Love.Law.Robots. is moving!
You're browsing the original version of the Love.Law.Robots. Check out the new site. It's prettier and packs loads of new features!
A tale of two security breaches
`This has not much to do with politics, but the staggering amount of blockbuster news lately is bewildering.
The light at the end of the SingHealth Committee of Inquiry draws near and the big picture is being drawn out. The Cyber Security Agency, probably the leading government agency involved in this debacle, said that “Cyber security should be viewed not as a technical issue, but a management issue that is handled at senior leadership levels.”
Based on my impression of the proceedings so far, I do agree with that assessment. The SOPPs are there, the people working on it are there, and they seemed to have almost caught it. There just seems to be something to missing? Not enough people caring about what the implications are.
Over at the other side of the world, Facebook also faces its own problems, though they are handled in a far more ‘professional’ manner than Singhealth. Lobbying? Managing the fallout? Using “fake” news against its enemies? Maybe they did it too well, and it caps a terrible year for Facebook.
In both situations, data breaches causes people to lose their trust and confidence with who they entrust their personal data with.
However, it is also clear that management’s approach towards data security and protection, whether bumbling or with finesse, does not necessarily mean that their interests are aligned with users.
As 2018 draws to a close, and as data breaches become more commonplace, it is difficult for the industry to put the monster back into the box and claim that self-regulation is sufficient.
But if 2018 was the year that companies losing data was in focus, then shouldn’t 2019 be the year where we consider the response? Given that the Singhealth debacle is not quite over yet, we are surely going to hear more in 2019.