In the middle of a market suffering lower-than-expected earnings reports, two tech companies stand out for their approaches to privacy. Google, which recently shuttered its social media service Google Plus following a major data breach, is now under scrutiny from lawmakers over its actions. Meanwhile, Apple CEO Tim Cook called for comprehensive privacy regulations in the U.S. to battle what he termed, “the data industrial complex.”
In October, the Wall Street Journal reported that Google Plus suffered, and failed to disclose, a massive data breach affecting as many as 500,000 accounts. The glitch gave third-party developers potential access to users’ private data between 2015 and March 2018. However, Google chose to not disclose the issue at the time, fearing legal scrutiny and reputational damage. Even worse, a memo from Google’s legal staff advised senior executives not to report the security vulnerability.
Now, Democrat and Republican senators alike are calling for Google to answer “serious questions” about whether the company violated a 2011 Federal Trade Commission consent decree. Google paid $22.5 million to settle charges of violating the decree in 2012. Its recent actions are likely to draw similar fines and increased scrutiny from lawmakers in Congress, who issued bipartisan calls for greater transparency and trust. In a letter to Google CEO Sundar Pichai on October 11, Republican senators John Thune (South Dakota), Roger Wicker (Mississippi), and Jerry Moran (Kansas) said: “Google must be more forthcoming with the public and lawmakers if the company is to maintain or regain the trust of the users of its services.”
Tim Cook also blasted big data companies this week in an impassioned speech delivered at the annual International Conference of Data Protection and Privacy Commissioners in Brussels. He cautioned the “data industrial complex” for using “our own information … with military efficiency.”
“Platforms and algorithms that promised to improve our lives can actually magnify our worst human tendencies,” added Cook. “Rogue actors and even governments have taken advantage of user trust to deepen divisions, incite violence, and even undermine our shared sense of what is true and what is false. This crisis is real. It is not imagined, or exaggerated, or crazy.”
Although he did not mention any organization by name, it was clear Cook looks to differentiate Apple from other tech titans that rely on data for advertising revenue. He also called for a “comprehensive federal privacy law” with four essential rights: the right to have personal data minimized, the right to knowledge, the right to access, and the right to security. “Technology is capable of doing great things. But it doesn’t want to do great things. It doesn’t want anything. That part takes all of us,” he said.
All 50 U.S. states now have data breach notification laws in place. U.S. organizations also face a number of sector-specific regulations and requirements, such as the NYDFS Cybersecurity Requirements, PCI DSS (Payment Card Industry Data Security Standard), and HIPAA (Health Insurance Portability and Accountability Act), as well as international laws such as the EU’s GDPR (General Data Protection Regulation).
IT Governance USA, the global leader in ISO, offers a range of services to help your organization manage its data privacy and cybersecurity risk.
From policy templates and toolkits, to training courses and certification, to on-site consultancy and audits, IT Governance has more than 20 years in the information security industry as an internationally recognized leader in risk management standards.
Let us help you get #BreachReady.
Visit this page and learn how to prepare for a breach. We break the process down into six simple steps and recommend tools and services you can use to complete each task.