The number of applications which people have accounts with online has grown exponentially in recent years. This is leading to an increased tendency to leave account passwords in wills for friends and relatives.
A study by Goldsmiths at the University of London found that 1 in 10 people are leaving such information behind. This has come from the recognition that people can have their digital identity stolen by hackers if it is left hanging online. Furthermore such accounts are often hit with large amounts of spam.
Matthew Strain, a solicitor told Sky New “With more photos, books, music and so on being stored online and in digital format, the question of what happens to these when people are gone becomes more important everyday.” Such data held in the cloud is collectively worth billions of pounds.
Viviane Reding, the EU justice commissioner stated “the burden of proof should be on controllers – those who process your personal data. They must prove that they need to keep the data, rather than individuals having to prove that collecting their data is not necessary.”
New legislation brought in by the European commission is going to force banks to come clean when they have any form of data loss or loose any data which compromises their customer base.
This was the message delivered in a speech made by Viviane Reding, Vice-President of the European commission. Many believe this has come as a direct result of the rare admission by Citi bank last week that they had suffered a data breach. However in addition to this there has been a stream of recent attacks such as that on Sony which have called out for this new legislation.
A representative of the British Bankers Association commented, “the UK’s banks follow the highest standards of customer protection in their data management” and added that it was “unlikely that such a step would affect the current practices of the UK banks.”
“I understand that some in the banking sector are concerned that a mandatory notification requirement would be a additional administrative burden. However I do believe that an obligation to notify incidents of serious data security breach is entirely proportionate and would enhance consumers’ confidence in data security and oversight mechanisms.” Ms Reding.
Approximately 360,000 Citi customers had their names, email addresses and account numbers exposed to hackers. As well as Citi promising to work closely with their internet security team in order to beef up security measures. The U.S. Federal government is also looking closely at the issue and is seriously considering implementing new measures which will improve online banking security.
Banks will always be a major target for hackers and such incidents will receive much more publicity now. The danger is that many hackers thrive from making a name for themselves and may relish the chance to make headlines. It also will be interesting to note how new legislation will affect other companies in the future, outside of the banking sphere such as web giants Google and Facebook.
A leading EU commissioner has called for member states to look into standardising legislation relating to data protection and security to facilitate the flow of information between businesses and organisations in protecting the private data of European citizens.
Viviane Reding, who champions justice, rights and citizenship at the EU, said that it would be better for all if data protection was governed by a consistent set of rules which resembled and adhered to the same standards as those set out by the EU itself.
Ms. Reding said that many businesses in the UK and throughout the EU had said, during consultations, that data protection legislation was often disparate and difficult to navigate when operating at an international level. Although the EU set out a Data Protection Directive fifteen years ago, countries are able to model their own regulations around it, resulting in disparate systems and standards.
A call for greater transparency is being made, with the rights of the individual to control and monitor the usage of their own data set to be strengthened.
Ms. Reding believes that any business or organisation that is in control of and consequently responsible for private data needs to keep the individual user informed as to their rights and the way in which their data might be used from the outset. This includes notifying users as to how they can go about requesting the removal of their details should they no longer desire third party access to them.
Ms. Reding said that member states should be more willing to exchange data both within the union and with other international organisations in order to promote a culture of trust. She also believes that simplifying the process of sharing data will mean that criminal and legal matters that cross international boundaries can be more efficiently handled.
The EU is set to become ever more open to sharing data with the US as part of an agreement that Ms. Reding is forging, although she says that this will only be possible if the level of protection afforded to the data is in line with EU regulations.