Need for Data Protection in Cyberspace

Across the globe, there are new regulations are taking effect that pertain to collection, usage, retention, disclosure and personal information disposal. However, at the same time, the rate of data breaches, cybercrime and unauthorized use of personal data is increasing exponentially.

It is becoming more essential for institutions and organisations that handle personally identifiable information, health information or financial information to increasingly understand the rights of organisations and individuals with respect to personal and confidential information[1].

Due to the rampant increase in cyber-attacks and breaches of data, the European Union enforced the General Protection Regulation (GDPR). The GDPR was set to bring transformations in protection and data security policies for major companies operating across the globe. This is in a show of the increasing need for data protection in cyberspace and, as such, forms the basis for our discussion. The article will provide an overview of cyberspace and the need for data protection in this environment.

Understanding Data Protection in Cyberspace

The process of state of protecting and recovering networks, programs, computer systems and devices from cyber-attacks and data breaches is known as cyber security. The cyber-attacks have become increasingly sophisticated and have evolved in terms of the danger to sensitive data from ranging from personal data to organization data.[2]

The cyber attackers have come up with new ways powered by artificial intelligence and social engineering that help them in circumventing traditional security measures. With the increasing reliance on technology across the globe combined with continued reliance on internet and computer systems, there is an increase in threats of cybercrime.[3] Nation states and organisations are beginning to recognize that data protection in cyberspace is a major challenge because of its complexity in terms of politics and increasingly distributed attack surfaces.

Why Data Protection Is Essential

The need for data protection in cyberspace is on the rise. What is more significant is that society and generations are becoming more dependent on technology, and the trend is showing no signs of slowing. Personal data that could lead to identity theft is currently posted everywhere to the public in the different social media accounts.[4] A compelling case study from Documo highlights how easily sensitive information can be compromised, even when basic security measures are in place. This real-world example underscores the urgent need for robust cybersecurity protocols to safeguard personal and corporate data. Sensitive and confidential information such as credit card information, social security numbers and details on bank accounts are currently stored in cloud storage services such as Google Drive and Dropbox. Whether it’s a small business or multinational organisation or an individual, computer systems are relied on almost daily [5].

With the increase in the use of cloud services, smartphones, internet and poor cloud security, there are additional cyber security threats which were nonexistent in the previous decade. GDPR set up by the European Union increased the reputation for data breaches where it forced all the organisations that operate in EU nations to communicate data breaches, anonymize data for privacy, create a data protection office and require user consent to process information. Furthermore, in countries such as the United States, there are additional laws overseeing data breach disclosures.[6]

Rise in Cyber attacks

However, even with the regulations that have been put forward, cyber-attacks have been on the rise. Information is one of the fastest growing and most expensive forms of cyber-attack. It has been largely attributed the increase in the exposure of identity information to the internet through the cloud services. However, identity information is not the only target for cybercrime; industrial controls used for the management of power grids and other infrastructure in organisations can be destroyed, manipulated or disrupted.[7]

Furthermore, the cyber attackers may be interested in damaging the reputation of an organisation. The cyber attackers are becoming more equipped, transforming their target[8]. They have come up with distinct ways of impacting organisations through different ways of attacking various security systems. Other factors that have contributed to the rise in cybercrime include an increase in profitability in using the dark web, proliferation of mobile devices, ability off the cyber attackers to attack targets that are out of their jurisdiction, making policing extremely challenging and the distribution nature of the internet.[9]

The cyber-attacks and data breaches can damage an individual or an organisation in different ways. Failure to have measures for data protection in the cyber space can have an adverse impact on both an individual and organisation. The theft of intellectual property, trade disruptions, corporate information, and repair of damaged systems are some of the economic costs that may impact an organisation that fails to adhere to cyber security measures. Organizations may also be exposed to the loss of consumer trust, poor media coverage and loss of current and future consumers, which are reputational costs[10]. Besides, individuals, too, can suffer from a bad reputation arising from identity theft. Furthermore, there are regulatory costs which organisations may incur having experiencing cybercrimes. GDPR and other regulatory authorities may impose fines and sanctions because of cyber-attacks.

Conclusion

Without a doubt that all organisations, whether small, medium or large, should ensure that they employees understand the threats or the need for protection in the cyberspace and help in mitigating their risks. Organisations ought to include better training frameworks to work with that aim at reducing the risk of data breaches and data leaks.

The nature of cyber-attacks makes it difficult to understand the direct and indirect costs of data breaches. This creates the need for even better data security measures.[11] The aim of data protection not only involves the protection of personal data but also encompasses the protection of the fundamental freedoms and rights of people concerning data. When protecting personal data, there is a possibility of ensuring that the rights and freedoms of people are not being violated.

In addition, failing to comply with the data protection laws would lead to circumstances where it enables the cyber attackers to extract money and other valuable items from personal accounts[12]. They would also cause life-threatening situations by the manipulation of confidential health information. Data protection measures play a vital role in ensuring fair and consumer-friendly business and provision of services.

For instance, data protection ensures that personal data cannot be sold freely, which gives people better control over the offers they make and who can create offers for them.[13] It is important that one ensures the data they are using is secure by knowing the data being processed and why it is processed and the grounds for processing. It is essential to know the security or protection measures in place.[14]

References

[1] Gandy Junior OH, “ Consumer protection in cyberspace. Triple: Communication, Capitalism & Critique”, available at https://www.triple-c.at/index.php/tripleC/article/view/267.

[2] Weiser P, Scheider S, “A civilized cyberspace for geoprivacy. In Proceedings of the 1st ACM SIGSPATIAL international workshop on privacy in geographic information collection and analysis”, 2014 Nov 4 (pp. 1-8).

[3] Ibid.

[4] Supra note 2.

[5] Jemilohun B Oz, Akomolede TI, “ Regulations or Legislation for Data protection in Nigeria? A call for a clear
legislative framework”, available at http://www.eajournals.org/wp-content/uploads/Regulations-or-Legislation- for- Data-Protection-in-Nigeria.pdf

[6] Ibid.

[7] Supra note 1.

[8] Weiser P, Scheider S, “A civilized cyberspace for geoprivacy. In Proceedings of the 1st ACM SIGSPATIAL international workshop on privacy in geographic information collection and analysis”, 2014 Nov 4 (pp. 1-8).

[9] Dalal, Peter, “Data protection law in India: The TRIPS perspective”, available at https://www.semanticschol ar.org/paper/Data-Protection-Law-in-India%3A-The-TRIPS-Perspective Dalal/cf4c3e6d97b7053491ebfbcb5 186b4c8bddcb837.

[10] Ibid.

[11] Supra note 5.

[12] Cate Fred, “The EU data protection directive, information privacy, and the public interest”. Iowa L. Rev… 1994; 80:431, available at https://www.repository.law.indiana.edu/cgi/viewcontent.cgi?article=1647&context=facpub.

[13] Supra note 8.

[14] Supra note 9.

Author Details: Prachi Shah (LL.M., The George Washington University Law School)