By: Anshuman Singh, Senior Director, Product Management, Barracuda Networks
A UK based political data analytics firm, Cambridge Analytica allegedly sourced the data of around 80-90 million Facebook users illegally without their knowledge and consent and used it during Donald Trump’s presidential campaign. They allegedly started collecting the data in 2014 and used it to form political campaigns and influence voter opinion. Facebook claimed that the users were duped by a researcher who originally got the data through a quiz app hosted on Facebook. However, Facebook’s then malfunctioning design allowed this app to not just collect personal information of people who agreed to take the survey, but also the personal information of all the people in those users’ Facebook social network. This caused huge uproar not only in the United States of America but globally. While many deleted their Facebook accounts, everyone else became deeply skeptical about not just Facebook but online security and data privacy in general.
Cambridge Analytica is an analytics firm and hence it was doing a lot of number crunching to understand user behavior and preferences, which is very normal, but what caught people’s attention is that it was allegedly influencing people’s behavior. People are not too careful about what they are posting on social media, what they are liking on social media and if somebody has that data, they can predict your behavioral choices, political leanings, religious leanings and other important factors. The other scary part was that if you are leaning towards their views, they will create more campaigns and content that strengthens your views and if not, they will try to influence your views.
Currently in India, there is no data protection policy or any government policy around data protection. There should be a way to enforce best practices of data collection, retention and disposal, otherwise it becomes an easy prey not just for hackers but also to unscrupulous organizations. Organizations are not bound to secure your data in any way. For example, there are lots of government services for which we can pay for online, like water bill, electricity bill etc. In that case I am providing my information, it is in this case the government service provider’s duty to keep my data secured and not use my data in any malicious way. While the government service providers may not be selling data but many private companies may be doing that, we need to be careful about the kind of information we put online. They also should be careful about it. In Europe, General Data Protection Regulation (GDPR) policies went into effect from, May 25th 2018, which has put a framework on how data should be secured, retained, utilized and disposed. Deleting old data is in important aspect of the regulation. European Union regulation has strict data regulation rules. Each individual has the right to go to an organization and ask the organization to forget his data. They are bound by law to delete the data within a stipulated time. If you are not compliant, penalties are very high. The presence of a similar law in India will bring a lot of trust back into online transactions.
It is also very important for most businesses to keep their customer’s data secure. Say, you are an online e-commerce company. You will have customer data, that’s not the problem but need to keep that data securely. The other aspect is that after data is stored, you need to make sure that your database is encrypted. There are other threats like encryption malware. Organizations will have all business data and if a ransomware hits and collects the data, it can cause grave consequences. That is where storage backups come into the picture.
The Facebook- Cambridge Analytica crisis has taught the world a huge lesson that at any point we cannot be casual about our online data and we are not yet in a fully secure state. It is rumored and there is no proof that data was used to swing the elections and if that is true it is a big thing. If it was done by a 3rd party, it is a super big thing. We also need to be aware about certain things when online, like giving permission to apps to come and access our profile, it seems fun but can cause huge damages. Another thing is distinguishing between what is real info and what is fake info. We need to be careful before believing and not believing.