A breach of (public) trust?

A breach of (public) trust?

Two massive political fallouts—one European, one Asian—show that the tolerance for data mishandling is zero. And when GDPR arrives, the repercussions will be financial as well.

This week, the Swedish government barely managed to survive one its most serious challenges. A vote of no confidence was mounted against three ministers by the opposition that—in normal situations—would’ve triggered snap elections and the government stepping down. But instead the Social Democratic government punted and did a cabinet reshuffle with two ministers exiting their jobs and the defence minister in peril. What was the trigger? Data sloppiness. The Swedish Transport Agency had given a contract to IBM to handle its data needs into the cloud, including all its citizens’ personal details as well witness protection programme individuals, undercover operatives military vehicles, transport infrastructure data and other highly classified material. While movement to the cloud is a normal, modern process that many large organisations are staging, IBM, however, exposed that data to outsource developers in Czech and Serbia, ones without security clearances nor robust security measures. The transport minister at the time, Maria Ågren, didn’t help matters by sidestepping laws meant to give oversight and security protection (she has since paid a fine).

Lastly, Like many scandals, the cover up was as bad as the mistake.  It happened in 2015 yet it only came to light now with the Prime Minister, Stefan Löfven, only coming to know of it in early January.

Meanwhile, in Pakistan, another data breach took its toll, this time the Prime Minister of Pakistan, Nawaz Sharif, was forced to resign because of the incriminating information the Panama Papers—the 11.5 million documents from law firm Mosseka Fonseca—revealed. Many a high level citizen has been leveled by the data that was leaked online (the Prime Minister of Iceland resigned in indignity) and now Pakistan’s head of state can be said to be a victim.

What both examples have in common is data security and compliance where poor cybersecurity and authentication regimes can be exploited. They also both share the human firewall as the weakest chain. But that’s exactly where the coming GDPR stringency and demand for data security professionals will have a massive impact. Come next year, as the fines start hitting the news and creating the change in behaviour the law intends, such data breaches will be far less. But rest assured, that will only come with large investment in cyber infrastructure and the psychological shift to make it a success.