Across the globe, there are new regulations that are taking effect that pertain to collection, usage, retention, disclosure and personal information disposal. However, at the same time, the rate of data breaches, cybercrime and unauthorized use of personal data is increasing exponentially. It is becoming more essential for institutions and organisations that handle the personally identifiable information, health information or financial information to increasingly understand the rights of organisations and individuals with respect to personal and confidential information. Due to the rampant increase in cyber-attacks and breach of data, the European Union enforced the Global Protection Regulation (GDPR). The GDPR was set to bring transformations in protection and data security policies for major companies operating across the globe. This is in a show of the increasing need of data protection in the cyberspace and as such forms the basis for our discussion. The article will be providing an overview of cyberspace and the need for data protection in this environment.
Understanding Data Protection in Cyberspace
The process of state of protecting and recovering networks, programs, computer systems and devices from cyber-attacks and data breaches is known as cyber security. The cyber-attacks have become increasingly sophisticated and have evolved in terms of the danger to sensitive data from ranging from personal data to organization data.The cyber attackers have come up with new ways powered by artificial intelligence and social engineering that help them in circumventing the traditional security measures. With the increasing reliance on technology across the globe combined with continued reliance on internet and computer systems, there is increase in threats of cybercrime. Nation states and organisations are beginning to recognize the data protection in cyber space s being a major challenge because of its complexity in terms of politics and increasingly distributed attack surface.
Why Data Protection Is Essential
The need for data protection in cyberspace is on the rise. What is more significant is that the society and generations are becoming more dependent on technology and the trend is showing no signs of slowing. Personal data that could lead t identity theft is currently posted everywhere to the public in the different social media accounts. Sensitive and confidential information such as credit card information, social security numbers and details on bank accounts are currently stored in cloud storage services such as Google drive and drop box. Whether it’s a small business or multinational organisation or an individual, there is reliance on computer systems almost on a daily basis.
With the increase in use of cloud services, smartphones, internet and poor cloud security there are additional cyber security threats which were nonexistent in the previous decade .GDPR set up by the European Union, increase the reputation for data breaches where it forced all the organisations that operate in EU nations to communicate data breaches, anonymize data for private, creation of a data protection office and require the user consents to process information. Furthermore. in countries such as United States, there are additional laws oversee the data breach disclosures.
Rise in Cyber attacks
However, even with the regulations that have been put forward, cyber-attack has been on the rise, Information is one of the fastest growing and most expensive form of cyber-attack. It has been largely attributed the increase in the exposure of identity information to the internet through the cloud services. However, identity information is not the only target for cybercrime, industrial controls used for management of power grids and other infrastructure in organisations can be destroyed, manipulated or disrupted.
Furthermore, the cyber attackers may be interested in damaging the reputation of an organisation. The cyber attackers are becoming more equipped, transforming their target. They have come up with distinct ways of impacting organisations through different ways of attacking various security systems. Other factors that have contributed the rise in cybercrime include increase in profitability in using the dark web, proliferation of mobile devices, ability off the cyber attackers to attack targets that are out of their jurisdiction making policing extremely challenging and the distribution nature of the internet.
The cyber-attacks and data breaches can damage an individual or an organisation in different ways. Failure to have measures for data protection in the cyber space can have adverse impact on both an individual and organisation the theft of intellectual property, trade disruptions, corporate information, repaired of damaged systems are some of the economic costs that may impact an organisation that fails to adhere to cyber security measures. Organizations may also be exposed to the loss of consumer trust, poor media coverage and loss of current and future consumers which are reputational costs. Besides, individuals too can suffer from bad reputation arising from identity theft. Furthermore, there are regulatory costs which organisations may incur having experienced cybercrimes. GDPR and other regulatory authorities may impose fines and sanctions because of cyber-attacks.
Without a doubt that all organisations whether small, medium or large should ensure that they employees understand the threats or the need to for protection in the cyberspace and help in mitigating their risks. The organisations ought to include better training frameworks to work with that aim at reducing the risk of data breaches and data leaks. The nature of cyber-attacks makes it difficult to understand the direct and indirect costs of the data breaches. This creates the need for even better data security measures. The aim of data protection not only involves protection personal data but also encompass protection of the fundamental freedoms and rights of people concerning data. When protecting personal data there is a possibility of ensuring that the rights and freedoms of people are not being violated. In addition, failing to comply with the data protection laws would lead to sheer circumstances where it enables the cyber attackers to extract money and other valuable items from personal accounts. They would also cause life threatening situations by manipulation of confidential health information. Data protection measures play a vital role in ensuring fair and consumer friendly business and provision of services. For instance, data protection ensures that personal data cannot be sold freely which makes persons have a better control over the offers the make and who can create offers for them. It is important that one ensures data they are using is secure by knowing the data being processed and why it is processed and the grounds for processing. It is essential to know the security or protection measures in place.
legislative framework”, available at http://www.eajournals.org/wp-content/uploads/Regulations-or-Legislation- for- Data-Protection-in-Nigeria.pdf  Ibid.  Supra note 1.  Weiser P, Scheider S, “A civilized cyberspace for geoprivacy. InProceedings of the 1st ACM SIGSPATIAL international workshop on privacy in geographic information collection and analysis”, 2014 Nov 4 (pp. 1-8).  Dalal, Peter, “Data protection law in India: The TRIPS perspective”, available at https://www.semanticschol ar.org/paper/Data-Protection-Law-in-India%3A-The-TRIPS-Perspective Dalal/cf4c3e6d97b7053491ebfbcb5 186b4c8bddcb837.  Ibid.  Supra note 5.  Cate Fred, “The EU data protection directive, information privacy, and the public interest”. Iowa L. Rev… 1994; 80:431, available at https://www.repository.law.indiana.edu/cgi/viewcontent.cgi?article=1647&context=facpub.  Supra note 8.  Supra note 9.
Author Details: Prachi Shah (LL.M., The George Washington University Law School)