What 2020 has taught us about data protection

I won’t go on about how 2020 has been a difficult year. It has — and there are many reasons to be thankful that it’s over. However, the challenges of the sheer strangeness of 2020 have taught us many lessons, particularly when it comes to resilience — digital or otherwise.

Our digital lives are today so entwined with our real lives that it’s impossible to pull them apart. From a business perspective, that’s obvious — digital infrastructure is fundamental to day-to-day operations. But even from a personal perspective, as many of us have become islands, living in relative isolation, protecting the systems and data needed to make every day life manageable and safe has never been more important.

So, what has this weird year taught us about data protection?

We’ve learned to stop thinking about data as a homogenous blob and focus on context

Over the last 10 years it’s easy to get locked into thinking about data as if it is some kind of homogenous and singular thing. This has come in part from the optimism of those obsessed with the big data revolution, and the opportunities that data at scale can offer the world. Conversely, it’s also a legacy of a more cautious mindset, where our digital lives are one of perpetual vulnerability. It’s the viewpoint that thinks everyone’s after a piece of your data trail.

This year, however, has made it clear that the truth lies somewhere in the middle. And moreover, it highlights that it’s wrong to talk about data as a huge blob of information — instead it is layered, and contextual.

Indeed, even the same data takes on a different appearance in a new context. Think, for example, of track and trace data, used around the world to monitor the spread of Coronavirus and help people to keep themselves safe. In this instance, sharing data becomes integral to safety, and might even be viewed as a kind of care. In any other context, of course, this might seem sinister — perhaps it’s not surprising that one of the most bizarre yet widespread conspiracy theories about a vaccine is that it will insert a tracking chip into your body. It’s as if the link between data sharing and public health has been adopted and warped into something else entirely.

From both a personal and organizational perspective, this is important because it reminds us that we need to approach the way we manage, store, share, and secure data in a way that’s cognizant of context. Is this data valuable? Does it need to be easily available? Who else might I want to share it with? Who do I definitely not want to share it with? All of these questions are vital for anyone that wants to treat their data with respect.

We’ve learned the importance of managing privacy and flexibility together

This leads us on to our second point. When it comes to data protection and privacy, we need to ensure that we remain aware of the importance of flexibility.

Remote working, for example, has demonstrated this to great effect in the business environment. Yes, the huge shift in people working at home has led to some potentially sticky security risks, but it has also highlighted just how important it is to ensure that there is flexibility around how and where resources and information can be accessed.

One of the main challenges here are the large tech platforms. Although they position themselves as the gatekeepers of our data, and so should be trusted to ensure privacy, their power and status leaves us, as users, outside any sphere of influence. Whether or not this will change in the months and years to come with new data protection and antitrust legislation remains to be seen — but it is, at least, being talked about.

From a personal perspective, though, it again comes back to simply being aware of what data you produce, what data you own and need, and how it should and could be used. In other words. Understand what you have at your disposal and how you want it to connect or be available across platforms or, indeed, devices.

We’ve learned that availability is just as important as security

Security is obviously important. But it’s just as important to ensure that data is available and accessible. As we’ve seen above, it’s not enough to hide your data somewhere so clandestine that even you can’t recover it. You need to ensure that, in the case of data loss or disaster, you need to be able to quickly retrieve your data — or a backup of it — and restore it with minimal fuss.

From a business perspective this is fundamental in ensuring resilience. If something goes wrong, undermining your site or internal operations, the cost could be catastrophic. The pressures that 2020 has posed has only served to emphasise this point.

While for personal users data availability and data recovery might not have the same urgency, it’s important to note that in difficult circumstances, being able to get your machine(s) and software up and running again quickly can be hugely important. If it’s critical for your productivity and connectivity it could even be viewed as a contributing factor in your well-being. That’s an important lesson to take away as we move into the future.

You can’t underestimate just how malicious cybercriminals can be

In a difficult year, we’ve sadly learned how low cybercriminals will go in pursuit of cash. Using the chaos of the Coronavirus crisis to launch a range of different attacks on individuals and institutions (in some cases even hospitals), it has become clear that the more critical a situation, the more likely it is that someone will be out there exploiting it.

Fortunately, this can at least teach us to up our game when it comes to cyber vigilance. Attacks can come from anywhere and in a huge range of formats, so it’s essential to be on your guard. Indeed, you could even say that 2020 has proven that we need to prepare for the worst and assume that attacks and other disasters are going to happen.

If we can build on these lessons and embrace the techniques and tools needed to ensure resilience, we can at least be sure that we’ll be moving towards a future where we’re ready for anything.