is crucial. Data Protection Day should act as a reminder to businesses that while keeping operational throughout the pandemic is important, customers are trusting you to protect their information with every transaction.

Data protection and compliance is a key part of long term customer loyalty. It can be complicated, but by leveraging the right technology, business owners can rest assured their data is safe and instead focus on offering the very best experience for their customers during this trying time and beyond.”

 

 

For any questions, comments or features, please contact us directly.

 

techround

 

 

Tom Gaffney – Principal Security Consultant at F-Secure

 

Tom Gaffney

“We’ve seen a huge increase in online activity since the pandemic started. Everything from shopping to schooling has migrated online and with it increased the amount of personal data online. It’s something that criminals are certainly capitalising on – stealing passwords, accessing critical accounts and taking over identities. Credit card, identity and cyber-fraud is now the biggest type of crime within the UK, making it the most likely crime the public will fall victim to. But what we find through our research is that whilst consumers are aware of the risks they’re often not doing enough to protect themselves. 

Passwords remain one of the key areas that many consumers aren’t paying enough attention to. The average person has 18 password protected accounts with 4-in-10 people using the same password on multiple accounts and 6-in-10 using the same password with only slight variations. One leaked credential could quickly lead to multiple risks for each user so I can’t emphasize enough the importance of creating, strong, unique passwords across accounts, which should be regularly changed. 

Another mistake we make online is sharing our log ins. We conducted research last year that found 42% of Brits share their streaming services with up to three people, including those outside of their own households such as colleagues and former partners.  The danger here is that your password is in the hands of someone else who may not be following best practice when it comes to data security. So, whilst it may seem like you’re doing a friend a favour, it may result in you being a victim of crime. 

Oversharing on social media also remains a way of exposing yourself. Kids’ names, birthdays, pets, anniversaries and addresses can all be common threads when it comes to passwords and sharing these online can lead to criminals accessing your accounts and data. We should all think twice about what we share and who with. Keeping on top of your privacy settings on social media is also important.  

Currently the UK is sitting on a data fraud ticking time bomb and we really want consumers to be more vigilant with their personal data to avoid falling victim to crime.”

 

Ritam Gandhi – Founder and Director of Studio Graphene

 

Ritam Gandhi

 

“Nowadays, most businesses know that data is a real animating force behind their operations. From recruitment and marketing strategies, to important decision-making about company strategy and growth, data means more to business than just number crunching. That’s why, without adequate protections in place, lost or stolen data can wreak havoc upon organisations large and small, causing significant disruptions to their day-to-day.

Particularly in the current climate, where workforces are dispersed and remote working practices typically leave employees more vulnerable to data breaches and cyber-attacks than usual, ensuring that information doesn’t fall into the wrong hands is imperative. It is therefore a relief that business leaders seem to be taking note, and are mapping out plans to bolster their cybersecurity defences this year.

Recent research commissioned by Studio Graphene has revealed that the majority (67%) of UK businesses are planning to invest more heavily in cybersecurity in the coming 12 months, as a direct result of COVID-19 and the increased reliance on technology while working from home. This is encouraging to see: after all, nobody knows when a cyber-attack might occur, and having this technology in place and at the ready can make all the difference when protecting your organisation.”

 

Kaveh Cope-Lahooti – Senior Data Protection Consultant at Gemserv

 

Kaveh Cope-Lahooti

 

THE ‘WEAPONISATION’ OF SOCIAL MEDIA AND THE DECLINE OF ONLINE TRACKING

“As the coronavirus pandemic has accelerated the prevalence of online political and commercial activity, data protection rights are increasingly being caught up in a storm of social media regulation.  companies are increasingly being asked to take responsibility for information exchanges online.

Particularly with respect to online advertising, we are already seeing big tech companies such as Apple and Facebook using privacy as a weapon to win a PR battle for users’ hearts and minds. This is evidenced in Apple’s introduction of the Identifier for Advertisers (IDFA) that will be available in the next beta software release, which will require consent for software developers to track users across their apps. This will make mobile advertising and access to data streams increasingly difficult not only for Facebook and Google, which draws their revenue from digital advertisements, but also for smaller tech players that rely on such information and tracking. Similarly,Google Chrome phasing out third party cookies by January 2022.

Nevertheless, both large and micro companies will be affected by upcoming regulatory trends. For example, the EU’s draft Digital Services Act proposes to require online platforms to provide detailed information to users any advertisements shown. This is largely a reaction to the Cambridge Analytica political advertising scandal, the wake of which has seen the ICO, several other European national regulators and US FTC issuing fines against Facebook.

Additionally, across the entire advertising ecosystem, increased regulatory scrutiny has been evidenced in the EU’s draft ePrivacy Regulation (which will harmonise strict requirements for cookie consent across the EU) and data protection authorities such as the Belgian regulator challenging the Internet Advertising Bureau’s Transparency & Consent Framework. For online advertising, this will increase the costs associated with digital advertising and make demonstrable compliance that bit harder. In particular, recent cases, such as the European Court of Justice’s Planet 49 decision and the CNIL’s action in the Vectaury case have also demonstrated supervisory authorities’ strict approach to the need for granular consent and transparency both for online advertising and profiling.

As a result, companies operating across the social media sphere will need to remain vigilant of the need for further technical tools for transparency, cookie consent signalling and user preferences to be able to navigate the regulatory quagmire whilst retaining consumer trust.”

 

 

 

For any questions, comments or features, please contact us directly.

 

techround