Concentration Risk is the new Vendor Lock-In
While the EU implemented GDPR over a year ago, many organisations are still failing to comply with the new legislation. As a result, it is worth questioning whether we can truly trust companies with our personal data.
Is our personal data at risk?
Earlier this month, University of Oxford-based researcher James Pavur conducted a study to test GDPR's potential for exploitation. Pavur approached dozens of UK and US firms in order to determine how they would handle a "right of access" request made in someone else's name.
The security expert discovered that large companies tended to comply, while smaller firms ignored him altogether. However, he also found that mid-size businesses often mishandled his requests for data.
When Pavur requested data an educational company held on his fiancee, they revealed her high school grades, mother's maiden name, and the results of a criminal background check survey. Moreover, two UK rail companies provided records of all the journeys she had taken with them over several years.
Overall, Pavur said the organisations disclosed 60 distinct pieces of personal information about his partner. While this test is merely anecdotal, it raises important questions regarding the vulnerability of our personal data.
Are organisations doing enough?
Google, Intel, Microsoft and seven other companies have now created a Confidential Computing Consortium (CCC). In effect, the community aims to define and accelerate the adoption of confidential computing.
While participants plan to make several open source project contributions, the initiative is incredibly ambitious. Just last year, Google shut down its social network platform Google+ after a bug in its software exposed the private data of up to 500,000 users.
In April, Microsoft disclosed that a hacker had compromised the account of a Microsoft support agent. As a result, the company admitted that it is possible that the hacker accessed and viewed the content of some Outlook users' accounts.
Following these incidents, it thus dubious as to whether this new consortium will succeed at thoroughly securing our personal data. With big tech companies possessing more control over our sensitive information than ever, it is now vital that we hold these organisations to account.
Looking to learn more about GDPR? Listen to our podcast with industry experts