Episode 75

Published on:

16th May 2023

The Privacy Pro's Playbook To Prevent Data Breaches

Are You Ready To Prevent Data Breaches Like A Pro?

In this power-packed episode of The Privacy Pros podcast, Jamal Ahmed dives deep into the world of data privacy and provides you with actionable strategies to protect sensitive information.


  • Why data privacy is a fundamental right that cannot be compromised
  • How to maintain digital trust while fostering innovation in today's fast-paced world
  • The real impact of high-profile data breaches
  • Key lessons from recent enforcement actions
  • Practical and effective tips to prevent data breaches

Don't miss out on the invaluable insights!

Equip yourself with the Privacy Pro's playbook to safeguard data, protect privacy, and prevent breaches!

Follow Jamal on LinkedIn: https://www.linkedin.com/in/kmjahmed/

Get Exclusive Insights, Secret Expert Tips & Actionable Resources For A Thriving Privacy Career That We Only Share With Email Subscribers


Subscribe to the Privacy Pros Academy YouTube Channel

► https://www.youtube.com/c/PrivacyPros

Join the Privacy Pros Academy Private Facebook Group for:

  • Free LIVE Training
  • Free Easy Peasy Data Privacy Guides
  • Data Protection Updates and so much more

Apply to join here whilst it's still free: https://www.facebook.com/groups/privacypro


Are you ready to know what you don't know about Privacy Pros? Then you're in the right place.


Welcome to the Privacy Pros Academy podcast by Kazient Privacy Experts. The podcast to launch progress and excel your career as a privacy pro.


Hear about the latest news and developments in the world of privacy. Discover fascinating insights from leading global world privacy professionals.


And hear real stories and top tips from the people who've been where you want to get to.


We're an official IAPP training partner.


We've trained people in over 137 countries and counting.


So whether you're thinking about starting a career in data privacy or you're an experienced professional, this is the podcast for.


Privacy Technologist, and in:

Jamal 2:54

So let's dive right in, and I want to start talking about the importance of data privacy. So at its core, data privacy is about safeguarding or upholding the trust of an individual's personal information from unauthorized access, from unauthorized use, and unauthorized disclosure. So we want to make sure we protect people's information. We want to make sure we protect our information from someone who shouldn't have access to it, from someone who shouldn't be able to see it from someone who shouldn't be able to share it with somebody else. And it's a fundamental human right. So across Europe, we can see that the right to privacy is a fundamental human right. And that plays a crucial role in maintaining digital trust when it comes to services, when it comes to protecting our rights, when it comes to protecting your freedoms, and also when it comes to fostering innovation. And in recent years, data privacy has gained even more attention due to some of those high profile incidents and the increasing amount of personal information that's being collected, that's being stored, and that's being processed by businesses and organizations. And this has led to the development of data protection regulations, such as the general data protection regulation, which we all know as the GDPR across Europe and in the US, the California Consumer privacy act, in the United States and other parts of the world, you can see, have been inspired to bring in their own pieces of law as well. So in India, they've got something that's going through the process. At the moment, even in Bangladesh, they've got something going through. In Nigeria, they've got the NDPR we can see all parts of the world are introducing data privacy laws. Even in Saudi Arabia, they've started introducing data privacy laws. Qatar has introduced data privacy laws.


So all across the world, we are seeing governments bringing in data protection laws to really make sure that people feel comfortable, that people are confident that when they are handing over the personal information, when their personal information has been collected by organizations and businesses, whether it's in the private sector or the public sector, that that information is being used in a way where that trust is being held. Because when that trust goes away, when we have data breaches, when we have violations, then it has severe consequences on individuals. It can cost them a lot, it can embarrass them, it can lead people into misery. It can really cause lots of ups and lots of problems. And that's what we want to prevent. We want to talk about some incidents that have happened, and we want to learn from those incidents today to make sure that we contribute to a much better impact on ourselves and a much better impact on society. And if you're an organization, or if you work for an organization, then hopefully you can work away some actionable tips to really help you to protect your organization's reputation and go beyond compliance, to cultivate that trust, to inspire confidence, and to really make a difference. So you too, can contribute towards making this world a much safer place when it comes to the freedoms over our personal information. Right? So why is data privacy so important? Well, first and foremost, it's about protecting our personal information from misuse or unauthorized access. Because when we allow our personal information to be misused or to be allowed to go into people's hands, that we didn't want them to, it can lead to theft, it can lead to fraud and other negative consequences.


Beyond that, data privacy is essential for building trust between individuals and the organizations they interact with online. When people trust that their personal information is being handled responsibly, they are more likely to use those digital services and share their data, which in turn fuels innovation and economic growth and prosperity. Data privacy has become a key component for corporate responsibility as businesses are expected to demonstrate that they are taking appropriate measures to protect their customers data. A failure to do so can result in significant financial and reputational damage as well as regulatory penalties. Now, a lot of the work that we're doing at Kazient Privacy Experts right now is actually helping businesses to demonstrate to other businesses that they are protecting people's personal information. They know how to handle that in a way that is safe, in a way that keeps it secure, in a way that keeps it private. Because if they can't, then they're not winning the deals, they're not getting the larger contracts, they're not being able to do business that have those six and seven figure contracts. So what we're finding, a lot of the work that we're doing right now is helping businesses understand their roles and responsibilities and then being able to demonstrate that to other businesses so they can actually win bigger contracts and have more of an impact on the success of their business. So in summary, data privacy isn't just about protecting personal information, but it's about going beyond ticking that box so we can cultivate trust, so we can foster innovation and so that we can embed responsible business practices in the digital age with this understanding.


So with this understanding, let's now delve into some recent data privacy incidents and let's see how that has impacted people, how that has impacted society, and what the consequences of that have been. Okay, so let's move on to some privacy incidents, and I'm going to focus on the incidents that we've seen in the UK and specifically ones that have been punished or enforced by the Information Commissioner's Office, the ICO, which is the supervisory authority that we have here in the UK. So over the past few years, we've seen a number of data privacy incidents that have made headlines and sparked important discussions about the need for better protection of personal information. Let's take out some of these high profile cases and some of the lesser known ones and explore the consequences and lesson learned from them. The first incident I want to talk about is in relation to a social media platform. They experienced a massive data breach that exposed personal information of millions, millions of users and that included their names, their email addresses and their phone numbers. And that breach not only led to significant loss of user trust, but it also resulted in regulatory penalties and legal actions highlighting the importance of securing user data and being transparent about privacy practices. Another example involves a large credit reporting agency, and I'm pretty sure all of you know which one I'm talking about. They suffered a major data breach which exposed sensitive personal information as well as financial information of millions of individual. And the consequences of this breach included financial losses, reputational damage, and also include increased regulatory scrutiny, which emphasized the need for more robust security measures and timely disclosures of breaches. There's also been some lesser known incidents. One that wasn't publicized as much was where a small online retailer experienced a data breach that exposed the customer names, the addresses, as well as the credit card information. And although the scale of the breach was smaller than the high-profile cases, the incident had a significant impact on the company's reputation, their customer trust and it demonstrated that data privacy is crucial for businesses of all sizes. It's not just large businesses that need to pay attention to protecting people's information. It's every business.


Think about some small businesses where you might have handed over your information and think about what would happen if that information went to the wrong hands. If someone has your phone number, your email address, your postal address, if they have your bank details, what kind of damage could that do to you? And if you trusted a business, whether it was a small business or whether it was a sole person with that information, you expect them to keep that information safe, don't you? So think about the last time you handed over information and think about what would happen if that information was to get leaked, if that information was to get sold to the wrong people, and how might someone be able to use that information to really harm you. And the reason I'm asking you to think about this is because this is exactly what happens with information that we collect when we're at work, when we're acting as a business. And therefore, if we understand those consequences and we know we don't want those consequences for ourselves, it becomes much more easier. It becomes much more of a responsibility on us to make sure that when we are collecting information about people just like us in the course of our work, in the course of our lives, then we are treating that information with the utmost respect and making sure that we keep it safe and we keep it private, and we stop any unauthorized access or disclosure to that information.


bu limited. So between August:


And now this is particularly relevant because during Ramadan, we see lots of charities campaigning, trying to encourage us to give our donations to them. Everybody knows during Ramadan; Muslims will give hundreds of millions of pounds on charity. And all charities see this as especially Muslim charities, faith-based charities, and even nonfaith based charities now they see Ramadan as the time to really capitalize on those donations. And therefore, what you might notice is you're getting extra emails, extra phone calls, and extra text messages. And some of these businesses are sending us text messages, and we've never actually shared our information with them. And a few years ago, the charity run by Dr. Husna was actually doing this, and they were sending lots of text messages to individuals who had never heard of this charity or shared their information. And again, they were fined by the Information Commissioner's office. And Ramadan is a time where we ask for charity, and when we ask people to give to charities, we are asking for that trust that Amana and saying, hey, trust us with your money. How can we as charities expect people to trust us with their money when they can't even trust us with their personal information? And a lot of the things I'm hearing from individuals is, hey, I don't want to give to UK charities anymore because every time I give to them, they take my phone number, they take my email address, they share it, they sell it, they spam me, they're sending me text messages. I can't even opt out those text messages. So those text messages that you're getting that don't have an opt out, I've been getting them all month. They're actually illegal, right? And we know as Muslims, especially as faith based charities that are representing Islam, we need to do much better. So I'm appealing to all of the charities out there, please uphold the trust people have given to you when they've given you their phone numbers, when they've given you the email addresses and have the respect of asking for their consent. And if you are going to message them and invite them to do good work, do it in a way that's respectful, do it in a way that earns their trust. Do it in a way where they actually want to help you to make a greater impact. Because as a charity, the work you're doing is amazing. You do the best work and the work that you do has so much reward on society and we want you to do more work, we want you to have greater impact and we want to give more money to you. But you need to make sure that you put yourselves in a position where we can trust you with our personal information.


Now let's have a look at one or two more recent enforcement actions and then we can move on. Next one we want to look at is the Boiler Repair Breakdown Limited. So Boiler Repair Breakdown Limited, they were fined between 120 and 140,000 pounds by the ICOs. Well, there was actually two companies. One was fined 120, one was fined 140,000 pounds and they were making unsolicited marketing calls to people who were also registered on the TPS trying to sell them boiler breakdown cover when people were not actually interested. And therefore the ICO came and said, hey, what you're doing is absolutely not acceptable. And here is a fine to you. So you can see most of these fines that we're talking about is in relation to some kind of marketing activity by a small or medium sized business who either didn't understand what they are allowed, not allowed to do, or they didn't care. Either way, you can see that when you get fined by the regulators, not only does it have consequences financially, it also cost you your reputation. And as business owners or as businesses, you work so hard, or we work so hard to build up a reputation and it just takes something like a fine over, something to do with the way you've been handling personal information to crumble all of that down. You're going to lose the trust of your customers, you're going to lose the trust of potential customers and therefore it's going to make everything you do so much more difficult. And that is not the way that we succeed in business. We succeed in business by cultivating trust, inspiring confidence, and that helps you to win more customers, have a massive impact, and ultimately win-win for everyone and achieve more success.


What I want to talk about now is some of the way we can present these things. But before we do that, the incidents that I've described, among others, they have serious consequences for both individuals and businesses. It includes financial losses, reputational damage, regulatory penalties. They're just a few of the potential outcomes of data breaches and privacy violations. More importantly, these incidents have exposed vulnerabilities in the way personal data is managed and protected, highlighting the need for improvements in security measures, transparency, and also accountability. And as we move forward, it's essential to learn from other people's mistakes, to learn from these incidents so we can implement best practice to better protect that personal information and foster that digital environment for everyone. And essentially, we want to create a world where every woman, every man, and every child enjoys freedom over their personal information. The next thing I want to talk about is how can we actually prevent data breaches and how can we prevent some of these privacy violations from taking place to begin with? So we know prevention is always better than cure. So while it's important to understand the consequences of data breaches and privacy violations, it's equally crucial to know what we can do to prevent them both as individuals, me and you and organizations play a significant role in safeguarding personal information so we can work together to ensure we create that secure digital environment. I want to discuss some of the best practices that can help mitigate the risk of data breaches and those privacy violations. So first of all, let's look at best practices for individuals. So what can I do? What can you do? And what can we do to take responsibility ourselves before we leave it up to the businesses or before we share that information with businesses? So the first thing you need to do is make sure you have strong passwords.


And when I say have strong password, I don't mean have one strong password that you believe is bulletproof. Because I speak to so many people who are, the one thing that they're more loyal to than anything else is that one email address and that one password they created when they signed up for a Myspace account or a Hotmail account back decades ago. If you're using the same password everywhere, you're really exposing yourself up to lots of danger because it just takes you to leave, lose that one password to somebody or for one of those businesses to not protect your password. And then every single account that you have that uses that same email address and that same password is now compromised. And that's what hackers actually look for. They look to find an account where it has less security because they know lots of people use the same password in multiple places. So I can't stress to you, if all you did was have a strong password and have a different password for each account, how much safer that would make you and how much more it would tenfold how protected you are online. So that's the first thing we want to do, strong passwords. Now, someone's asked a question and saying, what about services like LastPass? Yes, I absolutely loved password managers. Now, it's true there have been attacks on these password managers. Go and do your research and find one that works for you. At the beginning, you can use something like your Google password manager. You can use password managers on your phones. Devices come with these. But if you want to take it a little bit further, maybe you have lots of different accounts, then yes, go and get a password manager. They are very low cost and there's so many different options available. You can have them for your small businesses, you can have them for your large businesses, and you can also have them for individuals. In addition to passwords, we can make 80% of a difference by just adding multifactor authentication. It is one of the most simplest yet the most effective ways to protect your information by adding that multifactor authentication wherever it is possible and available. That adds an extra layer of security, which makes it much more difficult for unauthorized individuals to access your accounts, to empty out your bank accounts, to pretend to be you, to take out loans, to take out finance, to cause damage to you, basically pretending to be you.


set to seven, eight, six, or:


So whenever we're connecting to the Internet, especially on public Wi-Fi networks, it's essential, it's essential to use a secure connection to protect your data from being intercepted. Remember, whenever you use a public Wi-Fi network, anyone can see that information. Anyone can see what you're putting in. So if you're going into a banking app, if you're going into something that's got your credentials that you need to log in, anyone could essentially see that. So what we can do if we have no choice and we want to actually use a public Wi-Fi network, is use something called a VPN. A VPN is a virtual private network. And that creates a tunnel between you or your device and the Internet. And no one can see into what's actually happening in that tunnel. So it protects anyone else from seeing what's happening when you've connected to the Internet. And those VPNs we can get for relatively low cost now as well. So I would recommend investing in a VPN. If you are someone who is out and around a lot, and you're using your mobile phone or using a laptop to connect to the Internet, and if you're a business and you have remote workers, then you absolutely must get those VPNs. Because otherwise your information is not protected. Your business is not protected, your reputation is not protected. So make sure you only allow people into your environment if they're working from home, if they're working remotely through a secure VPN, that will keep all of your online activities private and it will help keep your connection safe too. And the third thing that we can do as individuals, and this is the one that really frustrates me the most, especially when I see my family members have software updates pending on their devices, on their laptops, on their iPhones, on whatever device they have. Make sure you update those software, make sure you have regular software updates and you keep those patches refreshed. If we keep those devices and software up to date, it is critical in protecting personal information because those updates will often include security fixes for overcoming those unknown vulnerabilities that have been exposed. So make sure to install those updates as soon as they become available and enable those automatic updates whenever possible. So some of your devices, you can just say, yes, enable automatic updates. Now you don't even have to think about it, you don't have to schedule that in. A few years ago, it had to be that you had to stop working for an hour, 2 hours, however long it took for those updates to happen. But now you can actually have them scheduled for the times when you're not working and they're actually a lot more quicker than they ever used to be. But by making sure that you accept those updates, making sure you are making the most and taking those on at the earliest opportunity, you are doing everything you can to keep yourself safe and protect against those vulnerabilities that have been identified.


Because if you're not running those software updates, if you're not running those patches, it means there's people out there that know there's a problem and they know there's a lot of people with this device that have this problem. And you become an easy victim. You become an easy target for them to try and see what they can come and get from you, what they can do with your personal information to benefit from, but at a disadvantage to you, at a way that's going to harm you at a way that's going to empty out your bank accounts at a way that's going to pretend to be you and cause you problems for years later down the line. I was speaking recently to somebody who had their identity stolen. So someone took their personal information and they done identity theft with them. And this person very capable, they'd done absolutely nothing wrong. It was actually an organization that leaked their information, but somebody was pretending to be them and taking out loans, taking out finances, taking out mortgages. And it eventually came to a point where this person had lots of CCJs against their name. In fact, they were actually blacklisted. The challenge with that is they weren't responsible for any of those things. And when they go and apply for good roles in regulated industries, everyone does a credit check, right? The employers do credit check, employees do background checks. And every time they go for these background checks, it prevents them from getting some of those better roles because of the fact that this comes up. And when they try and explain those things, it just becomes something that no one wants to entertain. And this person has had their life impacted. Now imagine, imagine you had to leave your job or imagine for whatever reason, you wanted to apply for a new role because that's more in line with your goals, your dreams, your desires of what you want to achieve and the kind of lifestyle. That you actually truly want and deserve. But every time you applied for a role, every time you got an offer, you couldn't actually move forward because someone, somewhere has pretended to be you. Just because you didn't update your software, just because you didn't use a strong password, just because you didn't check which business you're sharing your personal information with. And that's going to haunt you for years and years and years and years. And I think in the UK, those credit files last for around seven years. So imagine having seven years where your career is stagnant, having seven years where you can't actually buy something, where you can't actually get credit because you fail to do one of those three simple things that could have protected that information for you. So let me remind you what those three things are again. Number one strong passwords and multifactor authentication. Number two secure connections and using a VPN. And number three regular software updates and patches.


If you enjoyed this episode, be sure to subscribe, like and share so you're notified when a new episode is released.


Remember to join the Privacy Pros Academy Facebook group, where we answer your questions.


Thank you so much for listening. I hope you're leaving with some great things that will add value on your journey as a world class privacy pro.


Please leave us a four- or five-star review.


And if you'd like to appear on a future episode of our podcast, or have a suggestion for a topic you'd like to hear more about, please send an email to team@kazient.co.uk


Until next time, peace be with you.

Show artwork for Privacy Pros Podcast

About the Podcast

Privacy Pros Podcast
Discover the Secrets from the World's Leading Privacy Professionals for a Successful Career in Data Protection
Data privacy is a hot sector in the world of business. But it can be hard to break in and have a career that thrives.

That’s where our podcast comes in! We interview leading Privacy Pros and share the secrets to success each fortnight.

We'll help guide you through the complex world of Data Privacy so that you can focus on achieving your career goals instead of worrying about compliance issues.
It's never been easier or more helpful than this! You don't have to go at it alone anymore!

It’s easy to waste a lot of time and energy learning about Data Privacy on your own, especially if you find it complex and confusing.

Founder and Co-host Jamal Ahmed, dubbed “The King of GDPR” by the BBC, interviews leading Privacy Pros and discusses topics businesses are struggling with each week and pulls back the curtain on the world of Data Privacy.

Deep dive with the world's brightest and most thought-provoking data privacy thought leaders to inspire and empower you to unleash your best to thrive as a Data Privacy Professional.

If you're ambitious, driven & highly motivated, and thinking about a career in Data Privacy, a rising Privacy Pro or an Experienced Privacy Leader this is the podcast for you.

Subscribe today so you never miss an episode or important update from your favourite Privacy Pro.

And if you ever want to learn more about how to secure a career in data privacy and then thrive, just tune into our show and we'll teach you everything there is to know!

Listen now and subscribe for free on iTunes, Spotify or Google Play Music!

Subscribe to the newsletter to get exclusive insights, secret expert tips & actionable resources for a thriving privacy career that we only share with email subscribers https://newsletter.privacypros.academy/sign-up

About your host

Profile picture for Jamal Ahmed FIP CIPP/E CIPM


Jamal Ahmed is CEO at Kazient Privacy Experts, whose mission is safeguard the personal data of every woman, man and child on earth.

He is an established and comprehensively qualified Global Privacy professional, World-class Privacy trainer and published author. Jamal is a Certified Information Privacy Manager (CIPM), Certified Information Privacy Professional (CIPP/E) and Certified EU GDPR Practitioner.

He is revered as a Privacy thought leader and is the first British Muslim to be awarded the designation "Fellow of Information Privacy’ by the International Association of Privacy Professionals (IAPP).