Data protection and data security – why common sense alone is not enough
Data protection and data security create trust – even in a confessional box
Data protection and data security are often mentioned in the same breath, but they are not the same thing. They are, however, both essential when it comes to using the data of third parties. They are an important factor in the collaboration between companies and their customers, enabling them to work on a confidential basis. Regarding confidential personal and company-related data, there is also a great deal of uncertainty about how the data is processed. With the increasing volumes of data and rising complexity of the cases of application in digital space, it is not easy to maintain a view of the rights and obligations in relation to data usage. This is a challenge that requires a professional approach. After all, violations of data protection and data security can damage a company’s reputation and incur very high costs. This can be prevented by a clearly structured security concept. Incidentally, data protection is nothing new. Even the church is familiar with data protection – with its seal of confession and confessional box that date back as far as the Middle Ages.
What exactly do data protection and data security mean?
The aim of data protection is to prevent the misuse of data by third parties and to protect privacy. It governs the right of each individual (whether a private individual or a company) to determine how their personal data is used and forwarded. Data protection defines how data may be collected, processed, used and stored. It is the legal framework. For example, SwissGlobal has a responsibility towards its customers to prevent confidential data from being passed on to unauthorised third parties. Data security on the other hand incorporates measures and technologies that help to prevent the misuse and loss of data and to guarantee confidentiality.
Google, Brexit and Facebook – changing realities and misuse of data
With the continued expansion in worldwide networking, the virtual market and therefore the value of consumer and user data are also increasing. To ensure that the rights of each individual are upheld with regard to the protection of his or her data, data protection will become more and more important in the future. The following statement is true: “The Internet never forgets”. This is why companies such as BrandYourself provide branding solutions for personal Internet profiles on social networks and on Google. With the rapid rise in the development of technologies such as Alexa from Amazon and Siri from Apple, information is becoming increasingly digitalised, which means it is quicker and easier to call up. The huge volumes of data combined with easy access to it harbour a major risk for data misuse, however. At Google, algorithms calculate personal marketing profiles based upon our searching and purchasing behaviour, and they generate advertising for products and services that are tailored to us. It is not just in the commercial sector where our data is becoming more and more valuable. For political purposes, voters can also be targeted with advertising and false information aimed at fooling them and misinforming them – with a direct impact upon democratic systems. There is insufficient awareness among the general public that prior to the Brexit referendum, false information was distributed via social media in a very targeted manner (recommended film on this subject: “The Uncivil War”). Among other things, this helped the Brexit leave campaigners to secure a victory, leading to a political disaster in Great Britain. Another case involving the public was the disclosure of 87 million Facebook user profiles to the British consulting firm Cambridge Analytica. Facebook provided the app developer with access to user data. What really made people’s ears prick up was that the consulting firm had also been involved in Donald Trump’s presidential election campaign.
Guaranteed data security?
To meet the Swiss and international data protection requirements, companies must invest in data security. And to guarantee data security, measures and additional infrastructure, such as software, IT solutions and training for employees, are nowadays absolutely essential.
A sound data security concept guarantees that data is transported and stored in such a way that it cannot be stolen, copied or modified (or can only be modified intentionally). It is a sensitive matter when data is forwarded to third parties for processing. Who can guarantee that the third parties will not misuse the data during or after its transmission? To mitigate this risk, SwissGlobal works with secured virtual workplaces through Secured Workplace (SeWo). Employees and external partners can log securely into SeWo anywhere and anytime via two-factor authentication, and they can work in a securely protected server environment. The data remains in Switzerland and the encrypted data is processed in a controlled environment – protected against data loss or corrupting ransomware. Thanks to its security concept and with the support of its IT partner CSF Computer Solutions Facility AG, SwissGlobal can guarantee to all customers that the highest security requirements are implemented and strictly adhered to. CSF is certified according to the ISO 27001 Standard for Information Security.
Humans are and remain the number 1 risk factor
Ensuring data security and data protection requires the use of technologies that can be simply and seamlessly integrated into work processes. The human being as a user must also be taken into account, however. As the security awareness often lags behind technological development, humans continue to handle their data carelessly. Personal details quickly enter the network, whether for entering a competition or ordering the next smartphone from an online shop. In companies, passwords are forwarded onto colleagues and orders containing sensitive data are sent via unencrypted e-mails. Small actions that can have a negative impact if the data ends up in the wrong hands.
According to Herbert Spettel from CSF Computer Solutions Facility AG on the subject of data security: “The greatest risk is still the human being.” Employees and managers need to be made aware of how to handle data securely. They also need to be familiar with tools for implementing data security. Another important measure is in the form of ongoing audits that question: “Where do we stand in terms of information security and data protection?” Technology and knowledge are continuously developing, which in turn calls for a regular review of procedures to make sure they are up to date.
Clouds from Microsoft, Amazon and Google vs Swiss legislation
There is often great uncertainty surrounding the use of clouds too. Herbert Spettel commented: “Legislation is still location bound, and clouds usually operate globally. This means that there are legal constraints preventing certain data from leaving Switzerland. In principle, the clouds are not as insecure as people often think. Cloud providers such as Amazon, Microsoft and Google usually offer high data security, however they don’t comply with the legislation as the data is not stored locally, but instead could be stored anywhere in the world.” CSF Computer Solutions Facility AG therefore relies on local storage systems that can be fully configured and monitored directly on site. This wards off cyberattacks, and the data security measures comply with legislation. SwissGlobal also benefits from this offering and can pass this additional security onto its customers.
Data security at SwissGlobal
To ensure data security and data protection at SwissGlobal, all systems and processes are certified according to ISO 9001 and ISO 17100. Information security and the secure storage of all customer data is ensured. Thanks to the close collaboration with our experienced IT partner CSF Computer Solutions Facility AG, SwissGlobal fully complies with ISO 27001. More specifically, this means that data is handled with confidentiality at all times. Multiple backups, virus scanners, multiple firewalls and encryption ensure that all data remains safe in order to guarantee business continuity. The employees receive ongoing training and risks are continually identified and evaluated at strategic level as part of the active quality management processes. Security-conscious customers can audit this at any time. What’s more, SwissGlobal offers customer-specific security solutions for all its services. Orders can be placed directly on site at the customer or in SeWo, for example.
SwissGlobal guarantees compliance with the highest security standards. This means that confidential data remains where it belongs – in confidential hands with a clear security concept and a secure IT environment.
Do you have any questions about these topics? Call us or write us, we are always happy to help.