Lack of Corporate B2B Privacy Policies is a Glaring Security Hole

There is a rarity of privacy policies in contracts shared between businesses that handle large swarms of consumer data which is proving to be a major security lapse.

Corporate privacy policies. They’re readily inferred to as the policies the likes of Uber promise to adhere to in protecting consumer data. However, major companies outsource work and data to other companies and these contracts rarely contain privacy policies, leaving the data at risk.

Take the example of Netflix. It produces plenty of content before users are able to access TV shows and movies on its website or many applications. However, Netflix sends its content to other firms for purposes like subtitling or closed captions, or dubbing before uploading it to its servers. If the cybersecurity policies at any one of these third-party firms aren’t up to scratch, it’s entirely plausible for anyone with privileged access to steal this data. Unfortunately for Netflix, this is exactly what happened when a popular TV show was stolen by malicious hackers who demanded a ransom from Netflix and proceeded to upload it to a torrenting website.

As Evan Schuman writes in Computer World:

[M]ost B2B contracts do more to protect the confidentiality of the contract itself than the boatloads of sensitive data the contracting party is about to turn over.

He points to the example of cloud services, where contracts typically do not mention what cloud vendors could do with the sensitive data they’re able to manage.

At a time when the FCC is rolling back privacy protections under the Trump administration, this concern is even more pronounced.

‘Some municipalities are establishing their own privacy rules, but their focus is squarely on protecting their consumer citizens, not businesses,” Schuman added.

Next year, the European Union’s General Data Protection Regulation (GDPR) is set to go into effect, which companies with a presence in the EU will have to adhere to.  “Those rules may be focused on consumers, but they will immediately ripple into corporate data concerns as well,” Schuman revealed. The new regulation will directly impact companies even if they have no customers or employees in EU countries. This will impact the likes of cloud companies who move data around server farms in locations around the world.

Notably, he revealed:

It [GDPR] focuses on protecting data for consumers, but your employees are, in the eyes of the EU, consumers. It doesn’t matter if the data involved comes directly from employers.

This forward-thinking regulation is exactly the kind that’s sorely lacking stateside.

Image credit: Pexels.