What are the real consequences of the data, what harm does it do to them? The answer to this question is not unambiguous, since everyone assigns different data to their data. For some people, it does not matter whether and what data is collected and what is being done with them, while others try to limit the amount of data about their faces to the maximum. Therefore, the latter give much more weight to personal damage. Even data theft methods have their own importance and can be systematically divided into two groups: data that can be discarded without problems, and data that remains valid for life.
Passwords and credit card information are easily replaced and cause only limited damage to victims over time. Data on health, personal orientation, or financial status cannot simply be “dumped” and can cause long-term damage. Hackers can embarrass a victim even after many years of data theft. An aggravating factor is the fact that in many cases the victim does not know about the stolen data, so he cannot protect himself or protect himself. In the case of companies, forced release of data not only causes work and costs, but also damages the reputation.
In this case, communication with customers is fundamental, and therefore it is extremely important for the company to properly prepare for the possibility of data leakage. This includes emergency planning, communication preparation, and clear responsibilities. In the event of a data leak, it usually recommends the use of a maximum transparency line for customers. It is important to inform them as soon as possible in order to limit the harmful effects. The secret is to adopt a sober and peaceful communication style.
When a company suffers from data theft, a customer information problem soon arises. The company involved is in a better position to deal with this message. In fact, he is the only one who has an overview of the relevant customers, as well as the type and amount of data stolen, and he can also recommend appropriate measures, including resetting the password. In this case, it is necessary to prevent unauthorized persons from accessing information about the victims.
In the past, I have already received several lists of stolen data. In these cases, he made available an online application with which Internet users could find out if they were affected. Often the origin of the data can be reconstructed a posteriori based on community responses. According to the opinion, after the origin is established, the company is obliged to inform customers and public opinion about the data leak.
Validating sanitizing. The protection of personal data is regulated by the Federal Data Protection Act, the purpose of which is to protect the identity and fundamental rights of individuals and legal entities whose data are processed. The law distinguishes between personal data and personal data that deserve special protection. The second category includes religious, philosophical, political or trade union views and actions, health, intimacy or race, social assistance measures, and administrative and criminal proceedings or sanctions. Their processing is carried out with the express consent of the person concerned.
The Data Protection Act also duly takes into account the security aspect and establishes that personal data should be protected from any unauthorized processing by appropriate technical and organizational measures. A complete review of the data protection law is ongoing. It is envisaged that it will include several new features of the EU’s general data protection regulation, the application of which is mandatory for all EU member states after a two-year transition period. Therefore, this also applies to all Swiss companies with or without a branch in the European Union that offer goods or services to people in the EU (this condition must already be fulfilled with offers on a website or online store) or that process personal data, belonging to citizens of EU member states, or who analyze the behavior of people in the EU.
Thus, the main changes introduced in the new provisions are: the right to be forgotten; data processing only with the express consent of the interested party; Right to data portability (to another service provider); the right of the data subject to be informed in case of violation of the protection of his data and, finally, tougher intervention in case of violation of the regulations. The latter means that the company can be fined up to 4 percent of the total global annual turnover for the previous year.