Some 15 years ago few even knew what personal data was. Now it is the core of every business in every part of the globe, but it creates problems too.
Business does not properly focus on data privacy and protection in its processes, in the products it builds or the services it provides.
How can a brand new vehicle be hijacked through its Wi-Fi connection? Did nobody think about what could happen by linking your Wi-Fi to your power and command systems?
The European Union (EU) and the €100 million question
The EU aims to have a €1 trillion online economy by 2020: that can only be achieved if the online world is safe.
To that end the EU has agreed to increase fines for breaches of the data protection and privacy rules to €100,000,000 or, if higher, 5% of global turnover. This will soon mean highly active enforcement of the rules by all EU regulators, including in the UK.
The most basic step is missing
Of the 5.2 million businesses in the UK, just over 6% have registered with the Information Commissioner. Registration is essential if you collect and use the personal data of business or retail customers.
To collect and use it lawfully means providing a Privacy Notice when it is collected: that notice cannot be buried in a link nobody ever clicks. To see how it should be done go to www.dataguardsman.co.uk and log in.
Without lawful collection the business is at risk, and since the March 2015 Court of Appeal judgement in effectively Google .v. Apple every such customer can claim compensation without having suffered any loss or damage. That revolution in English law means almost every business is exposed to claims by every retail and business customer, current, past or prospective.
Effect on business value
Just as many companies now recognise the value of their customer databases onto their balance sheets, the converse is also true. If personal data is not lawfully collected that fact can dramatically reduce the value of the business, even if they have not capitalised the value.
We made our concerns known to a global law firm in the City, which used that knowledge to reduce the price their client paid to buy another company by 20%. Clearly they could not tell us more, but the amount lost would have been substantial. We are also aware of other transactions where the target was rendered completely valueless by lack of compliance. This will be the same in the rest of the EU.
Shareholder action
As we have had Data Protection and privacy laws since 1984, directors who have not ensured appropriate compliance cannot hide from shareholders who bring actions against them personally to recover the value lost on sale or through a drop in share price generally.
The cost of data breaches
In March 2015 PwC reported in a review carried out for BiS that 90% of all large businesses and 74% of SMEs suffered a data breach last year: once breached, multiple breaches follow, and each costs money. If IT systems are breached, can you rely on the outputs of that business’ financial software?
Earlier this year KPMG carried out a study of 133 institutional investors who stated they were unlikely to invest in a business which had suffered a data breach.
The Insurers
A study by PwC in July 2015 found insurers now placed cyber risk as their number one non-life concern. How long will it be before they stop paying out for cars that are stolen or involved in accidents because they are so easily hacked.
Who will the individual pursue for providing them with faulty goods, especially if they are involved in life changing accidents?
One thing is certain, if those goods are on finance, the customer will not pay the finance company. There are reports of hospital equipment which delivers highly toxic chemicals into the blood being hacked. With forecasts of the Internet of Things where everything will be linked to the internet and thus hackable (unless designed properly), who knows what claims will follow and against whom?
Can things be fixed?
The problem is the lack of awareness and the scarcity of affordable resources in the data privacy and protection field, and the fact that ignoring it did not seem to have any real consequences. Most of the issues can be remedied with time and effort, but how can you assist five million businesses?
The solution has to be a self-help approach which is where DataGuardsman is positioned. It is a unique, interactive and very easy to use online solution for all businesses up to the FTSE 350. For lenders who want to protect themselves it is a product they can resell to their customers.
Lender beware
The impact of data and privacy and protection laws on business is already affecting the security of lending decisions. Lenders have to be far more aware of these issues, and so does business.
Ian Sinclair-Ford is Director of DataGuardsman Limited. The views expressed are based on our understanding and opinion of the matters set out and may not apply to all businesses. No reliance is to be placed on this article by any party and no liability is accepted for any such reliance. Legal advice must always be taken before making any decision which may affect the business or your personal position related to any point in this article.
