Page 22 - Security Today, July/August 2018
P. 22

Protecting Your Data
Facebook announced it will comply with the GDPR and so should you
BEy Christian Morin
ven if you don’t have a Facebook account, you have undoubtedly heard the reports about how Cambridge Analytica accessed the personally identifiable informa- tion (PII) of up to 87 million users over a period of several years. Starting in 2014, the British political con-
sulting firm began collecting data from the social media platform’s users, the vast majority of whom reside in the United States, with the alleged goal of using that data to influence voter opinions.
Essentially, Cambridge Analytica gathered and sold PII to help a variety of politicians influence the public in both the United States and the United Kingdom. While the ultimate scope of the influence has not yet been determined, what is clear is that people everywhere feel violated by the access. Given the nature of social networking ap- plications, it is not surprising that Facebook has faced a lot of harsh criticism and has had to implement new strategies for dealing with personal data.
One strategy that they have been open about is their decision to implement the European Union’s General Data Protection Regula- tion (GDPR) in all areas of its operations, significantly, not just in the EU itself. In fact, during his testimony before Congress in April of this year, Facebook’s founder and CEO Mark Zuckerberg said he believed GDPR was a positive step for the internet.
“A lot of the things in there are things we have already done for a long time; some are other things that I think would be good steps for us to take,” Zuckerberg said. “I think it makes sense to do more and it’s something GDPR will require us to do and it will be positive.”
Given the gravity of the Facebook/Cambridge Analytica scan- dal, the swift response to it, and Zuckerberg’s support for the GDPR
in its aftermath, you would think that North American companies would be eager to follow suit. However, and despite the fact that the GDPR will be applicable to organizations worldwide, many have not yet made the move.
North Americans Aren’t Ready for the GDPR
A surprising number of North American companies are either un- certain about or unprepared for the GDPR. Comp TIA, a leading technology association, surveyed 400 U.S. companies in April of this year, and the results were telling.
According to Comp TIA’s survey, 52 percent of the 400 compa- nies they looked at are either still exploring how the GDPR applies to their businesses, have decided that it does not relate to their busi- nesses, or are unsure. In fact, they found that only 13 percent of the companies say they are fully compliant while 23 percent feel they are mostly compliant and 12 percent feel they are somewhat compliant. Given that the regulation took effect on May 25, a little more than a month after this survey, these numbers are concerning.
Does the GDPR Apply to North American Companies?
So why are North American companies lagging behind on their compliance? In large part, it is because they feel the GDPR does not apply to them. This is understandable since the regulation was de- veloped to protect individual privacy as it relates to the data being collected from citizens of the European Union.
The regulation stipulates that European citizens own the PII be-
Nick Fox/

   20   21   22   23   24