With the advancement of technology and the unprecedented economic growth worldwide over the last half-century, the exchange and use of vast amounts of information have become the new reality. The content of this information is as diverse as it is large. From the information that can be designated as harmless to information such as names, addresses, bank accounts, and many others. The benefits of this are clear and each of us more or less use and rely on the services, provided by companies using Big Data.
Today, data breaches and leaks are some of the biggest threats facing modern companies. For a manager or a CEO, there is nothing more unpleasant than a phone call in the middle of the night, informing him that there is a breach in the database. Such events compromise thousands and in some cases even millions of users and put them at risk regarding their personal information. The personal data might become publicly available online and even used. Therefore more and more modern business structures are beginning to invest more in cyber security. It is not an easy decision, but for many companies, it is a small price to pay when they think of the consequences.
When talking about the damage that may occur after a data breach, we must say that it can be very diverse in its nature but equally serious. As an example, consumer trust often takes the first and often the biggest hit. Companies that are victims of such leaks often suffer the biggest damage in the form of a decline in consumer’s trust and therefore interest in the products and services they offer. This leads to a steep decline in profits and as a result, many companies can’t recover. Secondly, declaring such a leak publicly can lead to a number of lawsuits against the company for its lack of action to prevent the leak in the first place. Third but not last, such leaks may attract sanctions from local government or European authorities, which are gradually beginning to impose stricter control in this area (GDPR). Until now, state sanctions have not been considered such a big problem, but in the last 10 years, the regulation in this area has started to become stricter and stricter in the form of the current GDPR legislation.
From a legal point of view, one of the first things that must be done by companies using Big Data is to get acquainted in detail by legal professionals about the legal framework and the requirements that must be met in order to safely use and store such information under the current GDPR legislation. In any occasion, ignorance of the law was never considered to be an excuse in case someone fell under the wrath of the law.
There are approximately 40 standards that provide detailed preparation and guidance on what measures a company can take to meet the requirements set by GDPR. They are included in ISO / IEC 27000 (this is a package that contains information and recommendations on GDPR requirements). These requirements need to be taken very seriously. Sanctions for potential data breach and non-compliance with GDPR obligations can lead to high fines, which in some cases can reach up to 10 million or 2 percent of the company’s annual turnover. This fine is imposed when the company does not notify the competent authorities of a data breach within 72 hours. Here the need for a legal expert in the field is abundantly clear. Determining the “exact moment” from which this period begins to last (given that such leaks are often not immediately found out) is a rather legally complex task. More often, the clear picture of the situation is revealed within a few days. In times such as those, the help of a specially-trained legal professional in this field is invaluable. In addition to giving adequate advice, he can also protect the interests of the company (which may be accused of not notifying the authorities within the legal deadline, but in reality has not been able to do so for obvious and practical reasons). Another threat to the interests of a company is that informing the competent authorities for alleged leakage of information is accompanied by attracting a negative public response. Even if this information is later refuted and it becomes clear that there was no information leak, the damage to the company’s reputation very often remains. Another problem is the very common lack of knowledge or ignorance displayed by various government employees about the technical specifics when dealing with information leaks. Authorities often consider certain delays to be unacceptable, but this assessment is devoid of objectivity due to a lack of knowledge and information. It takes time to find a problem in the database, to establish its nature, and finally to calculate the actual damage. A similar example can be seen in the United States, where a well-known company has received widespread criticism and attacks from regulators for announcing a leak six weeks after they received the first reports of a possible problem. Here again, a well-trained legal specialist in the field can provide priceless help in protecting the interests of the company in the face of too ambitious or misinformed government agencies. In theory, it would seem impractical for many companies to hire legal professionals in the field for a long period of time, but the examples above suggest that the lack of such specialist at a key moment significantly worsens the chances of a company, that has become the victim of such an incident to adequately protect its interests. In situations like those, time is the essence and everything lies in the adequate and most of all quick reaction.
After all, when we talk about the management of large databases, the different risks associated with them (starting with a database breach or sanctions from different regulators) are simply too diverse. It would be a mistake for a company using Big Data not to take advantage of a legal specialist in this field. True, such problems are relatively rare, but if a company does become a victim of a data breach the advice and assistance of a professional in the field, familiar with the company and its practices is invaluable. Many companies hire such specialists precisely because the long-term costs of maintaining such staff are relatively less compared to the possible catastrophic financial losses and sanctions that can occur if something happens and a legal specialist is not present.