The Safe Harbor ruling certainly introduced a wrench into the typical enterprise's data security strategy, as it essentially dissolved a long-standing agreement between the U.S. and EU in regard to data transferring and privacy. However, good news quickly followed as the EU announced a new data-sharing deal with the U.S. that is currently in the works and expected to be finalized in only a few months. In the meantime, American organizations should double down on data security with encryption and implement new data protection strategies.
"German privacy regulators will start investigating EU-to-U.S. data transfers."
According to The Hill, German "privacy regulators" will start investigating EU-to-U.S. data transfers, and first up on their list is Facebook and Google, as those two tech companies have headquarters in Germany. Following those data security audits, German officials will move onto other organizations in their campaign for tighter data privacy standards. The goal, the source reported, is for Germany to discover the validity of other data security policies and regulations, besides Safe Harbor, specifically investigating how well Binding Corporate Rules protect data from being accessed without authorization.
Enterprises with third-party partners, clients or customers in EU should be worried about Germany's investigation for a few reasons.
The liability of a breach
For starters, American organizations can look at what recently happened to U.K. broadband provider TalkTalk. The Guardian contributor Rik Ferguson reported that the company was hacked in a targeted attack, and the cybercriminals responsible for launching the offensive stole a large amount of consumer data, including names, addresses, credit card details, banking data, TalkTalk account information, email addresses and phone numbers. Furthermore, the author noted that "not all of the data was encrypted," and at this point, it is uncertain whether any information was obfuscated with cryptographic methods at all.
Ferguson explained that TalkTalk could be held responsible for the data breach if the company didn't take actions or implement systems that defend against cyberattacks. This depends on what information was encrypted, but it still stands to reason that TalkTalk could be liable for the loss of consumer data and a violation of personal privacy in the event that hackers infiltrated its network through a known vulnerability.
A chance to lose business
German officials plan to weed out organizations that fail to adequately protect consumer data, and while it would certainly be better to identify cybersecurity flaws during an audit than after a data breach, American enterprises could have their businesses grind to a halt. If German privacy regulators discover any poor security practices at U.S.-based firm, it is likely that all of the EU will put a stop to all overseas data transfers that are affiliated with that company.
Not only would organizations be held liable and possibly sued, but they will be unable to interact with a massive EU market.
The solution
American enterprises need to ensure that their data is encrypted or obfuscated at all times - in transit, at rest and in applications. This is the only way to prevent prosecution in the event of a data breach, and in many cases, encrypting sensitive information can mitigate the amount of data that hackers have access to.
CloudMask is a data-centric cybersecurity solution that ensures data is secure in all its forms, thanks to its certified cryptographic engine and its ability to keep users in control of their own encryption keys.
With CloudMask, only your authorized parties can decrypt and see your data. Not hackers with your valid password, Not Cloud Providers, Not Government Agencies, and Not even CloudMask can see your protected data. Twenty-six government cybersecurity agencies around the world back these claims.
Watch our video and demo at www.vimeo.com/cloudmask
