Joe Sullivan, who was shockingly and arguably unfairly sentenced to serve a three-year term of probation and ordered to pay a fine of $50,000 for covering up the Uber data breach – authored a sobering op-ed today in Dark Reading warning CEOs that they themselves will be the next target of zealous government regulators seeking accountability for data breaches that inevitably happen.
I don’t know if Mr. Sullivan is right or not – but I do know this: his story sheds light on the conundrum consumers and businesses both face when it comes to protecting sensitive data in the modern world of cloud-first everything. As Sullivan states, "the government can't solely protect us from breaches, and companies aren't properly incented to do it either. It's a unique catch-22: No single entity has the power to protect us on the Internet."
In my opinion, this statement highlights the critical need for both individuals and companies to take responsibility for their own privacy.
Most people and organizations today readily entrust their data to large corporations, assuming that these companies will prioritize the protection of this information. However, we must remember that these are for-profit entities, and their primary goal is to generate profit for shareholders. While they definitely have security measures in place, their priorities (and levels of investment) may not always align with the best interests of their users.
Furthermore, we often expect the government to step in and hold these companies accountable when breaches occur. While government oversight is an important variable, we cannot solely rely on them to protect our privacy. The truth is, the government may not always have the resources or the willingness to pursue every breach and hold companies fully accountable.
It's time for people to look in the mirror and take responsibility for their own privacy. Given what we now know about the world – we cannot continue to be lazy and assume that others will protect our data. It's crucial that we have agency over our information, especially when storing it in public cloud environments.
One way to achieve this is by separating trust and keeping control of our encryption keys. By doing so, we ensure that even if a breach occurs, our data remains secure and unreadable to unauthorized parties. It's a simple step that can make a significant difference in protecting our digital fingerprints.
Companies like Virtru can play a vital role in helping individuals and businesses protect their data. Virtru’s solutions allow users to separate trust from monolithic cloud providers by giving them the ability to host and manage their own encryption keys, ensuring that data remains fully secure and private even when stored in the cloud. By leveraging tools like those offered by Virtru, people and companies can take a proactive approach to data protection. They can have peace of mind knowing that their sensitive information is secure, even if a breach occurs at the cloud provider level.
Here’s the truth. In the modern world, no single entity has the power to fully protect our data. Therefore, it's time for us to realize that our digital fingerprints are in the hands of private companies, and we cannot blindly trust them or rely solely on the government to hold them accountable.
Instead, we must take personal responsibility for our privacy by having agency over our data and separating trust through encryption key control. Simply stated, it's time we stop looking to others for answers. It’s time we take control of our data and prioritize our own privacy.