Data Privacy and Security: Bridging the Gap
Posted January 28, 2016
Facilitating shared intelligence in an increasingly strict data privacy landscape.
Happy Data Privacy Day!
Coordinated by the National Cyber Security Alliance, this is held every year to raise awareness and empower businesses and individuals to better protect their privacy. However, with data breaches hitting the headlines with increased regularity and EU reforms promising wide-reaching and global implications, this falls at a time when data privacy is already front and center of the news agenda.
In our post-breached world, data privacy is more important than ever. It’s crucial that users feel they can trust the businesses they transact with to keep their data safe. The onus is on organizations to ensure their data privacy and security strategies are as robust as possible.
Data protection is currently a popular topic in fraud and security departments worldwide. The European Commission is aiming to strengthen and simplify current data protection laws with the reformed General Data Protection Regulation (GDPR). The regulation is more comprehensive in its scope and covers all businesses that hold or process personal data in the EU- having implications for businesses the world over.
Organizations far and wide are being forced to prioritize data protection. This is increasing the burden on already stretched operational resources.
At the same time, the cyber-landscape is looking increasingly sinister. For example ThreatMetrix recently reported a 80% year-on-year rise in fraud attacks in their recent Cybercrime Report. Organized crime rings leverage the latest tactics and fraud exploits to perpetrate attacks on businesses across the globe. Following high-profile data breaches, sensitive identity information can easily be bought and sold on the dark web. Businesses are under more pressure than ever to protect customer data while ensuring that they are detecting fraudsters using stolen and spoofed identities.
The Data Protection vs. Security Paradox
In the realm of IT security, it is ironic that technologies and solutions which are designed purely to keep data safe and secure can be perceived to be at odds with data protection laws. By far the most effective way to deliver many security solutions is “as-a-service”. However, sharing sensitive and personally identifiable data over “the cloud” can make privacy experts extremely nervous.
With fines of up to 4% of global revenues for non-compliance of the GDPR, businesses are understandably becoming increasingly risk averse. Rather than adopting the best-in-class solutions that security teams are asking for, they instead look to old-school on-premise or in-house solutions. It may be more cumbersome and time-consuming, but it feels safer. The question remains; is there a better solution? One that can leverage global shared intelligence to detect and prevent fraud without breaching data privacy?
Business must be able to transact quickly and securely online, and to distinguish fraudulent behavior from trusted user behavior in real-time. The only effective way to do this is for businesses across the globe to share real-time intelligence on fraud and cyberthreats- yet privacy needs to be addressed before this approach can be truly embraced.
Anonymized Global Shared Intelligence
This is where the concept of anonymized global shared intelligence comes in. In the ThreatMetrix solution, for example, we are able to analyze millions of daily consumer interactions including logins, payments and new account applications without even touching any personal data.
ThreatMetrix builds a unique digital identity for every user by analyzing the myriad of connections between devices, identity information, behavior and threat intelligence.
However, our cloud-based solution anonymizes personal information such as name and email address, meaning businesses can make connections between devices and transactions without sharing this PII.
When a new organization joins The Digital Identity Network data remains theirs. The only data that ThreatMetrix handles is anonymous and encrypted, and the encryption key remains firmly in the hands of our customers. We employ secure one-way salt-hashing before storing this encrypted data in order to prevent reverse engineering, and then this is stored in local data centers in America, Asia or Europe.
In short, to leverage the latest and greatest in technology innovations- in order to meet business critical objectives such as transacting quickly and securely with digital customers- it is crucial that organizations remain in full control of their consumers’ data. By working with third parties that adopt an anonymized approach to handling personal data, organizations can effectively bridge the gap between security and privacy.