In one of the largest fines handed out to date, Marriott International Hotels was ordered to pay 110.3M Euros to the ICO in the UK after a hack of its systems exposed sensitive personal information including credit card details, passport numbers, as well as dates of birth belonging to over 300 million clients of which 30 million were EU residents. Although the GDPR contains no explicit fine associated with not implementing encryption, encryption may protect organizations from fines related to data breach. While the cost of losing business secrets is harder to quantify - and may be immeasurably large, even fatal to a business - financial penalties for customer data breaches can be estimated. For example, the banking industry’s Payment Card Industry Data Security Standard (PCI DSS) requires businesses accepting card payments to use certain TLS (Transport Layer Security) cryptographic handshake protocols for data in transit. The Information Commissioner’s Office (ICO) advises its use when storing or transmitting personal data and certain sector-specific regulations go further and actually require encryption. It’s listed within Article 32 of the GDPR as an appropriate technical and organizational measure to ensure data security, depending on the nature and risks of your processing activities. IT pros are all too aware that their data is vulnerable to attack and that encryption is one of the best security and data protection tools available. Businesses encrypt data for a number of reasons: to protect corporate secrets, to safeguard customers’ personal information to comply with regulations, and to maintain customer trust and goodwill.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |