Just this week, an international eCommerce company — one of the largest eCommerce operators in Southeast Asia — was reported to have been hacked by cybercriminals.
According to the report, the personal sensitive information and data of about 18 million of the company’s users were illegally obtained and posted on the Dark Web at a Chinese hacking forum. Sensitive information such as user names, mobile numbers, email addresses, IDs, birthdates, and mailing addresses were believed to have been compromised.
A day after the report, however, the company firmly denied that any of its customers’ information had been accessed.
Now, whether the initial report was true or not, the question of why hacking is so rampant begs to be answered. But rather than deal with the negative questions about hacking, let us deal with the positive side of the equation — why are data protection and data privacy so important?
There are two parties that benefit from data protection and data privacy.
The first party is the individual. An individual’s right to data protection and data privacy are fundamental rights protected by law. In the Philippines, we have Republic Act 10173, also known as the Data Privacy Act of 2012. In other jurisdictions, such as the European Union, there is the General Data Protection Regulation (GDPR) which came into force in May 2018.
Data protection and data privacy empower individuals to maintain control over their personal information. They allow them to decide how their data is collected, used, stored, and shared. By respecting individuals’ autonomy, data privacy ensures that personal information is not exploited without the individuals’ consent, or worse, misused.
Further, data protection and data privacy safeguard individuals’ personal information from unauthorized access, ensuring that delicate data such as social security numbers, financial records, and health information remain secure and inaccessible. By maintaining control over their personal data, individuals can mitigate the risks of identity theft, fraud, and other data usage harmful to them.
The second party benefitted by data protection and privacy are the entities that process data in the course of their business operations. Entities that display care and have a high regard for the data of their customers are more reputable and trustworthy and elicit more business from their loyal customers and the public. A company known for its diligent approach to data protection and privacy is more likely to retain current users and invite more new customers.
An entity with strong data protection and privacy safeguards not only protects individuals’ or customers’ personal data, but also the entity’s own proprietary data. The lack of these safeguards may result in considerable problems, which may damage the goodwill and reputation of the entity.
Dealing with the aftermath of a personal data breach — such as contacting individuals and other users affected by the hacking; having to potentially pay fines and damages to those whose data had been compromised — is costly and time consuming. The legal cost of hiring lawyers to defend against lawsuits is small compared to the reputational cost that may result from a data breach.
The age we are in right now — the age of digital transformation — has unlocked a lot of benefits and opportunities. It has positively impacted how we work, live and play. To be included in this ecosystem requires individuals to share and store data across multiple platforms. But data breaches are bound to occur.
We shall not be deterred but instead learn how to control and manage the risks involved. The improvement in our lives brought about by the new age shall not be negated by the malicious actions of some groups and individuals. Let us continue to be vigilant against these criminal perpetrators. And let us prioritize the protection and privacy of data in our everyday dealings.