A Little Privacy, Please! Exonar Latest News

A little privacy, please!

What We’ve Been Reading And Writing This Month

Facebook Privacy – Sky News Interview
Plus – ePrivacy is a priority in 2019
And – new product features!
Facebook Privacy – Sky News
Our Data and Privacy Director, John Tsopanis was invited to discuss the parliamentary report on Facebook’s fake news scandal live on the Sky News, Sunrise programme.
Get our free GDPR report
ePrivacy is a 2019 Priority
Sweeping GDPR Fines from German Regulator mean online tracking regulations will tighten in 2019.
Plantatreeforprivacy: the impact of GDPR when privacy regulations change
New Feature: Enhanced Search
Search just got better! With our new Enhanced Search feature, users can now benefit from  simple search, phrase search, proximity search, fuzzy search, must/not include, and so much more.
Get our free GDPR report
New Feature: Topic Extraction
Another new and exciting feature now available in our ever-growing data discovery platform. Users of this new feature will benefit from understanding the topics that summarise their data.
Democracy Disrupted: Data Privacy, Social Media and Election Interference
On March 5th, 2019 our Data & Privacy Director, John Tsopanis spoke at the Data Protection Forum event in London. His talk is presented here in article form.
Some users are said to be unaware that their data had been used for a facial-recognition project.
How the GDPR will disrupt Google and Facebook
Uber drivers in the U.K. are filing a lawsuit against the company over allegations the firm has continuously broken European data protection laws.
Due to time constraints during Exonar’s ‘Thriving in Generation Privacy: Capitalising on DSAR Data from the Field’ IAPP webinar, it was not possible to address all the questions asked, but you can find them all listed here.
Utterly unrelated (Maybe a bit): No privacy for parents!
Even for the likes of Professor Robert Kelly when he was being interviewed live on BBC News about South Korea. Watch it again here!

We are committed to respecting your privacy and protecting your personal information. We try hard to make our communications with you interesting and relevant and always with a view to providing insight into our industry challenges and their solutions. If this Newsletter is not relevant you can unsubscribe using the link below. We promise not to spam you.

 

Democracy Disrupted: Data Privacy, Social Media & Election Interference

Democracy Disrupted: Data Privacy, Social Media and Election Interference – Summary of Data Protection Forum speech

On March 5th, 2019 our Data & Privacy Director, John Tsopanis spoke at the Data Protection Forum event in London. His talk – ‘Democracy Disrupted: Data Privacy, Social Media, and Election Interference’ is presented here in article form.

 

When discussing social media, it’s important to understand that it is a visual media; a visual media that has the power to evoke powerful emotions in the individual, groups of individuals, tens of millions of individuals whose relation and opinion of the world is formed by the content they consume. So, when we talk about the scale of political disinformation campaigns we are attempting the impossible, trying to articulate the psychological impact that billions of messages are having on the psychology of tens of millions of individuals. The scale of influence is critical; according to data from Nielsen, Americans spend an average of 10 hours and 39 minutes consuming media across their devices every day. Specifically, five hours per day are spent on mobile devices. What we see on our screens is now the overwhelming driver of political opinion and consensus.

UK Parliament DCMS Fake News Report

UK Parliament’s DCMS report into fake news, disinformation and interference into Brexit concludes that data privacy rights were violated by Facebook and Cambridge Analytica during the Brexit referendum, and tens of millions of people were microtargeted with political disinformation as a result. The DCMS conclude that the institutions that are designed to protect us from this type of abuse are not fit for purpose nor appropriately funded. The DCMS have called for urgent action to safeguard our democracy from microtargeted political disinformation campaigns, funded by countries like Russia, that aim and are succeeding at fracturing the British political consensus into gridlock.

The DCMS acknowledge that the GDPR has been a necessary first step in establishing privacy rights for British citizens, but more protections are needed to safeguard citizens’ online safety given the privacy violations that have already occurred.

The DCMS report summarises as follows:

“We have always experienced propaganda and politically-aligned bias, which purports to be news, but this activity has taken on new forms and has been hugely magnified by information technology and the ubiquity of social media. In this environment, people are able to accept and give credence to information that reinforces their views, no matter how distorted or inaccurate, while dismissing content with which they do not agree as ‘fake news’. This has a polarising effect and reduces the common ground on which reasoned debate, based on objective facts, can take place. Much has been said about the coarsening of public debate, but when these factors are brought to bear directly in election campaigns then the very fabric of our democracy is threatened.

This situation is unlikely to change. What does need to change is the enforcement of greater transparency in the digital sphere, to ensure that we know the source of what we are reading, who has paid for it and why the information has been sent to us. We need to understand how the big tech companies work and what happens to our data.

In a democracy, we need to experience a plurality of voices and, critically, to have the skills, experience and knowledge to gauge the veracity of those voices. While the Internet has brought many freedoms across the world and an unprecedented ability to communicate, it also carries the insidious ability to distort, to mislead and to produce hatred and instability. It functions on a scale and at a speed that is unprecedented in human history. One of the witnesses at our inquiry, Tristan Harris, from the US-based Center for Humane Technology, describes the current use of technology as “hijacking our minds and society”. We must use technology, instead, to free our minds and use regulation to restore democratic accountability. We must make sure that people stay in charge of the machines.”

Data Privacy and British Democracy

The problem British democracy faces has two core components:

The first is the need to safeguard personal privacy and restrict the ability for personal data to be harvested, profiled and leveraged at scale by unknown actors. The GDPR has given individuals the rights to access and erasure which offer a solution for the individual, but if the organisations conducting the microtargeting are unknown and/or criminal it is very difficult for the individual to exercise these rights. What is needed is greater capacity for enforcement.

The suggested solution from the DCMS is to impose a 2% levy on big data and social media companies and ring fence that into funding the ICO’s enforcement work. This will allow the extension of powers offered to them under the GDPR which will enable them to identify, investigate and take down dark data and disinformation operations at scale. It is the international scale of operations working against British democracy through the vehicle of unregulated social media that has overwhelmed our current domestic regulatory bodies and our politics. Therefore, an urgent boost to the resources of the regulators is needed to tackle this problem at source.

The second problem is tackling disinformation. The DCMS has called for the following:

“There is now an urgent need to establish independent regulation. We believe that a compulsory Code of Ethics should be established, overseen by an independent regulator, setting out what constitutes harmful content. The independent regulator would have statutory powers to monitor relevant tech companies; this would create a regulatory system for online content that is as effective as that for offline content industries.

As we said in our Interim Report, such a Code of Ethics should be similar to the Broadcasting Code issued by Ofcom—which is based on the guidelines established in section 319 of the 2003 Communications Act. The Code of Ethics should be developed by technical experts and overseen by the independent regulator, in order to set down in writing what is and is not acceptable on social media. This should include harmful and illegal content that has been referred to the companies for removal by their users, or that should have been easy for tech companies themselves to identify.

The process should establish clear, legal liability for tech companies to act against agreed harmful and illegal content on their platform and such companies should have relevant systems in place to highlight and remove ‘types of harm’ and to ensure that cyber security structures are in place. If tech companies (including technical engineers involved in creating the software for the companies) are found to have failed to meet their obligations under such a Code, and not acted against the distribution of harmful and illegal content, the independent regulator should have the ability to launch legal proceedings against them, with the prospect of large fines being administered as the penalty for non-compliance with the Code.”

The scale of disinformation on social media platforms is the current largest threat to British democracy. It’s one that data privacy professionals have yet to truly understand, primarily because the 20% professional class are rarely the targets of micro targeted disinformation campaigns due to their inferred socioeconomic status. This perfect storm has meant that our privacy legislation now lags significantly behind the technology that needs to be regulated and there is an overcompensation needed to correct course.

Cambridge Analytica, Disinformation and Brexit

Cambridge Analytica were responsible for delivering the Trump and Leave.EU Brexit social media campaigns.

‘Today, in the United States, we have close to 4000 to 5000 data points on every individual. So we model every personality across the United States, some 230 million people’ – Alexander Nix, CEO of Cambridge Analytica, October 2016

See 6:40-11:07 for Channel 4’s undercover reporting of Cambridge Analytica’s political disinformation tactics:

The integrity of the information supply is the cornerstone of a free and functioning democracy

“A democracy needs good quality information, and fair distribution of that information in order to articulate, aggregate, and defend its own national interests. Without it, democracy falls.” said Professor AC Grayling, moral and political philosopher, and author of over 30 books on ethics, philosophy and the history of human rights. He also went on to say:

“In a mature democracy, citizens must be free to choose the information they consume, and to be able to easily identify and trust the source of that information at the point of consumption. The ability for citizens to do this, to opt out of illicit messaging from untrusted sources, is what we might consider exercising our right to privacy. Without these freedoms, we cannot meaningfully escape unwanted influence, and in a truly Orwellian sense, our vulnerability to psychological manipulation by unknown individuals and organisations makes us all less free”.

Foreign Interference in Brexit

The DCMS, along with tackling data privacy violations and disinformation, has also called for an urgent investigation into Russian interference into Brexit. The aim is to investigate the source of Mr Aaron Banks’ £9m donation to the Leave.EU campaign; the largest donation in British political history – the source of which is still unclear.

What is clear is that the disinformation networks that were operating during the Brexit referendum are still active and more effective than ever. The prevalence of known Kremlin Twitter and Facebook accounts amplifying pro-Brexit politicians (e.g. Conservative members of the “European Research Group” known as the ‘ERG’) and pro-Brexit social media pages like Leave.EU and Westmonster are deep cause for concern for British citizens. Leave.EU alone generated 661,000,000 impressions on Facebook and 221,000,000 impressions on Twitter in 2018.

The full nature of this relationship must be investigated by an Independent Counsel similar to the USA’s Mueller Enquiry, an enquiry that is investigating the Trump Organisation’s ties with Russia, and revealed to the public as a top priority.

Conclusion

Britain needs to take back control of its politics and to do so it needs to take back control of its data, give the necessary regulatory bodies the investigative and enforcement powers needed to conduct investigations at scale. It should create new institutions that are fit for holding social media companies accountable for disinformation campaigns run through their platform.

Have we got news for you! Exonar Latest News

Have we got news for you!

What We’ve Been Reading And Writing This Month   

‘Thriving in Generation Privacy’ – Webinar hosted by IAPP
Plus – Exonar ON the news and IN the news!

 

UK to raise the bar on Cyber Security – Sky News Live Interview

 

 

Our CEO, Adrian Barrett spoke live on Sky News following the Government’s announcement of £70m investment into UK cybersecurity.

 

Get our free GDPR report
Missed our IAPP webinar? Watch ‘Thriving in Generation Privacy’

 

 

‘Thriving in Generation Privacy: Capitalising on DSAR Data from the Field’ – If you missed our free webinar, you can now watch it here.

 

Trump, Brexit, Cambridge Analytica – Global Data Privacy Regulations

 

 

John Tsopanis, Exonar’s Data & Privacy Director looks back at the last 12 months and considers what we should expect in 2019.

 

Plantatreeforprivacy: the impact of GDPR when privacy regulations change
Beringea Leads £6.5m Investment in Exonar Alongside Downing Ventures

 

 

Transatlantic venture capital investor, Beringea, has announced that it has led a £6.5m investment in Exonar alongside Downing Ventures.

 

Get our free GDPR report
CCPA: California’s Answer to GDPR Set to Raise the Bar in US Privacy

 

 

Just like buses, two data provacy regulations arrive at the same time. How will CCPA impact trade with America?

 

The Gift of Charity – Reducing Data Labour Post-GDPR

 

 

What can the charity sector learn from industry on closing the compliance gap, whilst also not draining resources needed to provide essential services?

 

How the GDPR will disrupt Google and Facebook
The 6 Essentials of the DPO’s Toolkit for 2019

 

 

With enforcement set to take centre stage in 2019, what essentials do data leaders need to keep themselves out of the crossfires of regulators?

 

Amazon, Apple, Netflix, Spotify and YouTube under scrutiny over SARs

 

 

Strategic complaints filed against tech giants over failures in how the services respond to data access requests.

 

Google hit with €50m GDPR Fine for Transparent Data Consent Policies

 

 

GDPR fine for Google by the CNIL for a breach of the EU’s data protection rules.

 

Get our free GDPR report
Exonar is Hiring!

 

 

Exonar has several current vacancies across various departments. Take a look and see whether your next career move could be with us.

 

The Utterly Unrelated Section

 

 

Our CEO had a very successful interview on Sky News earlier this week. It was far too polished to ever make it into this montage of the top 10 worst ever UK news fails!

 


 

We are committed to respecting your privacy and protecting your personal information. We try hard to make our communications with you interesting and relevant and always with a view to providing insight into our industry challenges and their solutions. If this Newsletter is not relevant you can unsubscribe using the link below. We promise not to spam you.

 

ePrivacy a 2019 Priority – Online tracking regulations to tighten

Sweeping GDPR Fines from German Regulator Send Clear Message; ‘ePrivacy is a 2019 Priority.

 

A new ePrivacy Regulation that tightens rules for online ‘tracking tools’ such as cookies is expected to replace the ePrivacy Directive in late 2019.

Its importance was emphasised last week when the German DPA (Data Protection Authority) announced that they intend to fine forty organisations for using ‘tracking tools’ on their websites, violating the GDPR.

With ePrivacy Regulation set to tighten GDPR rules on ‘tracking tools’, the announcement of sweeping fines for non-compliant cookie practices under GDPR sends a clear message to organisations in 2019: ‘ePrivacy is a priority’.

How will ePrivacy Regulation seek to protect personal privacy?

The ePrivacy Regulation will outline how organisations must uphold Article 7 of the Charter of Fundamental Rights of the EU which guarantees individuals the right to a private life and private communications.

Where the GDPR has a focus on protecting personal data, ePrivacy Regulation will have a specific focus on protecting personal privacy, seeking to empower individuals to opt-out of unwanted data tracking, processing and digital communications.

The ePrivacy Regulation will be ‘lex specialis’ to the GDPR, detailing specific applications of the rules within the scope of the GDPR. The ePrivacy Regulation will specify rules for the use of:

  • Online tracking technologies
  • Citizen profiling and behavioural advertising
  • Metadata processing and brokerage, i.e. geolocation, IP address and device number
  • IoT – Smart Device communications
  • Spam marketing

Why is protecting personal privacy and the integrity of digital communication important?

The profiling and microtargeting of 87 million UK and US citizens by SCL/AIQ/Cambridge Analytica with disinformation from 2016 onwards has been cited in Parliamentary Enquiries across the world as direct evidence for the need for ePrivacy Regulation.

A vast unregulated network of data tracking technologies, profiling softwares and microtargeting practices has left citizens vulnerable to unsolicited digital influence. These practices leave citizens with little control over who is collecting, analysing and leveraging their personal information for commercial and political gain as they browse the internet.

ePrivacy Regulation will allow for GDPR size fines against firms who perform data tracking without consent which will lead to a collapse in data tracking practices. This will help re-establish establish boundaries between citizens and the private and political actors who wish to influence them. It will also allow citizens to better distinguish between legitimate and illegitimate actors in the online space, and provide a fundamental safeguard to ensure that Article 7 of the Charter of Fundamental Rights of the EU is upheld.

How are regulators signalling that ePrivacy is a priority?

The German DPA has taken a major step towards enforcement on ePrivacy by announcing fines for forty large organisations who were found to be tracking visitors on their websites without appropriate consent. The German DPA audited forty “large websites” from the following industries:

(a) Online retail;
(b) Sports;
(c) Banking & insurance;
(d) Media;
(e) Automotive & electronics;
(f) Home and residential; and
(g) Other.

The investigation showed that all forty websites had non-compliant cookie practices with “tracking tools” inappropriately integrated into their sites.

The three major violations found were:

1. No Active Cookie Consent – Cookies and tracking technologies were gathering data on users before obtaining consent. The German DPA said that most of the forty websites used cookie banners to inform users about cookie usage but none of these banners resulted in active consent being obtained from the user before the cookies gathered user data.

2. No Informed Cookie Consent. Thirty of the forty cookie policies were ‘insufficiently transparent’. The German DPA defines ‘sufficiently transparent’ as: a) individually identifying all cookies/trackers (and presumably the companies behind them); and (b) letting users know the specific purposes for which data collected by the identified cookies will be used.

3. Third Party Processing Without Consent. Most of the 40 websites automatically sent data to third-party cookie providers as soon as a user visited the website.

How will the ePrivacy Regulation affect your organisation?

Organisations will have to adapt their cookie practices to adhere to the new regulation, most likely moving to an explicit and informed opt-in consent mode for advertising cookies. There will also be specific requirements in assessing the legitimacy of third party data processing and brokerage of metadata. Organisations will be required to demonstrate a higher level of due diligence/data auditing for third party data processors and have accurate records of data processing in preparation for heightened scrutiny from regulators.

Beringea Leads £6.5m Investment in Exonar Alongside Downing Ventures

Sector leading data discovery and governance platform, Exonar, a vital tool for the modern data age

London, 21st January 2019: Transatlantic venture capital investor, Beringea, has announced that it has led a £6.5m investment in Exonar, a leading data discovery and management software firm. Downing Ventures, the early stage investor, has also participated in the round alongside notable existing investors, Amadeus Capital Partners and Winton Ventures.

Enterprises are facing a fundamental change in the way they process and store information. An exponential increase in data volume means organisations must find new ways to understand the risk as well as the opportunities in their data. Driven by new regulation, cyber threats and competition, organisations who use data they hold effectively will survive and thrive.

Exonar discovers an organisation’s most sensitive, valuable and personal information. By simply plugging Exonar into a network, an instant view of all structured and unstructured data is provided, enabling the creation of inventories, security of sensitive data and regulatory compliance.

Recent research by EY found the UK’s largest firms spent over $1.1bn to comply with the EU General Data Protection Regulation (GDPR) before it came into force in May 2018, while the same research found that Fortune 500 companies had spent $7.8bn.

Data discovery technology is proving vital to businesses that can easily hold petabytes of data across their entire information estate. The significant growth of data value has led to industry analysts estimating that the global data governance software market will grow 22 per cent annually over the next five years to a value of $3.5bn by 2023. Exonar is well positioned to provide the technology needed to support this extensive growth.

Exonar was founded by Adrian Barrett, a visionary with substantial experience in data, analytics, and information security who has previously worked for Cisco and Lumeta, a global network data specialist. He is supported by an experienced management team with decades of leadership experience in global cyber security and technology companies such as BT, Fujitsu, Veritas, Symantec and EMC.

Adrian Barrett, CEO and Founder, commented: “These are exciting times for Exonar. To receive significant backing from Beringea and Downing Ventures reinforces our belief that the Exonar platform has a significant role to play in enterprise-level data discovery and management. We have a clear vision for future development and the investment will enable us to further enhance our product, enabling our customers to meet current and future data demands such as GDPR and CCPA swiftly, simply and at scale.”

“Data is the backbone of modern business. And yet, it also poses an existential risk, which has traditionally required substantial resources and investment to manage. Exonar transforms this dynamic with a platform that maps and understands petabytes of information in seconds.” Stuart Veale, Managing Partner of Beringea, commented: “Beringea has backed Exonar’s leadership and pioneering technology to create a cornerstone of data governance.”

James Lewis, Investment Director at Downing Ventures, commented: “Not a day goes by that we don’t hear about the importance of accessing and making better use of data in all our businesses – Exonar is at the forefront of shaping and solving this challenge and we’re delighted to be part of the journey with Adrian and the team.”

– ENDS –

Notes to editors

Media contacts:

Henry Philipson, Head of Communications, Beringea

Email: hphilipson@beringea.co.uk

Mobile: +44 (0)7837162546

About Exonar

Exonar is a data discovery software company based in Newbury, Berkshire. Founded in 2013 by Adrian Barrett (CEO), Exonar discovers an organisation’s most sensitive, valuable and personal information, therefore providing the answer to an all-too-common statement – “I just don’t know what I’ve got”.

By simply plugging Exonar into a network, an instant view of all structured and unstructured data is provided, enabling the creation of inventories, security of sensitive data and regulatory compliance.

For more information, please contact Exonar: Tellmemore@exonar.com

About Beringea

Beringea is a highly active growth capital investor with $715m under management and offices in the UK and US. It supports high-growth businesses with annual revenues of more than £1 million, investing between £1 million and £20 million to help companies scale.

With a successful track-record of investments spanning 30 years, Beringea has more than 60 portfolio companies across its US and UK offices. The company has a history of strong partnerships with management teams, often reinvesting in its successful entrepreneurs.

Its core areas for investment include digital media, business software and services, and consumer industries. With an extensive range of expertise across the team, and an ability for spotting and following opportunities, Beringea’s portfolio includes companies in a range of sectors, and its team continues to be at the forefront of emerging trends.

http://www.beringea.co.uk/

About Downing Ventures

Downing Ventures is an evergreen fund investing in seed to Series A companies, with the possibility of follow-on investments. It invests in a variety of technology sectors including consumer internet and mobile, enterprise software, financial technology and health technology. The fund has a portfolio of around 45 companies as of October 2018. Downing Ventures work alongside a number of investment partners and accelerator programmes and incubators, including the London Co-Investment Fund.

 

The Gift of Charity – Reducing Data Labour Post-GDPR

Charities are under-resourced by design; there is always more that can be done to help, yet resources are often limited.

Many operate across multiple jurisdictions, have donors from around the world, and rely on technology to connect workers to the people and processes in need of their support. With a decentralised working model and resources always feeling stretched, charities are under pressure to both optimise and protect their data.

This pressure has led to bad data practices in the past. In 2017, pre-GDPR implementation, the ICO fined 11 charities for misusing personal data. The charities in question set out  to create more targeted profiles of potential donors, and shared data between themselves to create large common pools of donors. Those charities and fines were as follows:

  • The International Fund for Animal Welfare – £18,000
  • Cancer Support UK – £16,000
  • Cancer Research UK – £16,000
  • Guide Dogs for the Blind Association – £15,000
  • Macmillan Cancer Support – £14,000
  • The Royal British Legion – £12,000
  • The NSPCC – £12,000
  • Great Ormond Street Hospital Children’s Charity – £11,000
  • WWF-UK – £9,000
  • Battersea Dogs and Cats Home – £9,000
  • Oxfam – £6,000

In a post-GDPR world, the fines would’ve been higher; an eventuality nobody in the data protection industry would want to see come to fruition against any charitable organisation.

In order to prevent a repeat of 2017 in a world with higher consequences, charities are seeing data privacy and data protection both as a necessity (for GDPR compliance) and as an opportunity (taking control of your data leading to improved donor targeting and performance analytics).

However, a webinar of 300 prominent charity sector leaders, hosted by Advance in April 2018, revealed that only 5% of attending charities felt they were GDPR compliant, with 75% saying there was significantly more work to do.

So, what can the charity sector learn from industry on closing the compliance gap, whilst also not draining resources needed to provide essential services?

Organisations are turning to technology to solve the data problem, and free up their time

The latest International Association of Privacy Professionals (IAPP) and EY Information Governance report showed that:

  • Amongst companies preparing for GDPR, 57% were investing in technology in 2018, up from 27% in 2016.
  • 68% of programme leaders now say data inventory and mapping is a priority, up from 48% in 2016.

Data Protection Officers spend most of their time trying to answer, ‘What data do I have? Where is it? Who has access to it? How is it secured?’ and in 2019 it’s no longer possible to be literally ‘hands-on’ with data. It’s therefore no surprise that organisations are turning to data discovery and privacy compliance technologies to ease their data burdens.

The era of the technology enabled DPO is here – what do I do?

3 simple steps for identifying and deploying technology to help you with your DPO role:

  • Discover your data – Identify which repositories, applications and platforms hold personal data and monitor those repositories
  • Define bad data practices – Define sets of rules for each area of your business processes that use personal data. Ensure those rules are configured into your technology and triggers defined for identifying bad practices/data breaches
  • Communicate findings to the organisation – Let the team know about the trends you’re finding in personal data and let the organisation know where things need to be improved or where things are going well. Communication is key for data leadership.

By protecting personal data, charities can safeguard themselves from the regulators and maintain focus on the essential service they provide. Here’s to a more secure 2019!

Trump, Brexit, Cambridge Analytica – Global Data Privacy Regulations

Privacy legislation advanced leaps and bounds in 2018 with Europe (GDPR), California (CCPA) and India (PDPB) pioneering the way for privacy protection for their citizens.

For many organisations, 2018 was the year that ‘data privacy’ became the two most cumbersome words in the professional lexicon.To comply with new legislation, organisations assessed their data practices and ability to protect citizens’ privacy rights in accordance with new legislations. With GDPR fines of up to €20m or 4% global turnover, 2018 was the year that businesses started taking data privacy seriously.

2018 Key Privacy Events

Europe and the GDPR – May 2018

Europe implemented the GDPR in May 2018 providing European residents the right to access and erase their personal information upon request, whilst mandating organisations to report security breaches to affected citizens.

In the UK, reporting of data breaches to the Information Commissioner’s Office (ICO) increased by 260% in the three months after May 2018 compared to the same three months in 2017; a remarkable cultural change in identifying and reporting data breaches.

The ICO also levied its first successful fine against AIQ, the Canadian data firm linked to Cambridge Analytica, before levying another fine against Cambridge Analytica itself for failing to comply with a data subject access request (SAR) from Professor David Carroll.

Key Privacy Trigger:

Cambridge Analytica, Brexit and Trump – 87 million US and UK citizens were psychologically profiled and micro targeted with political messaging and misinformation to influence the Brexit and Trump vote. There are 11 ongoing criminal enquiries into breaches of electoral law in the UK and illegal data practices are the cornerstone of those investigations. These investigations will escalate and conclude in 2019 heightening citizens’ understanding of how their privacy rights were abused.

USA and the California Consumer Privacy Act (CCPA) – July 2018

California announced the incoming CCPA which will come into effect on January 1st 2020. The CCPA provides similar rights to access and erasure as the GDPR, and also requires organisations to disclose which third parties they buy and sell personal data from upon request.

The CCPA has led to New York following suit with data privacy regulation of its own, and there are talks of federal privacy law being developed in 2019 as the complexity of state-by-state data privacy laws seem too impractical to overcome. This point was made clear after the two largest American data breaches of 2018 affected Americans across all 50 states.

  • Exactis – 340 million records breached
  • Marriott Hotels – 323 million records breached

Key Privacy Trigger: California Consumer Privacy Act and the right for Americans to sue

The CCPA provides California residents with a private right of action, allowing individuals to pursue their own lawsuits against organisations (rather than waiting for regulatory enforcement action). Individuals can enact this right when a breach occurs due to a demonstrable lack of appropriate security controls.

In the USA, a litigious society, we can expect the individual right to sue to drive interest in data privacy rights at a quicker rate than in the build up to the GDPR, which will in turn lead to federal calls for those same data privacy rights.

India and the Personal Data Protection Bill (PDPB) – September 2018

6 months after the Indian national identity system was breached exposing the data of 1.1 billion Indians, India announced their personal data protection bill. Openly modelled on the GDPR, the PDPB gives Indian citizens rights to access, erasure and the right to report breaches to a new Indian data protection authority (DPA) that will also have the power to influence rulemaking (unlike the ICO in the UK) and levy hefty fines.

The PDPB will also include sectoral consideration vis-a-vis the CCPA, and include provisions for national security concerns similar to the Chinese data protection regulations (CDPR).

Key Privacy Trigger – Aadhar Data Breach

In March 2018 a breach of India’s national identity database left personal and biometric information of 1.1 billion Indians exposed. The data was of sufficient detail to open bank accounts, enrol in state financial programmes and register SIM cards, sparking a nationwide debate on data privacy, national security and a 6 month turnaround to announcing the PDPB.

What to Look For in 2019

  1. Public outrage at AI’s abilities to psychologically profile and microtarget citizens in real time

The investigations into AIQ/SCL/Cambridge Analytica’s role in both Brexit and Trump campaigns will escalate through 2019. As indictments are served in relation to data crimes, the public will develop an understanding of how AI algorithms psychologically profile and microtarget them in real time.

The focus on authoritarian regimes’ use of these data practices to suppress opposition via social media platforms will come under specific scrutiny. This will lead to a strengthening of the political movements calling for AI transparency and major regulatory reform for big tech and microtargeting data practices.

  1. Big Tech vs Regulators battle it out over US federal privacy law

The fight over details of the CCPA are ongoing and we can expect the lobbyists of Google, Amazon, Facebook and Apple to continue actively resisting tighter regulation at each opportunity. We can expect pushbacks on citizens rights to access data, a sparking of a conversation surrounding consent for data usage, and an attempt by journalists to reveal the network of third party data analytics firms who would be the worst violators of new data privacy laws.

  1. The first £100m GDPR fine?

It is difficult to understand the privacy impact of a data breach, especially when the number of citizens affected runs into the hundreds of millions. These are numbers too large for individuals to comprehend but the privacy impacts will be accounted for by regulators in the form of mega fines in 2019.

The maximum fine for Facebook under the GDPR is an approximated $1.6bn and with investigators across the world scrutinising the data practices of multiple technology companies, 2019 could be the year of the first truly eye-watering fine.

We’re Hiring – System Integration & Support Engineer

System Integration & Support Engineer

Location: Newbury & Client Sites

Passionate about customer success? Tenacious about support? Driven to do what’s needed, not what’s easy? If the answer to these is yes then Exonar could be the the perfect home for you!

We’re on the lookout for smart, motivated engineers to join our system integration and support team to help our customers achieve great things!

Our platform uses a mix of big data, machine learning and other cool tech to understand & manage information simply, instantly and at scale. It’s deployed as part of a large information governance, data discovery and GDPR programmes – hence why we call it system integration and support.

You’ll be part of a small technical team working with clients. There’s a large engineering team to back you up and a client consulting team to help customers get the best out of the platform once it’s deployed.

It doesn’t matter if you’re an old hand, new to the game or looking to get away from the corporate grind – what matters to us most is your attitude.

Exonar Culture

Exonar is a fun and friendly place to work, benefitting from a start up culture and the opportunity to work with and learn from a fantastic group of colleagues. You will be working on new challenges every day and will find yourself pushing the boundaries of your knowledge and developing new skills frequently.

A huge benefit of working for Exonar is the flexibility you’ll have in developing yourself and shaping your role. You will work with a supportive and close knit team, and will have responsibility for delivering client success and the opportunity to drive the growth of the company from day one.

If you are motivated by solving complex problems with out of the box thinking, and providing solutions that deliver real results, you’ll enjoy Exonar.

Did we mention, there’s a gin club started by the CEO? Don’t be surprised, we also have:

  • Regular company BBQ’s and social events
  • Time for hackathons / meetups / industry events
  • Exonar university
  • Espresso Machine/Beer Fridge/Soft drinks
  • Small office on the side of the canal in picturesque Newbury
  • Anything else you want to start – poker night and standup paddle board club have been rumoured!

For more details and an initial chat, please get in touch.

Responsibilities

  • Ensuring clients get an excellent level of service!
  • Working with customers to Integrate our platform into their environment.
  • Training on admin/use of the platform.
  • Helping our customers when they have a problem or need help.
  • Be proactive – e.g. monitoring, reporting, spotting issues before they get logged and looking for root cause and improvements in the platform.
  • Testing, deployment and troubleshooting of new product features.
  • Innovate and contribute to the uptake of the Exonar platform (this could be process, companion apps, scripts or training and development).
  • Take lessons and feedback from customers into the product and company processes.

Required profile, skills and experience

Proactive system integration and support will come as second nature to you and you’ll be able to demonstrate this through experience in customer facing positions.

The platform is a combination of our own hardware and software integrated as a cluster of appliances for the client. Our stack includes: CentOS; Hadoop; Postgres; ElasticSearch; and custom Java Middleware. We have a container based approach (LXC) and use puppet for software configuration.

We don’t expect you to know all of these but solid experience in linux system administration, networking and application deployment and support is expected.

You’ll be as comfortable demonstrating new features or joining a client call as you will be checking application logs, restarting services and delving into the heart of the system to troubleshoot an issue.

You must be able to demonstrate clear and logical thinking combined with the curiosity to understand the how, what, why and when of our technology.

If this is the role for you please send your CV with a covering letter to tim.cutland@exonar.com

 

We’re Hiring – System Integration & Support Manager

System Integration & Support Manager

Location: Newbury & Client Sites

Passionate about customer success? Tenacious about support? Driven to do what’s needed, not what’s easy? If the answer to these is yes then Exonar could be the the perfect home for you!

We’re on the lookout for a smart, motivated manager to lead our system integration and support team to help our customers achieve great things!

Over the last year we have grown our customer base and product extensively and have ambitious plans for 2019. As a result the team is relatively new so you’ll need a vision for the best customer experience and the drive to make that happen.

Our platform uses a mix of big data, machine learning and other cool tech to understand & manage information simply, instantly and at scale. It’s deployed as part of a large information governance, data discovery and GDPR programmes – this is why we’ve combined support and system integration.

You’ll have a small technical team working with you but don’t panic – there’s a large engineering team to back that up and a client consulting team to help customers get the best out of the platform once it’s deployed.

It doesn’t matter if you’re an old hand, new to the game or looking to get away from the corporate grind – what matters to us most is your attitude.

Exonar Culture

Exonar is a fun and friendly place to work, benefitting from a start up culture and the opportunity to work with and learn from a fantastic group of colleagues. You will be working on new challenges every day and will find yourself pushing the boundaries of your knowledge and developing new skills frequently.

A huge benefit of working for Exonar is the flexibility you’ll have in developing yourself and shaping your role. You will work with a supportive and close knit team, and will have responsibility for delivering client success and the opportunity to drive the growth of the company from day one.

If you are motivated by solving complex problems with out of the box thinking, and providing solutions that deliver real results, you’ll enjoy Exonar.

Did we mention, there’s a gin club started by the CEO? Don’t be surprised, we also have:

  • Regular company BBQ’s and social events
  • Time for hackathons / meetups / industry events
  • Exonar university
  • Espresso Machine/Beer Fridge/Soft drinks
  • Small office on the side of the canal in picturesque Newbury
  • Anything else you want to start – poker night and standup paddle board club have been rumoured!

For more details and an initial chat, please get in touch.

Responsibilities

  • Lead the System Integration and Support team.
  • Own the end to end support and system integration process ensuring that clients get an excellent level of service.
  • Move the customer interaction from a fix-it to a drive-it approach.
  • Innovate and contribute to the uptake of the Exonar platform.
  • Ensure we take lessons from the frontline into product development and company processes.
  • Build up an internal / customer facing knowledge base.
  • Shift the conversation and mindset – we don’t have problems, we have customers!

Required profile, skills and experience

You’ll demonstrate experience in customer facing positions; managing service delivery, system integration and support will come as second nature to you and you’ll have:

  • A career history within the Technology/Software industry
  • Experience implementing systems and processes
  • Experience managing, coaching and growing teams
  • Working with and configuring customer facing ticketing systems.
  • Managing SLA’s and KPIs
  • A Tech-Savvy approach and interests
  • Experience leading and driving support and system integration projects in a technical / product environment.

If this is the role for you please send your CV with a covering letter to tim.cutland@exonar.com

 

Aviate, Navigate, Communicate – Concord Compliance post-GDPR

2018 has been a horror for aviation and data breaches. British Airways, Cathay Pacific, Air Canada, Delta Airlines and Arik Air all fallen victim to major data breaches. In the case of British Airways, a 15-day cyber attack in July compromised 244,000 credit card details. The breach sparked a criminal inquiry by the National Crime Agency (NCA) and BA now faces a maximum fine of nearly £500 million, with the Information Commissioner’s Office (ICO) investigating the incident.

Why is aviation a high risk sector?

Airlines, airports and their service providers process millions of passenger, crew and employee information, customer lists, details of business contacts and sensitive business information across hundreds of jurisdictions. The complex and international nature of aviation and the detailed nature of the personal data required to participate, often across national borders, make aviation an attractive target to attackers, and a difficult one to defend by security professionals.

How should Data Protection Officers react?

According to the Federal Aviation Agency, pilots are given the following priorities: Aviate, Navigate, Communicate. Data Protection programmes within aviation can be analogously prioritised in the same way:

Aviate

“The top priority — always — is to aviate. That means fly the airplane by using the flight controls and flight instruments to direct the airplane’s attitude, airspeed and altitude. The instruments directly in front of the pilot provide important information on how well the pilot is doing with respect to basic aircraft control”

For a Data Protection Officer, basic aircraft control means being able to answer: ‘What data do I have? Where is it? Who has access to it? How is it secured?’. With an oversight of data, DPOs can then start to develop insight.

For that initial oversight, data discovery technology is being turned to as the answer. According to the 2018 EY-International Association of Privacy (IAPP) Information Governance report:

  • Amongst companies preparing for GDPR, 57% are investing in technology in 2018, up from 27% in 2016.
  • 68% of programme leaders now say data inventory and mapping is a priority, up from 48% in 2016.

As the aviation industry comes under increasing scrutiny for the security of its data practices, the minimum that is expected is for those at the helm to have an accurate oversight of their data.

Navigate

Figure out where you are and where you’re going. Turn oversight into insight.

For data protection officers, navigation is about understanding where privacy risk lies, and what needs to be done to mitigate it. Is it in the sales and marketing platform with 8 million passengers? The HR department with the pilots’ files? The partnership programme with the right to work documentation?

Understanding privacy risk means understanding the context of data. To do this, DPOs need to ensure that the uses of data are legitimate, that the reasons for processing are documented, and that the processes are mapped and understood.

  • 68% of programme leaders now say data inventory and mapping is a priority, up from 48% in 2016.

By mapping the business process, DPOs can develop a real, intuitive understanding of where privacy risk lies in the organisation, mapped to a business process that is described in language that the rest of the organisation can understand.

Communicate

Make sure your passengers are aware of standard safety procedures and know what to do in the event of an emergency landing.

Once you’ve mapped your data to your business processes, you can articulate expected data practices for each of those processes, allowing you to deliver tailored training for data protection for your different sets of employees.

The better the oversight and insight into the data estate by the DPO, the better communicated the messages for data protection will be.

In 2018, periodic training and manual data audits have their limits. With new solutions available, creating rules within a data discovery technology to automatically monitor for acts of non-compliance is the way to give the DPO the level of oversight and insight needed to best protect data.

For concord compliance: aviate, navigate, communicate.

John Tsopanis
Data and Privacy Director, Exonar