With the world becoming increasingly connected to the internet, incidents of theft or accidental leaks have become common. Each country has adopted its own laws and guidelines in case of leaks or theft of sensitive personal information online.

Recent cases like the one involving several companies such as Netflix, LinkedIn, Last.fm and others in 2017, where a file was found that brought together more than 1,4 billion pieces of information of users organized alphabetically and frequently updated by hackers.

These events raise concerns and questions about the role of companies and the government in the proper management of this information, and whether these laws and practices are effective. Experts and business leaders pointed out the main challenges and possible solutions to the problem on the website. TechRepublicAnd you can check out the notes below!

Constant conflicts

Rina Shainski, president and co-founder of Duality Technologies, says the main challenge is the constant conflict between the public and private sectors.

“This constant concern has grown significantly in the context of the pandemic, with increased data sharing between organizations being necessary to advance research on Covid-19, how the disease is transmitted, and the correlations between severe symptoms and the genome, as well as other demographic patterns, and the effectiveness of vaccines and treatments,” he said.

One particularly complicated aspect of this issue is facilitating the international transfer of data. The European Union had already signed an agreement with the United States to regulate transatlantic data transfers.

The “Privacy Shield” was revoked in 2020 after a successful legal battle, where the Court of Justice of the European Union published a verdict determining that the treaty between the two countries was suspended due to claims of data breaches by the US and regulatory agencies.

The Schreams II case, as it became known after activist and lawyer Max Schrems won the dispute over his claims against Facebook in 2013.

Shainski predicts that more countries and US states will adopt their own privacy regulations, leading to a more dynamic data protection landscape. However, she stressed that this could lead to an even greater challenge for companies that handle the international flow of data in their operations, especially multinational organizations.

“Another example of this conflict between the public and private sectors is in the financial services industry, where institutions face rigorous pressure regarding data regulation. Such restrictions make it difficult for these companies to act effectively against money laundering or fraud,” she said.

Disagreements

Ralph Nickl, founder of Canopy Data Breach, a responsive data breach software company, pointed out another problem: “Organizations face significant challenges in determining whether a breach has occurred. This is due to the stipulations for what classifies as a breach versus an incident based on law, location, and industry.”

“For example, in Florida, a breach is only considered to have occurred when 500 people are affected; Washington is the only state where personal identities are protected against breach by law; while in Washington DC, basic personal information is also considered and must be reported if compromised,” he continued.

Nickl added that data privacy regulations continue to emerge, with each country differing on its requirements, and complying with highly divided regulations will be a huge challenge for the teams responsible for acting on this type of violation.

According to him, organizations should adopt solutions that not only identify compromised sensitive information, but can also easily translate that data into a coherent list of affected individuals, reporting them based on data protection laws that are relevant to each party.

Blockchain

Shainski adds that "it would be very helpful for businesses if executives focused on taking responsibility for overseeing and implementing privacy policies." According to her, through a privacy specialist, companies can determine the number of instances in which data should be protected, as well as gain commercial value from enhanced customer data protection.

Torsten Staab, an engineering specialist at Raytheon Intelligence & Space and CEO of Raytheon Blackbird Technologies Inc., suggests that companies should invest in technologies such as blockchain, a type of database that contains information stored and distributed in blocks in chronological order.

"From a technological standpoint, blockchain serves as a type of secure ledger, and it works very well for implementing advanced forms of data access and preservation," he said.