By: Madeline Drafall
DOI: 10.57912/27292638
Data leaks have become an unfortunate reality of modern society. Many major companies have suffered from massive cyberattacks, data leaks, and security breaches, compromising the private information of millions of people. As recently as August, another massive data leak occurred where National Public Data had 2.9 billion records stolen from them. Among these leaked records were names, addresses, Social Security numbers, and relatives dating back decades. In an age of constant security breaches, how can our rights and data be adequately protected?
A majority of the public is aware of the risks data leaks pose and the constant data collection that occurs. According to the Pew Research Center, six in ten Americans believe it is not possible to go through day-to-day life without having data collected. Companies collect our data to learn more about its customers, create targeted marketing campaigns, improve decision-making, and conduct long-term analysis. This data is then stored–often in the cloud–and protected so it can be used when needed while also keeping sensitive information secure. The data we trust companies with is supposed to be under their protection.
What is Data Protection
Firstly, it's essential to understand what data protection entails. Data protection is the process of safeguarding data from corruption, compromise, or loss as well as providing the capability to restore the data to a functional state should something happen to it. There are three categories of data protection: privacy rights, data security, and traditional data protection which consists of storing and archiving data.
Data Protection focuses on securing any information that can identify an individual, including names, birthdays, photos, emails, phone numbers, and more. This protection is closely tied to the right to privacy, a fundamental right essential for exercising other human rights. Under U.S. constitutional law, the right to privacy falls under the 4th amendment, which provides a basis for the right to data protection. Under international law, the UN Human Rights Council Resolution 42/15reaffirms the human right to privacy in the digital age.
Data Leak Causes
So, if data protection is acknowledged as a human right and a United States Constitutional right, why are data leaks so common? There are three primary reasons behind leaks: cloud misconfiguration, ransomware attacks, and exploitation of vendor systems.
Cloud storage commonly used by corporations like Apple and Microsoft, is often a target for hackers. Cloud misconfiguration is when companies unintentionally misuse the cloud, exposing sensitive data by allowing excessive access, having unrestricted ports, or using unsecured backups. Cloud servers also store an enormous amount of data, making them a gold mine for hackers. For example, if Amazon is hacked, the hacker not only has the Amazon account information but also the information of the companies that use or are associated with Amazon.
Ransomware is when a hacker “locks up” data by encoding it and requires a “key” for the data to be released, a key that the hacker can give if the ransom is paid. While technically the data has not left the computer in this case, hackers are able to copy your data and may keep and sell it even after the ransom is paid.
Vendor systems pose another risk for data protection. Many companies rely on vendor systems for software updates, technical maintenance, and other services. Unfortunately, attackers can exploit these systems to gain direct access to sensitive data.
What can be done?
The most straightforward answer to countering data breaches and cyber-attacks is to improve security, which even a simple Google search could suggest. In fact, you may get the names of several companies that could help mitigate this issue. However, another crucial step is implementing comprehensive data security policies, procedures, and technologies that comply with privacy laws like the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA). These measures would ensure stronger protections for sensitive data.
There is also the importance of public awareness and company accountability. Many people do not fully understand data protection and privacy issues and instead accept these risks as part of life in the digital age. Raising awareness of data protection rights is essential for motivating change. The more people who understand that data protection is a fundamental human and civil right, the more that can be done to safeguard it. For example, Facebook (Meta) is notorious for disregarding data protection and privacy which has caused legal trouble for the company both in the United States and abroad. Establishing more safeguards and holding major companies accountable is crucial for maintaining data protection rights. We trust these companies to keep our information safe and secure, and it is our legal right to have our data kept safe. Data protection is a human and civil right, and this growing issue must be addressed as technology becomes more advanced.
Comments