• Tuesday, July 16, 2024
businessday logo


Data confidentiality and secrecy in an open society

Data breach

15. Then she said to him, “How can you say, ‘I love you,’ when you won’t confide in me? This is the third time you have made a fool of me and haven’t told me the secret of your great strength”

16. With such nagging, she prodded him day after day until he was sick to death of it.

(Judges 16:15-16, NIV)

Most of us know this story and how it ended; Samson and Delilah!

Samson was born to Manoah of Zorah, after a long wait for the fruit of the womb by his wife. Eventually, an angel appeared to her and prophesied that she would have a son. This promise didn’t come without its conditions; he is to be a Nazirite, therefore razor must never touch his head. Interestingly, Samson had been ordained to deliver the Israelites from the Philistines. Fast forward to his adulthood, Samson developed a strange interest in foreign women. In fact, he chose to get married to one of the daughters of the Philistines from Gaza. Suicidal, isn’t it?!

Delilah successfully lured Samson to divulge the secret of his powers. The rest is history, Samson lost his eyes, mission and life for that singular error. So sad, the mighty man has fallen! Sunday School is over, it’s time for main service.

Data breach and compromise is a huge concern. Several businesses require the retrieval of very sensitive information from clients to form the basis for profiling and transacting more seamlessly with them. In fact, some industries (such as health and banking) hold some of the most sensitive information of individuals. However, it is imperative for every business owner (and their team members) to maintain a high level of confidentiality. Information gathered from clients must never be divulged to third parties without due authorization. But the opposite has become a very rampant phenomenon in Nigeria, yet it seems like we don’t consider the risk involved. I was once called by a “potential fraudster (419)” who gave me some of my bank account details (date of birth linked to BVN, account name and bank name). How else would such vital information be released if not from the source? Can you read in between the lines?

There was once a terrorist attack in San Bernadino, California, which led to the death of 14 people, and 12 were left injured. The two attackers later died during a shootout with the police, and a locked iPhone device was found on one of them. The Federal Bureau of Investigation (FBI) had the challenge of unlocking the phone, which required a 4-digit password. Unfortunately, all data on the device will be eliminated after 10 failed attempts. There was no other option than for Apple to create a software that would enable the FBI to unlock the device. On the other hand, Apple out rightly declined to create the software on the ground of non-invasion of client’s privacy. A hearing was scheduled for March 22, 2018 between the Government and Apple. Luckily, the hearing was cancelled as the FBI announced that they had found a third party to assist in unlocking the phone. The Los Angeles Times later reported that the device only contained information relating to work and nothing about the plot. However controversial, that is a huge display of professionalism!

The following are tips to ensure the security of confidential information in your business:

Employee training: Often times, the relevance of keeping confidential information secure, is not diligently entrenched in the onboarding process. An intensive training must be organized for your team emphasizing the importance of confidentiality. There must be protocols for handling confidential information (this must be peculiar to your organization). On technology-related protection of relevant information, you can organize an in-house training or invite a specialist for proper orientation. This will help to build and enforce a culture of acute consciousness to sensitive information. “The only thing worse than training employees and losing them, is to not train them and keep them”- Zig Ziglar.

Also, exit interview must be conducted for employees leaving the organization reiterating the importance of upholding confidentiality. This is essential when the employee is leaving for a competing brand, where the previous firm is very vulnerable. Where applicable, the employee should be made to sign an NDA.

Control access: Chris Christie, former governor of New Jersey once said, “The first job of the president of the United States is to protect your safety and your security and the security and safety of your family.” Comic and punny, yeah? Safety and security can never be over-emphasized.

For digitally-stored information, it is very important to control access through passwords, firewalls and encryption. These passwords do not necessarily have to be shared with every member of the team, but those “who need to know”. This will further assist to streamline the investigation process, in the event of a breach. Once these team members are aware of the exclusiveness of this information, they are more likely to be prudent. Beyond passwords, visitors to the firm must be guided around the facility to avoid exposure to sensitive information. A small leak can sink a great ship, just like the Titanic capsized.

Proper disposal: Documents that are not needed anymore must be properly disposed. Most firms simply dump these documents in the trash can, where it is easily accessible by anyone who cares to examine. Rather, shredders should be used in disposing documents. However, in a situation where the documents must be retained; a separate secured cabinet can be created labelled “Confidential” and treated as such.

Divulgence of information about individuals, businesses and other third parties is strictly at their sole discretion. Even as you seek to improve your brand in 2021, ensure that your business is “trustworthy and reliable” to all parties concerned. Except expressly permitted by the individual concerned, resist the urge to “Soro Soke”.