In his address to Senetas shareholders at this year’s AGM, Senetas Chairman, Francis Galbally, looked forward to exciting times for the company as it broadens its high-speed data encryption product portfolio to include virtualised encryption and secure, Cloud-based collaboration with data sovereignty control.
The expansion of Senetas’ product portfolio comes at a time when the face of data protection within all organisations is changing. The emergence of new data protection regulations around the world places a new emphasis on doing what is right for a wide range of stakeholders.
2018 will see some major legislative changes. Australia’s data breach notification laws come into effect in February and the new EU General Data Protection Regulation follows shortly afterwards, in May 2018.
A lot has been written about the GDPR already, so we won’t go into detail about what it is and how it will affect your business, except to say every business should be familiar with its provisions. Security experts consider the GDPR to be the gold standard for regulating data protection. If you want more information, you should visit the GDPR website.
Mr Galbally emphasised two points; that the responsibility for data protection no longer sits solely within the IT department and that directors’ and executives’ responsibilities are not only governed by data privacy regulations.
New privacy regulations make it clear that the onus is on senior executives and board members to ensure that data is secure. However, there are a broader set of regulations governing the ethical and operational behaviour of organisations and their executives. These also place an emphasis on individual behaviour and introduce new liabilities and penalties.
If the past five years have taught us anything, it is that the high-speed data networks we have come to rely upon are not secure. The Gemalto Breach Level Index reveals that over 9 billion data records have been lost or stolen since the beginning of 2013 and that only 4% of these breaches were “secure” – i.e. where the data was encrypted.
In his address, Mr Galbally recognises the impact this lack of due diligence will have under the new regulations, “board members will be accountable if data is lost, or stolen, and was not encrypted. The question ‘why was it not encrypted’ will be asked more and more”, he said.
Mr Galbally went on to state that failure to encrypt data goes beyond a lack of diligence, to negligence; “Not to ensure that data is encrypted is, in my view, negligence and a breach of a director’s duty to the company and the shareholders”.
Failure to act diligently, as Mr Galbally commented, not only risks breaches of privacy, but has the potential to do catastrophic harm to an organisation’s value; through a loss of intellectual property, trust or brand equity. The stakeholders affected then include shareholders, employees and even suppliers, who we can expect to pursue directors and executives for their negligence.
With stricter legislation just around the corner, it is only a matter of time before a court reaches the same conclusion. Mr Galbally’s message is clear. To all directors and executives of companies that hold sensitive, private or valuable information; make sure your data is protected with high-assurance encryption products or risk the wrath of your stakeholders, and the law.
For more on the portfolio of encryption solutions available from Senetas, visit the product pages on our site.