Data Breaches, Differential Privacy, and Data Protection Officers
Marriott has lost $4.08 billion in market value since November 29th, when the breach was reported. However, this loss could potentially worsen because of fines and lawsuits. Under GDPR, Marriott could be fined with $912 million, and there is a $12.5 billion damages lawsuit in the process.
Quora reported on Monday that hackers had gained access to the data of 100 million users. The information comprised names, email addresses, passwords, and data from social networks.
All these breaches have pushed legislators in the US to propose bills that would fine not only the affected companies but also the CEOs. Senator Ron Wyden’s proposal includes up to 20 years of jail for chief execs and $5 million fines for CEOs.
However, there are processes and technologies that can help organizations protect their customers’ data privacy.
One solution is to designate a Data Protection Officer (DPO), a role that was introduced by the GDPR. While not every company is required to have a DPO, having someone in charge of data privacy and protection is a must. FTI Consulting is now offering DPO-as-a-service to help companies satisfy regulatory requirements.
Another solution is to use technologies, such as differential privacy, to keep the data private. Differential privacy is already used by companies like Apple and Google, but one of the earliest adopters is the Census Bureau. By mandate, the Bureau has to keep each person’s information private and to provide useful data, and differential privacy enables it to do so.
No single solution is a silver bullet, but a combination of privacy-preserving technologies and processes will help organizations protect their customers’ data privacy.