Keeping it private – a constant challenge for business
In today’s digital age when data is king, both consumers and businesses are increasingly placing a premium on privacy, writes Quentin Golder, partner with Birketts LLP.
Service providers have responded to market demand with an increasing range of products and services designed specifically to enhance privacy and to allow users to retain control of their data.
For the individual consumer, private browser services such as Chrome’s ‘Incognito’ and Internet Explorer’s ‘InPrivate’ promise users added protection from prying eyes when browsing the web. These services can help minimise an individual’s digital footprint, but the extent of the protection they offer is specific and limited.
For businesses seeking to address potential vulnerabilities in their communications networks and to minimise the risks posed by the use of mobile devices, products such as Silent Circle’s Blackphone 2 offer more comprehensive security solutions.
Built on the company’s Silent OS, the device provides a whole host of security features including default encryption, extensive password protection and the ability to keep work and personal data totally separate on a single device.
When a user browses the web, every website visited is recorded in the browser history. The browser will remember the URL of sites visited on a regular basis, files downloaded, data cookies that track activity on a particular site, terms that were typed into search engines and account logins stored.
All of this can help to enhance the user experience but it also leaves a fairly significant digital footprint that others using the same computer can easily access. Using a private browsing service means that, as soon as the browser is closed, all of this information disappears and cannot be accessed by anyone else using that device.
The most obvious reason for private browsing is to prevent others from knowing what websites have been visited. From a privacy perspective, other benefits include preventing targeted ads being served up during browser sessions and protection if using someone else’s computer.
Private browsing can also offer some practical benefits such as enabling users to override usage limits and the ability to log into multiple linked accounts at the same time. However, private browsing will not provide protection from malicious programs that have already been installed on a computer – for example, key loggers are a type of spyware that records every character typed including passwords, credit card numbers and the like.
Browsing activates will also still be visible to external network monitoring so will not, for example, hide the fact that an employee is using a work PC to browse online shopping sites from an employer. Also use of a private browser does not give immunity from hackers when using public Wi-Fi.
All businesses with a presence in the UK are required to comply with the seventh data protection principle which provides that appropriate technical and organisational measures must be taken against unauthorised or unlawful processing of personal data and against accidental loss, destruction or damage of personal data.
However, the measures that are required to ensure compliance with the seventh data protection principle will vary widely depending upon the amount and type of data a business holds, the type of processing activities carried out and the nature and means of the business itself.
Given the current rate of development, a company must remain vigilant and ready to adapt to both the threats and the potential solutions posed by technological advances.
For some businesses, ensuring staff have access to products such as the Blackphone 2 may form an element in their overall security strategy but use of such technology will never be a total compliance solution in itself.
Overall compliance requires ongoing awareness, review and training. There is little point in issuing an employee with a £650 phone within encryption capabilities if those calls are conducted at high volume from a crowded train carriage.
An issue arises as to whether enhanced privacy features (whether for private or business purposes) put one at odds with government access rights to data.
The unveiling of the new Investigatory Powers Bill would force communication firms to disclose unencrypted communications to police and spy agencies and prevent companies from providing encryption services so secure that even the service providers themselves cannot decipher them - exactly the kind of end-to-end encryption provided by Silent Circle.
While commentators have been quick to challenge the purported security benefits under the legislation, questions are already being raised by a number of security service providers as to whether the UK remains a viable market.
• To find out more contact Quentin Golder on 01223 326586; email: quentin-golder [at] birketts.co.uk; or associate Kitty Rosser on 01603 756559. Email: kitty-rosser [at] birketts.co.uk