Google’s do no evil does harm in latest data breach
This just in. Too big to fail has been replaced by too big to notify. First, the news:
According to the Wall Street Journal, “A software glitch at Google gave outside developers potential access to private Google+ profile data between 2015 and March 2018 when the glitch was discovered and fixed.” The Google software glitch gave outside developers access to user profile data such as full names, email addresses, birth dates, gender, profile photos, places lived, occupation and relationship status.
The issue isn’t that a data breach occurred. It’s the appearance that the company buried the bad news because it could trigger regulatory interest. There’s a sense of a complete disregard for breach notification rules, as if such notifications would be bad for business. The last thing Google wants is a comparison to Facebook’s leak of user information to data firm Cambridge Analytica.
How do you manage risk in a world where even the tech giants don’t tell you when your data isn’t secure? The answer is about being comfortable in your own skin and knowing what to do when your organization experiences a data breach.
According to the Wall Street Journal, Google has taken action, from closing down Google+ to implementing new data privacy measures. Google Chief Executive, Sundar Pichai, is scheduled to appear before Congress in the coming weeks and Google’s reputation could take a hit.
But is the damage already done? Compliance Week speculates that Google’s hidden breach could be a regulatory tipping point. For any business, it’s business as usual until the new normal arrives. It means managing risk, including data privacy risk, no matter what the tech giants do.
The Google data breach is a teachable moment for all businesses. Follow your industry standard or regulation governing data protection and privacy. Develop a process for revisiting controls, policies and procedures when regulatory requirements change. In the event of a data breach, comply with the standard or regulation’s breach notification requirements.
If data privacy sounds like red tape, enlighten your perspective with the value of data and ownership rights. The treasure-trove of customer data collected helps facilitate customer engagement, informs marketing efforts, provides insights for product development and more. Access to data that belongs to each customer means your company has responsibilities; it’s up to you to protect customer privacy and responsibly handle customer data.
Learn about the constant vigilance of continuous security monitoring.
Learn about SecOps and how it protects against the challenges of cybercrime.
Learn about NIST SP 800-53 Rev. 5 and the updates it brings.