Privacy laws will go one step further

Dubai: There has been an increasing need for organisations in the Middle East to be aware of, and compliant with, the legal framework for the processing, storage and transfer of data.

This is true whether data is hosted internally on an organisation’s own servers or externally using a third-party data centre, which also includes the “cloud.”

Hussam Sidani, regional manager for Gulf at Symantec, said that there are no pan-GCC or Pan-Arabic laws governing data protection and privacy. Nor are there any specific national laws or regulators governing data protection and privacy in the UAE of the type found in jurisdictions in the European Union.

In 2015, he said that Dubai passed a bill enforcing the mandatory sharing of public and private data sets of information. One of the reasons highlighted is the role of open data in developing smart city projects — a key theme of Dubai leading up to Expo 2020.

“Organisations have to adhere to new requirements around the processing of personal data, and introduce stricter rules around compliance. This is challenging even for the most informed, and has raised concerns over complexities around new information management processes and increasing costs, but this is necessary for people to realise the true potential new technologies, such as smart cities, while putting appropriate safeguards in place to ensure personal privacy is protected, he said.

With the sheer volume of breaches in 2015, cyber insurance for businesses and individuals is “inevitable”.

Secure practices

He said that “cyber” prefixes and clauses will become commonplace and it’s likely that greater onus will be put on consumers and businesses to adopt secure practices, or risk exposure and an ‘I told you so’ from their insurers.

For businesses, he said that this will mean processes, training and education for staff. For consumers this will mean greater scrutiny of what they are sharing and with who. Nothing like getting hit in the excess to encourage secure practices.

Due to the huge volume of breaches in 2015, organisations can see the login/password system “we know today is broken and will accelerate plans to move away from this system”.

Two-factor authentication specifically that which requires not only something the real owner would know — e.g., a password — but also something that they, and only they have — e.g., their mobile phone, will become more commonplace. Despite consumers being likely to struggle with the multitudes of login combinations that widespread shifts to this method will demand. Biometrics will also start to evolve into more comprehensive, mature solutions. “Fingerprints won’t be the be all and end all however. Expect to start hearing about “ECG-based identification” and ‘vein matching’ as business starts to realise that fingerprints are fairly easy to replicate, in comparison,” he said.

With more and more features, like authentication tokens, enterprise apps, payment and other moving to the smartphone, mobile devices will be a “prime target” for attackers.

“We’re likely to see tighter controls on office app markets and concentrating on making it harder to hijack system functions,” Sidani added.