What to Know About International Data Security and Compliance in 2019

There’s a now-common adage about data security – that it has firmly shifted from the backroom to the board room. For years, concerns of computer hacking largely stopped with the head of IT, but the steady rise of data hacks has made the issue a priority for all levels of leadership. According to a MarketPlace article, the number of reported data hacks in the United States rose from fewer than 200 in 2005 to more than 1,300 in 2017.

Without a doubt, data security is a concern for every organization – regardless of size, industry or location. However, those organizations with international operations face additional challenges. Both the threats and laws regulating data security change from country to country – drastically in some cases.

Not all countries approach data security the same

Every country has different approaches and policies concerning data security. These varying security standards and privacy laws make some destinations more susceptible to data theft than others. Depending on the extent of your company’s global operations, it’s important to understand which international offices may be more vulnerable than others.

Comparitech, an IT security firm, recently issued a study analyzing every country against a number of data security criteria to see which have the best and worst cybersecurity ranking.

The countries with the worst scores were (in order):

  1. Algeria
  2. Indonesia
  3. Vietnam
  4. Tanzania
  5. Uzbekistan

Germany scored the highest in financial malware attacks, which may be surprising to some given the country’s reputation for conducting global business. At the same time, Germany also was among those countries with the most up-to-date cybersecurity legislation.

The current state of General Data Protection Regulation (GDPR)

Last year, the European Union implemented its General Data Protection Regulation (GDPR) after ratifying it in 2016. GDPR requires companies to report breaches faster and establish more stringent processes to handle personal information.

While the regulation went into effect last year, it was widely expected that full enforcement would begin in 2019. Already, there have been several instances of companies being fined for infractions – most notably, British Airways. The airline was issued the largest fine to date (£183 million) for a data breach it experienced last year.

Other international data security regulations impacting businesses

While GDPR may be more top of mind for most businesses, it isn’t the only data security regulation being enacted across the globe. In 2017, China passed its own cybersecurity law, and since then, has issued a series of security standards that some industry experts see as more stringent than GDPR. While both regulations have strict stipulations of how information can be gathered and secured, China’s law gives the government authority to access and review data stored by companies operating in the country. Those who don’t comply can face stiff penalties.

Last year, the United States enacted a similar law, the Clarifying Lawful Overseas Use of Data (CLOUD) Act. This allows federal authorities to seize online data from U.S. companies via a warrant, regardless of whether the data is stored within the United States or abroad.

There’s also the potential that the United States will pursue its own version of GDPR in the next few years. Individual states, such as California, have begun pursuing their own data security policies. A federal regulation may become necessary to provide a unified, consistent approach throughout the country.

The rise and promise of blockchain

As organizations and countries alike try to identify the best and most effective ways to protect their data, one solution is gaining significant interest: blockchain. The intricacies of blockchain are an article all on their own, but here is a topline summary of how blockchain technology works.

  1. Instead of storing sensitive data in a single location, blockchain segments information across multiple servers and computers, decentralizing it so the network can’t be attacked from a single point of entry.
  2. Each “block” of data is encrypted with a unique security signature. Any change to the block results in it receiving a new encrypted signature.
  3. When an update or transaction takes place, the network is notified of the action so each computer can cross-reference and verify that the block of data is secure and authentic.

Blockchain is most helpful for transactional data, which is why it’s been the basis for cryptocurrency like bitcoin. However, software developers are rapidly identifying other verticals where blockchain solutions could be utilized. Of note for the relocation and global supply chain markets, earlier this year IBM and Maersk announced its blockchain platform, TradeLens, specifically designed to improve security in the shipping industry. The tool promises openness, transparency and security across all the different entities that touch a shipment from the point of origin to its final destination.

Reminders for international transferees

Blockchain certainly has the potential to significantly improve data security in a number of markets, but it is still a relatively new technology and isn’t a cure-all for organizations’ concerns. It’s important to remember that some of the most effective solutions start with educating employees – particularly those working abroad – about how they can protect both themselves and your company’s data.

These steps include:

  • Only join secure Wi-Fi networks: Public Wi-Fi networks are a favorite hangout for data thieves. Even seemingly secure networks can be treacherous. Educate employees on how to ask about hotel or business’ security protocols should they offer a private network. Similarly, make sure their devices are not set to automatically connect to available networks.
  • Turn off Bluetooth: Like Wi-Fi networks, hackers can use a device’s Bluetooth signal to gain access. This is especially important in countries with high reports of data theft.
  • Install up-to-date malware and anti-virus software: Should they be affected, this software can help ensure that the issue is detected and mitigated as quickly as possible.
  • Don’t store sensitive information on the device: Another way to prevent sensitive information from falling into the wrong hands is to simply not store any of it on the actual device. Consider keeping all important documents on a server that only can be accessed via a VPN.

For good or for bad, the world isn’t going to become less connected any time soon. It’s critical that businesses and travelers understand the threats they face, along with the laws and regulations countries are imposing to help ensure citizens’ data is secure. It’s also worth consulting with your CIO or head of IT to review how your organization’s security procedures and employee training account for international transferees and what – if anything – could be augmented to better protect both them and your company while they are abroad.