Securely sharing personal data in an information connected age


In his 2015 address to the Black Hat conference, Facebook’s Alex Stamos suggested that humanity is only 2-3% into the era known as the Information Age. If he is correct, and many people think he is, then it is difficult to envisage any facet of our lives that will not be completely transformed by information.

The opportunities for improvements in our quality of life, and the sustainability and growth of our economies are truly exhilarating. Technology is profoundly altering the fields of research, energy, education, Government, healthcare, law enforcement, retail, manufacturing, travel, logistics and finance. The way that we currently live will seem as alien to our grandchildren as the lives of people living two or three centuries ago now appear alien to us.

The fuel that feeds the engine of transformation is, of course, data. Much of it is personal data. The nature of personal data itself has been transformed. Whereas in the past it was mainly a static dataset concerning full names, birth dates and national insurance numbers, now it is highly dynamic, and is increasingly ubiquitous, painting a much richer picture of the human being it describes.

Personal data now includes details of our web browsing histories, locations, movements, purchases, conversations, medical ailments, physical exercise, dietary preferences and leisure activities. This information is accessible from anywhere on any device that is connected to the Internet. Increasingly our personal data is much more sensitive, involving our very identities and even our genetic make-up.

But there’s a problem. Whilst ours is an age of information it is also an age of profound cyber insecurity. We are creating a hyper-connected economy in which we are, quite literally, connecting everything to everything and the platform by which we are doing so, the Internet, is unassured.

Barely a week goes by without news headlines being dominated by the latest data breach. In the week of writing this post, TalkTalk, Marks and Spencer and British Gas have all admitted data breaches, with varying degrees of damage to their businesses, either as a result of accident or attack.

Some analysts cite this combination of personal data growth and cyber insecurity as pointing towards the end of privacy. As though we are all due to live our lives in complete transparency, with few secrets if any, perhaps not even our own DNA.

Few people, if any, are entirely comfortable with this concept. Whilst most of us are prepared to trade personal information about location in return for rewards from Starbucks, not all of us enjoy the prospect of our life insurer having access to our genetic constitution.

It’s increasingly apparent that not all personal data is the same. Wherever we choose to set our personal privacy scroll bar (if only there was such a thing) there will always be some data that we choose not to share. The need to share information securely will endure. The confidentiality of data will remain important, as will a requirement for integrity and availability.

The challenge for policy makers is that when it comes to data protection there are relatively few levers available other than legislation. Getting it wrong – as we saw with the demise of Safe Harbour – can be costly and causes confusion. Over-regulation – as many fear the proposed EU Directives on Data Protection will create – also threatens to stifle innovation and apply the brakes to growth.

The responsibility for secure data sharing will therefore remain with individual businesses and consumers. Our levels of corporate resilience and personal privacy will depend upon our willingness to understand the choices on offer to us. As businesses that means identifying cyber security as a competitive differentiator and investing in it. As consumers it will require a better understanding of the privacy choices that we make every day of our lives, either consciously or unwittingly, or acquiescing and being given those levels of privacy afforded by the default settings of those technologies we consume.

Whatever the future holds for the secure sharing of personal data, we will all have to become more comfortable with the trade-offs between privacy and security versus the benefits of sharing and transparency. If we are to achieve this balance, a better legal understanding of what constitutes personal data and what is little more than human telemetry would be a good place to start.

David Carroll, Managing Director, XQ Digital Resilience
For details on how MDS Technologies can help keep your data secure, please email sales@mds.gb.net or call on 01225816280.