I was just asked this by a friend, so I thought I’d write the answer.
Well first off I’m a practical person, so I always assume more has been exposed than is initially reported, just because I know it takes time to investigate with confidence. Many of these breaches have big windows where the vulnerability had a long timeline before realisation.
But importantly it’s the secondary use for harm that individuals need to be aware of. If you have recently interacted with a brand you are far more likely to open attachments or follow links in emails. I can see it now, ‘Thank you for registering with us, you have been specially selected to be a trial tester for our latest cosmetic range, just pay the postage of $2 and we’ll send you the testing rage worth $100’ Of course, it’s not $2 but probably $100 taken from your credit card (always just below amounts that would trigger banking transaction AI suspicion) and individuals spend weeks trying to reclaim the money. The organisation also in the mind of the individual is lessened or even blamed, consciously or sub-consciously.
This leads on to why organisations need to care about how individuals data is used, what care is taken of it and who it’s shared with. There are many reports being published currently explaining the positive return on investment implementing good data protection and privacy practices has. They range in focus but the general message is this: If you respect your customers and their rights, this leads on to implementing good data practices, knowing where you hold information, being able to audit how you received it, on what basis you are holding it and how long you can keep it. Knowing how you can use it and very importantly with whom you share it.
Having siloed pots of…
Mandatory Privacy-Breach Reporting Coming to B.C. Public Sector
As of February 1, 2023, public bodies in British Columbia (B.C.) will be required to repor…