Five things to know about UK’s data protection laws after Brexit
It’s almost a regular topic on the news: organizations that lose a USB flash drive. How does this happen? Recently, a well-willing member of the GGD (Dutch Municipal Health Service) recently sent a USB flash drive with detailed information about a specific family via the post. Upon receipt of the package, it turned out there was a hole in the envelope and the USB flash drive was missing. That’s unpleasant for the GGD. They had to report the data leak to the Dutch Data Privacy Authority and now risk a penalty. It’s also unpleasant for the employee who will visit the concerned family with a bouquet of flowers to make amends. Ultimately, the data leak is the most unpleasant for the family, of course. That’s because once sensitive information is on the street, it cannot be retrieved again that easily. Whether and in what way will it harm you? Who can tell?
Why do these kinds of items continue to come up on the news? Why do organizations share files unsecured? Do they not know better, or are they sincerely assuming that this is the safest way? We debunked 3 myths about file transfer.
Myth 1: Using an encrypted USB flash drive is safe
Since the inception of the GDPR in May 2018, organizations are obliged to report severe data leaks quickly and in detail. The default example of a severe data leak is a lost USB flash drive. Anyone who receives the USB flash drive has access to the data. Now, this can be frustrating when the drive contains holiday pictures, but that's not the end of the world. If this USB flash drive contains sensitive information about tenants, patients, or citizens, that’s when you’ve got a real problem. But encryption, that helps right? Not 100%. Anyone who has access to the USB flash drive has access to the encrypted data. There is no way to determine whether unauthorized persons have accessed and copied the data to their own disk to crack the encryption, for example. The encrypting method makes it a little or even much harder to gain access to the data, but it does not make it impossible. Encryption alone is not enough. Access restriction and logging are indispensable for optimal security, and that’s a little difficult with a USB flash drive.
Myth 2: My sensitive data remains secret when I use free file transfer.
Well, we live in 2019. A USB flash drive is considered old-fashioned by many. The Internet offers excellent services such as 4shared, which also make it possible to securely transfer (large) files from A to B, doesn’t it? You are right, it does. However, the question then becomes whether free online file transfer services are safer or better than the USB stick. For several reasons:
- Commercial purposes: The reason these services are predominantly free is that you pay in a different way: with your privacy, or by viewing advertisements tailored to internet behavior by these services or third parties by using so-called cookies. This does not happen with a USB flash drive.
- Big brother might be watching: Is the data stored in America? If so, the files are subject to the US legal system. This means that, under the guise of the Patriot Act and the fight against terrorism, the authorities are allowed to see all files. This also applies to services such as WhatsApp or Dropbox. Here too, the question applies: would you prefer a USB flash drive?
- No protection against human error: More than 50% of the data leaks are caused by human error, such as addressing to a wrong recipient or attaching the wrong file. Existing services do not provide protection against this type of data leak. In fact, for most services, anyone who has access to the mail with the download link, has direct access to all files. The protection against unauthorized access is similar to that of a USB flash drive, because encryption or repairing the error is impossible. Access really means access.
Myth 3: Sharing sensitive data securely is difficult and costly.
The main reason for the use of USB flash drives and free online service is the ease of use. USB flash drives are always available and a service such as WeTransfer or Dropbox is easy to use. And when something is easy, we all are happy to use it. This implies that most professionals assume that safer solutions are too complex by definition. This may have been true in the past, but this myth now also has been debunked. With ZIVVER, you can safely send large files (up to 5TB!) from Outlook. No more workaround needed, and still safe. Don’t you use Outlook? Then use the Web App or the mobile app. Within a minute, you will be 'up and running'. And the best thing is: recipients don't need an account or app. It's that simple.
What makes ZIVVER safe?
- ZIVVER stores the data encrypted. We cannot watch the content of the messages sent or received. Private really is private.
- Because all our ISO27001 certified data centers are within the EEA and not in America.
- Because we not only encrypt messages and files but also perform an extra check to make sure it really is the intended recipient requesting access. Only the person or people you want to give access will get it.
- Because we also check whether you are sending the correct file to the correct recipient. This is how we protect you from an error before you make it. That means no penalty and no need to make amends with a bouquet.
- Because we contractually agree with you that we do not use any of your data for other purposes, that we do not transmit data to third parties, and that we also do not work with third-party commercial cookies. No advertising, either targeted or unfocused.
Convinced? Don't throw your old USB flash drive out just like that! Erase them with special software, or have them destroyed by a specialized company. Are you cancelling your use of an online service? If so, follow their instructions to remove as much of your information as possible. European legislation really supports you and your rights when it comes to personal data. Do not hesitate to use this.
ZIVVER has put together a detailed information page regarding secure email and file sharing. Click on the button below to be redirected to it.