How safe is our data?

In 2017, The Economist famously highlighted an oft-cited metaphor of Data as the New Oil to describe the growing centrality of data to the global economy (others assert it is not).  More recently, The Economist have re-evaluated and asked whether data is more like oil or sunlight. Whatever the appropriate metaphor, there is little doubt of its ubiquity and importance whether to the world’s leading companies or to governments busy trying to develop their own national data strategies.  It is unclear just how the shifting approaches towards data and data privacy will affect us all as individuals, but there is little doubt of its effects on all of our lives (we return to scenarios in Week 7!).

One of the biggest challenges any organisation faces is maintaining the integrity of its data.  Just this week a large Swedish insurer accidentally shared the data of 1 million of its customers.  Every year, there will be several prominent examples of datasets containing information on hundreds of thousands (or more!) individuals being lost or stolen ranging from the hacking of hundreds of millions (or billions!) or Yahoo users in 2013 to 500 million Sina Weibo data records in March 2020.

How should governments address these and related concerns over data?  We will return to the issue in TP6, but perhaps the prominent example of data governance is the European Union’s General Data Protection Regulation (GDPR).  Many other countries, most notably China and Russia (but also Brazil, South Africa, the Gulf countries, etc) have been developing new cybersecurity strategies, frameworks and legislation although there remain heated debates over the effectiveness, the ends and the motivation of such initiatives.  For some national legislation, the focus is overwhelmingly on fighting cybercrime (defined how!?) whereas in other cases, there is a strong national security element that can also serve the purposes of governing or restricting speech.

Being November 2020, one dimension that has been raised repeatedly is election cybersecurity.  Given hyperbolic concerns raised over the 2016 US presidential election, it is hardly surprising that significant effort has been put into ensuring the integrity of elections.  Looking forward, one idea that has had growing appeal is the idea of electronic voting, which has been used in a range of contexts. Some claim it is the ‘future of voting‘ whereas others describe it as a ‘disaster for democracy‘.  (Thanks to Marek for these links and the original suggestion)

One argument is that we should not be too worried since companies with weaker data security will suffer in terms of damage to their brand, lost customers and so firms will increasingly pay more attention to protecting the security of your data since greater cybersecurity is simply good business and so this is simply a matter for law enforcement.  Others fear that the scale of the datasets and the sensitivity of the information makes this one of the important areas for government to intervene whereas others fear that government regulation will inevitably lead to greater state oversight of every aspect of our daily lives.

  1. How much do you worry about your data and the potential for data breaches?
  2. To what extent is there a need for government intervention? If so, where and how should governments intervene? Is the ‘solution’ a bigger concern than the original problem?