Picture this: you head into your office on Monday morning, turn on your computer and begin to reply to emails. You see an email from your internet provider, alerting you that someone has accessed your company data from a foreign country over the weekend. None of your employees have been overseas in the last month, and you realize that the unthinkable has happened: your business has been hacked and your customer’s information has been stolen.
Safeguarding your critical assets and systems is important for every organization—especially for school districts, where student and staff data is particularly sensitive. Unfortunately, the sensitive nature of school data is one of the core reasons that districts are regularly targeted by cyber-criminals.
In our most recent article, we explored the ways on which blockchain can be utilized to prevent potential cyber-fraud and decrease the probability for breaches. As a decentralized, user-controlled electronic ledger, blockchain is constructed on a foundation of offering advanced security and trust. By employing cryptography, blockchain transactions and trading are recorded publicly, linked and time-stamped to the previous block.
As technology becomes more advanced, organizations must adapt their strategies to protect and organize their most critical assets. At present, the way in which we understand how the Internet works is based on HTTP, or hypertext transfer protocol.
France’s Data Protection Authority (Commission Nationale de l’Informatique et des Libertés), also known as CNIL, recently fined Google LLC a 50 million euro fine for violating restrictions under the General Data Protection Regulation (GDPR) laws.
The fine, which amounts to roughly 56.8 million U.S. dollars, is the largest GDPR fine to be issued by a European regulatory agency since the directive came into effect. It is also the first time one of the giants in the technology realm was fined for failing to comply with GDPR decrees.
After being investigated by the CNIL for months, Google was ultimately fined for providing inadequate information, lacking transparency and lacking valid consent in regards to personalizing ads to users. The ruling is a result of complaints lodged by two advocacy groups last May, shortly after GDPR was officially put into practice.
According to CNIL, Google failed to communicate its data consent policies to users in an open and transparent, resulting in an overall lack of control for users over how their information is used by the company. These violations, which have not yet been resolved by Google, must be altered to contain an explicit process that allows users to “opt in” and share their personal data. This way, users can decide whether or not they give Google their “genuine consent” to collect their information.
While this is not the first fine related to GDPR, it is the largest—though it could’ve been even more significant. In fact, the maximum fine under GDPR law allows for a fine of up to four percent of a company’s annual global turnover. For Google, which made close to 34 billion U.S. dollars last quarter, the maximum fine could have been closer to billions of dollars if the offense was considered more serious.
In response to CNIL’s penalization, a Google representative said they are “deeply committed [to complying with] high standards of transparency and control” that its users expect.
After studying CNIL’s report, however, Google announced on Jan. 20 that the company will appeal the fine. In an article by Agence France-Presse (AFP), Google claimed they have “worked hard to create a GDPR consent process…that is as transparent and straightforward as possible,” and are therefore “concerned about the impact of this ruling on publishers, original content creators and tech companies in Europe and beyond.”
For cyber security experts and web users alike, this violation represents the need for greater social responsibility from tech companies, especially pertaining to the protection of personal information.
Being clear and upfront about user data is an essential component of reliable business practices, and Google should focus on rectifying the issues raised by CNIL instead of deferring the fine.
At this time, CNIL does not believe Google is respecting GDPR’s regulations. Google has also been accused of “deceptive practices” in its location tracking by seven different European countries.
As the facts of the latest major data breach were revealed—this time, affecting some 500 million customers at the Marriott International-owned Starwood hotel chain—cyber security experts contemplated how the rupture could have been avoided.
The sheer volume of data leaked in the latest large-scale breach is a major cause for concern.
Are you monitoring your data and security program on an ongoing basis?
The holidays are not only the time for giving and receiving; for hackers and cyber criminals, it’s also the perfect time for taking.