Data Security, Attacks, and Costly Mistakes: October 2022’s Key Stories

Large-scale approaches to maintaining cloud data security are still relatively nascent for modern organizations. As the information itself continues to evolve and scale, so too do the platforms, tools, and practices we use to keep everything secure. But what happens when these tools aren’t able to keep up with the data they’re meant to protect?

This is where software as a service (SaaS) comes into play. Enabling increased flexibility, lower costs, seamless integrations, and greater efficiency, SaaS is built to scale. SaaS-based data security platforms are poised to provide organizations with secure data use now and well into the future.

The monthly Immuta Unlocked™ Newsletter offers up-to-date insights and industry information to help keep you up-to-speed on data security trends. Our most recent newsletter spotlights the powerful advantages of SaaS data security for enterprises, sharing insights from data-driven experts on powerful modern SaaS solutions.

By examining recent developments in data security–and what happens when it is not prioritized–the benefits of adaptable security at scale become clear. Here is a roundup of October’s top data security headlines:

A Data Sharing Executive Order Signed into Law

Article: Biden signs executive order with new framework to protect data transfers between the U.S. and EU (CNBC)

As with oil, food, and any other essential resource, the international sharing and use of personal data is governed by a range of compliance laws and regulations. Created with the intention of enabling effective data usage while maintaining security, these measures are constantly being developed and adjusted to keep up with the shifting data landscape.

On October 7, President Biden signed a new executive order into law that provides an enhanced data sharing framework between the United States and the European Union. This order, referred to as “Privacy Shield 2.0,” proposes a reworked approach to sharing data between the U.S. and E.U., as the longstanding “Safe Harbor” model was struck down in 2015 for being too lenient on the U.S. intelligence community’s surveillance practices. While not perfect, this new framework creates a new independent “Data Protection Review Court” meant to address privacy claims and put checks on national security objectives. Ideally, this should help avoid infringing on the privacy rights of those involved without impeding secure data sharing.

Large Breaches Drive Enhanced Data Protection Laws

Article: Australia flags tough new data protection laws this year (Associated Press)

With the Australian Parliament back in session, lawmakers are exploring how best to address the fallout of recent large-scale cyber attacks in their country. On September 22, Australia’s second largest wireless telecommunications carrier, Optus, fell victim to a cyberattack that compromised the personal data of roughly 9.8 million customers. This data included incredibly sensitive personally identifiable information (PII) such as drivers license numbers, passport information, and healthcare information.

The Australian government blames this breach on the ineffective and lax cybersecurity practices of both Optus and its parent company, Singapore Telecommunications. Because of its lack of emphasis on robust data security, Optus is facing fines of up to hundreds of millions of dollars. “For too long we have had companies solely looking at data as an asset that they can use commercially,” emphasized Australia’s Attorney-General Mark Dreyfus. It is because of preventable breaches like these that Australia’s government is looking to bolster its Privacy Act and ensure more effective data security nationwide.

Hackers Expose Government Data Security Vulnerabilities

Article: Hack puts Latin American security agencies on edge (Associated Press)

Government agencies throughout Latin America are being forced to reevaluate their data security practices this month following a large-scale data breach. In late September, a group of hackers calling themselves Guacamaya were able to access 10 terabytes of data from a variety of state bureaus, including the police and military departments of Peru, El Salvador, and Colombia. The largest trove of data was stolen from Mexico’s Defense Department, leaking emails that included information ranging from police and military surveillance of protest groups to information about Mexican President Andrés Manuel López Obrador’s health.

While some, like López Obrador, have downplayed the severity of this attack and the sensitivity of the information involved, the lessons of the incident remain. If a social justice group like Guacamaya can gain access to your sensitive information and communications, your data security solutions and practices may need to be reconsidered.

TikTok Fined for Negligent Use of Personal Data

Article: TikTok Warned Of Possible $29 Million Fine For Processing Children’s Data (Forbes)

In September, we noted the substantial penalties that social media giants are facing for failing to uphold data security and privacy standards. Both Twitter and Meta have been subject to multi-million dollar fines for missteps like regulatory noncompliance and data privacy malpractice. Now TikTok, the current fastest growing social media platform, is finding itself subject to equally serious penalties–facing a fine of up to £25 million (roughly $29,017,625 USD).

Following an investigation by the UK’s Information Commissioner’s Office (ICO), TikTok has been accused of violating GDPR requirements by processing the personal data of users under age 13 without parental permission. Beyond this, there is evidence that the app may have also illegally processed the sensitive personal information of many users. This includes user race, ethnicity, sexual orientation, and other sensitive data that was not ascertained with clear legal consent. Without clearly defined and compliant data use practices, companies like TikTok risk both serious penalization and the violation of their users’ right to privacy.

Keeping Up with Key Stories

Spotlighting significant risks to personal security and privacy, October’s Key Stories reemphasize the importance of implementing robust data security frameworks to proactively protect against breach at scale.

To access these stories early and stay up-to-date on the latest in data security and beyond, make sure to subscribe to the Immuta Unlocked™ Newsletter today. Each month, we include a range of these Key Stories in the newsletter to provide our subscribers with access to the latest news in data.

We’ll see you next month!

Join 35,000+ Data Professionals who Receive Immuta Unlocked

Subscribe Today

Related stories