Data privacy and security talks have been escalating in the last year due to the high influx of ransomware attacks, data leaks and new demands put out by government bodies. Last year set a new record for ransomware payments due to the huge amount of attacks that compromised sensitive information across Europe, North America and Asia. Some of these attacks eventually put the public's life at risk while also causing massive setbacks for corporations globally.
Governments, corporations and analysts alike are recognising that the insurgence of adversarial activity and challenges calls for new solutions. In this week's Emerge5, we are listing our five key predictions for data privacy and security trends in 2022.
An Influx of Regulations
President Biden's administration kicked off the year with a four point plan that will be used to increase national cybersecurity and protect public and corporate information. As listed on the White House official website, the four points are:
- Disrupt Ransomware Infrastructure and Actors: The Administration is bringing the full weight of U.S. government capabilities to disrupt ransomware actors, facilitators, networks and financial infrastructure;
- Bolster Resilience to Withstand Ransomware Attacks: The Administration has called on the private sector to step up its investment and focus on cyber defenses to meet the threat. The Administration has also outlined the expected cybersecurity thresholds for critical infrastructure and introduced cybersecurity requirements for transportation critical infrastructure;
- Address the Abuse of Virtual Currency to Launder Ransom Payments: Virtual currency is subject to the same Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) controls that are applied to fiat currency, and those controls and laws must be enforced. The Administration is leveraging existing capabilities, and acquiring innovative capabilities, to trace and interdict ransomware proceeds; and
- Leverage International Cooperation to Disrupt the Ransomware Ecosystem and Address Safe Harbors for Ransomware Criminals: Responsible states do not permit criminals to operate with impunity from within their borders. We are working with international partners to disrupt ransomware networks and improve partner capacity for detecting and responding to such activity within their own borders, including imposing consequences and holding accountable those states that allow criminals to operate from within their jurisdictions.
It's likely that other government bodies will follow suit. Belgium’s Data Protection Authority recently declared that the Interactive Advertising Bureau of Europe’s framework for how publishers get consent for collecting and use personal data isn't compliant with existing EU privacy regulations.
Startups Battle Data Giants
As predicted by the controversial analyst Andrew Keen, privacy regulations are unable to stop the wealthier and more powerful companies from breaking them, meaning that only the smallest fish get caught. While this is certainly the case in North America, recent speculation around Google Analytics and their ability to anonymise data led to the Austrian Data Protection Authority declaring the platform to be in violation of GDPR, with France's DPA following suit.
The result is that European startups have emerged to take the place of Google Analytics, ensuring that they are fully GDPR compliant. Most notably, Estonian data company Plausible Analytics tripled their subscriptions in one week, proving themselves to be the trusted underdogs in this battle for ethical data management.
More Election Rigging
Much of the general public still remain relatively unaware of the far-reaching consequences of the Cambridge Analytica scandal. As reporter Zac Crellin points out, it was not just Brexit and the Trump administration that were impacted by this scandal; Trinidad and Tobago, for instance, encouraged "swathes of young people not to vote in order to hand the election to its client." One country that was not impacted by this scandal, however, was Australia.
Splinter groups formed by Cambridge-Analytica former members have been formed with the interest of backing new political campaigns and countries that have not previously been exposed to such scandals still remain at high risk. Researchers recently called upon the Department of Defence to devise a plan to combat potential misconduct.
Repetitive Data Tasks to Be Completed by Low-Cost Workers
Machine learning has come a long way in the last few years and has been used as a tool for data entry by many organisations. While using machine learning can be useful for noticing patterns and trends, labelling and categorising this data goes beyond many AI's capabilities. This work is often labelled 'micro-work' due to how little time it takes to do, however when vast quantities of these demands get sent to workers, it can often get overwhelming.
Companies such as Clickworker, Appen and the crowd-sourcing platform Amazon Mechanical Turk are notorious for hiring workers to complete these tasks but there is very little compensation. A study by Singapore Management University noted that the average wage at Mechanical Turk is less than $2 an hour while only 4% of workers earned more than the US minimum wage.
If this trend continues in 2022, it might raise questions as to how well this data is being handled as low-wage workers have been suggested to receive less training due to a perceivably low return on investment.
Mismanaging Workers' Data Will Cause Legal Battles
Hybrid working has opened up a whole range of possibilities for organisations to reduce travel expenditure, increase productivity and improve flexibility but it has not come without challenges. According to a survey by Riverbed/Aternity, 88% of executives are concerned about digital disparity between in-office and remote employees.
The result has been that many employers have utilised some level of surveillance technology to ensure productivity in the workplace. The United Tech and Allied Workers (UTAW) union have voiced their concern, stating that,
“Employers have felt the pressing desire to keep tabs on their employees. As the boundary between working and private spaces becomes blurred, the potential intrusion of employee surveillance has become more concerning."
UTAW have supported workers who feel that their data privacy is being abused by organisations, noting one incident where an employee was scrutinised for having low productivity despite going through menopause and having childcare issues. The employee took the organisation to court and won due to the fact that organisations, under the Data Protection Act 2018, have to tell employees how they will use their data.
This will become an increasingly important point to be aware of as organisations need to navigate around any new potential legal risks they might fall into in 2022.