Eliminate Your Business’ Risk of a Data Breach

Stop relying on end user best practice

Virgin Media experienced a recent data breach when it reported that 900,000 personal contact details were left unsecured and accessible online for 10 months. The database included phone numbers as well as home and email addresses.

As with many data breaches, the problem came from internal mismanagement and human error, rather than a hack or cyber security data breach. The problem is that too many data protection systems rely on end user best practice. The best data privacy or cybersecurity protection in the world will be useless if an employee leaves a digital back door open.

Since discovering the issue, Virgin Media have taken steps to rectify the situation, including contacting those affected to warn them about heightened risks they face of phishing, nuisance calls and identity theft. Despite there not being any high value information in the unsecure personal details, such as passwords or bank details, this is still a very embarrassing incident for the media giant.

And this problem isn’t exclusive to Virgin Media; several large companies have seen negative headlines and fines over the past two years. In fact, data legislation breaches are now being reported four times as often as they were before the GDPR became enforceable. And that number is only likely to grow.

The good news is that there are solutions that can give you the control you need over your data to turn it from a costly risk into the value-adding business asset you know it is.

A new approach to avoiding a data breach

Data is copied around an organisation every day. Consider how many times a bank will make copies of a customer’s passport, driver’s license and utility bills for their Know Your Customer (KYC) checks. Every time this information is copied at an organisation, whether via email, or distributed to external partners, a potential for a data breach is created. The more times information is copied, the more vulnerable it becomes.

At Trunomi, we have a fundamentally different approach to managing and sharing customer data. We don’t believe that you need to copy data at all. Most of the time, when you share data either internally or externally, it’s far more important to know the data exists than it is to actually reproduce the data itself.

Getting meta about your data

Let’s look at an example of a common data task: a KYC in a bank. If a bank is performing a KYC check on an existing customer, the required information, driver’s license, passport and utility bill will already exist in the organisation. Performing the additional KYC check simply requires knowing that the KYC has been passed, and that the information already exists. This is the difference between sharing data and sharing data about data, or metadata.

Our philosophy is that sharing metadata is almost always enough – and it’s infinitely safer and more secure than sharing the data itself. Metadata is also not bound by jurisdiction in the same way as the data itself. Sharing personal data with an external partner across the world could well be a data breach under GDPR but sharing information about that data isn’t.

This is the basis of the Trunomi approach to securing your customers’ personal data and reducing your exposure to damaging data legislation breaches.

Doing things differently with Trunomi

Using our patented TruCert and TruIDs technology, we make it easy for users to safely and compliantly save and share information about the personal data they process.

How it works in practice

Let’s look at an example of a user agreeing to have their personal data stored for marketing purposes:

• We consider this to be an interaction, which is recorded as a TruCert.
• When a user ticks the box, GDPR decrees that companies must record when that interaction takes place and what permissions they have opted into. This is recorded in the TruCert.
• It’s also important for the company to record how the data will be used and with whom it will be shared. Again, this is recorded in the TruCert.
• Sharing information about that user’s personal data is simply a case of sharing the relevant TruCert.

This is the who, what, when, why and how of personal data. With our technology, every time an interaction is recorded around personal data, this metadata is automatically recorded as a TruCert, with each individual user being assigned a unique TruID.

Military-grade safety

This process greatly reduces a company’s exposure to data protection risks, because it reduces to an absolute minimum the number of instances that personal data is reproduced. What’s more, the TruCerts and TruID are cryptographically hashed, which is certified to the same standard as that required by the USA’s National Security Agency (NSA).

That means both the information within a TruCert, and the individual to whom it refers, are completely imperceptible to anyone but the person for whom it’s intended. And none of the personal data in your company is processed by Trunomi.

It’s for this reason that if Virgin Media had been a customer of Trunomi, the breach of 900,000 pieces of personal data never would have happened.

View your data as an opportunity

Customer data can be either a risk or an opportunity – depending on your mindset as a company and the technology you use to support it. At Trunomi, we support businesses in making the most of the data they possess.

If you want to find out more about how Trunomi can help protect your customer data, get in touch with the team today.