Data privacy-awareness has been a buzz word these days everywhere. Data privacy or information privacy, in simple words, is concerned with the proper handling, processing, storing, as well as using the personal data/information of the individuals, companies, etc. Data security focuses on protecting the personal data from any unauthorized third-party access, malicious attacks and/or exploitation of data.
Every industry is vulnerable to privacy and cyber security risks, the construction industry being no exception to it. In fact, the construction industry is a ripe target for attacks owing to its lucrative nature – the $10 trillion sector, which is one of the largest in the world – coupled with increasing vulnerability.
Why should construction companies be concerned about data privacy?
The statistics below speaks out loud why the construction companies should be concerned about data privacy:
A study conducted by IBM revealed that 74% of the construction-related organizations are not prepared for cyber-attacks and do not have an incident response plan in place.
The study conducted by Safety Detectives revealed that the construction industry was the third most common industry to have experience ransomware attacks in the year 2021.
The 2020 Forster survey revealed that 75% of the respondents in the construction, engineering and infrastructure industries have experienced cyber-incident in the year 2019.
Why is construction industry vulnerable to cyber security risks?
All companies are vulnerable to cyber security risks, but it is more so in case of the construction industry due to the following reasons:
The industry is highly unregulated when it comes to privacy and cyber security.
The transactions in the industry contain significant amount of personal information as well as sensitive business data, particularly financial data, which attracts the attackers.
The construction companies work with a large number of vendors, and as such each transaction may involve multiple parties, thus providing ample opportunities for the attackers to wreak havoc.
Last but not the least, in the recent years; the industry has been adopting new technologies like AI, robotics, etc. Given their interconnectivity, greater data security and privacy considerations are required.
What is GDPR?
Looking into the growing risks of cyber-attacks and increasing privacy concerns, the governments all over the world have been coming up with new and stricter data protection laws, that dictate the manner in which companies handle data and incorporate values to strive in the market. One such landmark data privacy law is the General Data Protection Regulation or the GDPR.
The General Data Protection Regulation (GDPR) is new data privacy and security law drafted and passed by the European Union (EU) that imposes a set of obligations onto organizations across the world, so far as they collect data related to people in the EU. The GDPR is the toughest privacy and security law in the world and was put into effect on May 25, 2018. Any organization violating the GDPR privacy and security standards shall be levied huge fines that may range to tens of millions of Euros.
At a time when more and more people are entrusting their personal data with cloud services, and breaches have become an everyday happening, introduction of GDPR reflects Europe’s firm stance on data privacy and security. The regulation itself is of very high standard to meet, requiring the companies to invest large sums of money to ensure they are in compliance.
The entire text of GDPR consists of 99 articles, setting out the rights of individuals and obligations imposed on the businesses that are subjected to regulations. Under GDPR, any company that stores or processes personal information about EU citizens within EU states must comply with the GDPR, even if they do not have a business presence within the EU.
GDPR addresses and covers the following types of data:
Personally identifiable information, including names, addresses, date of birth, social security numbers
Web-based data, including user location, IP address, cookies, and RFID (Radio-frequency Identification) tags
Health (HIPAA) and genetic data
Biometric data
Racial and/or ethnic data
Political opinions
Sexual orientation
Further, GDPR contains the following rules and regulations regarding:
Data Protection
If any company processes data of any EU citizen(s), it must do so in accordance to the seven protection and accountability principles laid down by GDPR, namely: lawfulness, fairness and transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality; and accountability.
Accountability
According to GDPR, the data controllers should be able to demonstrate that they are GDPR compliant. They can do this by:
Designating data protection responsibilities to their team;
Maintaining a detailed report of the data that has been collected, how the data has been used, where has it been stored, which employee(s) is(are) responsible for it, and the like;
Train the staff and implement technical and organizational security measures;
Have Data Processing Agreement contracts with third parties which processes data for the concerned company(ies)
Appoint a Data Protection Officer (though not all organizations require one)
Data Security
Companies are required to handle data securely by implementing “appropriate technical and organizational measures”. Technical measures may include anything from using two-factor authentication on accounts where personal data has been stored to end-to-end encryption of cloud platform. Similarly, organizational measures may include things like staff training, data privacy policy, limiting access to personal data to only those employees that require it, and the like.
Apart from the above, if any company faces a breach of data, it has to tell the data subject(s) within 72 hours or face penalties.
Thus, the increasing public concern over privacy on the business sector has resulted in stringent rules like the GDPR that regulate the way in which the companies use the personal data of the individuals. Now, companies in order to function in these countries need to abide by these regulations or else be subjected to heavy fines.
How does viAct ensure privacy of data?
At viAct, we understand well how important it is to maintain privacy of data, not only to keep oneself safe from penalties and fines, but also as a part of our moral responsibility. We also believe that privacy of data cannot be compromised at any cost. This is why viAct has also been very vigilant when it comes to protection and privacy of data of its clients. viAct ensures data privacy of its clients in the following ways:
We always ensure that the data that has been collected is only used for the purpose of personal safety and can only be accessed by employees who need it;
We generally mask out the human faces on the dashboard so as to ensure that the identity of the person doesn’t get revealed;
We encrypt the data with advanced machine learning technology; and
We store the data in high security cloud like AWS, thus, ensuring greater safety of clients’ data.