Although new technologies present new disruptions and unlimited application scenarios, defined policies and standards to guide their implementation and use often come very late – leading to their impetuous application. This has in the past led to serious data breaches due to the unparalleled capabilities they bestow. Although most of them come with implementation frameworks, such frameworks are initially technical and not contextualized for use in different projects. They additionally encounter fledgling and limited expertise.
European Union’s (E.U.) General Data Protection Regulation (GDPR), which took effect on May 25, 2018, exerts compliance. Noncompliant organizations could face massive fines, whether they are in the E.U. or are based elsewhere but improperly process personal data within an E.U. country. The Cookies Policy had preceded it a while ago; currently, the policy is under reviewed for implementation as an ePrivacy Regulation that will ensure confidentiality of communications. Its application will be enforced on both individuals and legal entities. Moreover, the California Consumer Privacy Act (CCPA) is a bill that enhances privacy rights and consumer protection for residents of California, United States. There are several other country and regional laws and regulations on data security and privacy.
It is common knowledge that compliance with security and privacy policies and regulations is pegged on systems development practices. Furthermore, these are aspects of system development that must be built on and not added on the systems belatedly. However, developing a secure system is a daunting task that quite often than not forces most organisations’ to develop systems while in total disregard of security and privacy of the data they store, process and publish.
Having country or regional data protection laws and regulations can subdue this problem, however, most government tend to shy away from this responsibility, consequently leaving an open hole for data privacy and security breaches. This has left personal data held in countries with no data protection laws at the mercy of system developers, owners and sometimes users. A major threat to data privacy in 2019 is AI driven malware attacks that can transform to another form when detected and that subterfuges intrusion detection systems. This kind of attack can only be addressed by having immutable systems that forestall data modification, delineate threats and guarantee data privacy.