Cybersecurity: Encryption as a privacy tool
Encryption is an excellent security tool… even if it wasn’t, the UK Information Commissioners’ Office (ICO) sees it as a basic precaution, meaning that is should be on the radar of all data-handling organisations.
All security measures have their strengths and weaknesses and none supply perfect security, but with clear links between the failure to encrypt data and actions taken by the ICO, it is easy to quantify the return on investment for encryption.
With that in mind, we’ve written a brief overview of what encryption does, why it’s good for privacy and what problems it’s not going to solve.
WHAT IS ENCRYPTION?
The most basic explanation is as follows: done correctly encrypted data is in fact not data at all, to anyone without the key it’s incomprehensible gibberish without any value.
The reason the ICO takes action against organisations who’ve failed either to encrypt (or to configure their encryption so that works as intended) is because if gibberish ends up in the public domain nobody cares… it’s not actually data.We use encryption for privacy protection as well as security because it reduces risks to the confidentiality of the data. It’s the last line of defence when: an attacker has got past all the other layers of security; an employee has unwittingly made a mistake; or your web developer hasn’t got around to patching your server in time.
The graphic above gives an overview of some key terms about encryption.
ABOUT OUR CYBERSECURITY SERIES
Clayden Law has teamed up with technical expert, Emma Osborn. and over the next few months we will provide some back-to-basics analysis of the technical, legal and data protection issues surrounding cybersecurity, aimed at organisations’ non-technical decision-makers. Together, we’ll be highlighting key cybersecurity and data privacy fundamentals and looking at the interplay between law and practice in this area. For more information, click here.