EU: 5th European Data Protection Day; Protection through risk awareness
Category: NachrichtenBy: R. Olschewski - 2B Advice GmbH - the privacy benchmark
Data protection attacks can occur from outside, but come from employees far more often. The 5th European Data Protection Day aims to increase citizens’ and businesses’ awareness of the importance of effective data protection in Europe.
This is not an end in itself, but instead data protection breaches can make people open to extortion. A well-known German energy supplier found this out to its cost. The successful company, which invested large amounts of money into marketing campaigns, was blackmailed by a former intern using stolen customer data. The former employee had saved the data of 700,000 customers of the E.ON subsidiary “E Wie Einfach” on his private USB stick.
The former employee was sentenced to a jail sentence of several years by the Munich District Court in December 2010 because he, together with accomplices, had attempted to blackmail the company. In the end, the offender wanted 800,000 EUR to destroy the damaged company’s data. Ultimately, though, the blackmailer was convicted. He claims to have destroyed the USB stick with the stored data and the Public Attorney’s Office hopes that this is the case. What value the data would have fetched on the black market is ultimately not known.
It can only be estimated how often extortion with stolen data is not admitted or competitors obtain the sought-after information from criminal data traders. However, what is certain is that protecting highly sensitive customer data should take the highest priority. Therefore, stored data should be categorized and highly sensitive data should be equipped with suitable security concepts. This can include copy protection, strict access controls and the dual control principle, whereby two people are needed to authorize decisions. USB ports on company computers can be provided with appropriate limitations and the use of private USB sticks in the company can generally be prohibited. However, overall every company requires a concept tailored to the concrete threats, which as a rule can only be developed by experts together with the business management.
What is vital, however, is the necessary sensitivity in matters of data protection which the 5th European Data Protection Day is promoting.
(1050 times viewed)