As scams, hacking and data breaches become more prevalent, data protection and cybersecurity are areas that businesses increasingly need to stay on top of, especially as they adopt more apps and cloud-based solutions.
But with the rapid pace of change and business often focusing more on speed and functionality when rolling out technology, these areas are often overlooked, which can have massive implications for organisations.
This is something Simon Singh has observed a lot in his experience as CEO of Proformac Technologies:
“We've seen that small gaps in security can have significant consequences, from data breaches to compromised customer trust. This is especially critical for companies managing sensitive or personal information, as regulations around data protection become stricter globally.”
Likewise, we will often see technology rolled out by organisations without proper review of the legal terms, or appropriate consideration of security of data and systems. As well as ensuring businesses conduct due diligence on cybersecurity systems, it is just as important to ensure that the legal terms contain adequate protections around security of data and systems, especially for technology hosted in cloud-based systems.
Part of this is understanding what particular policies and standards the technology provider has implemented in relation to data protection and cybersecurity, and ensuring that they are contractually obliged to adhere to these – for example ISO / IEC 27001:2022 – Information Security Management which is the international standard for information security management. It is also crucial to ensure that any personal information will be securely stored in accordance with the organisation’s obligations under the Privacy Act.
Reviewing the legal terms is something that should be done collaboratively between those on the legal side and those on the ground implementing the technology to ensure that what is contained in the terms meets the organisation’s particular requirements in relation to security and data protection. It should also involve those on the ground undertaking appropriate technical due diligence to ensure they are comfortable that the protections will work in practice to meet particular requirements and integrate with existing systems.
As Simon notes:
“IT audits are essential, not only to assess system efficiency but to check for vulnerabilities in cybersecurity, like firewalls, network security, and insurance policies related to intellectual property. Without these checks, companies risk falling prey to attacks or losing valuable data.”
Finally, with businesses adopting more and more AI as part of their technology suite, while this sort of technology is new, the same considerations around security and data apply. It is important to ensure there are appropriate security safeguards in place both from legal and technical perspectives before any important data or personal information is used with AI technologies – if in doubt make sure that any AI technologies you do you use in your business do not access any important data or personal information.
Key takeaways:
- With the rise of scams and data breaches, businesses must focus on robust cybersecurity, especially when adopting new technologies.
- Businesses should not only evaluate cybersecurity systems but also ensure that legal terms include adequate protections for data and systems, especially for cloud-based technology.
- Legal and technical teams should work together when reviewing contracts and implementing technology to ensure the terms meet the business’s security and data protection needs.
- As businesses adopt AI technologies, they should implement the same security precautions to protect sensitive information, ensuring AI systems don’t access important or personal data without proper safeguards.
If you need advice on business technology or would like some more information, attend our Free Business Tech Seminar happening 12pm Thursday 17 October from our New Plymouth office.
About the Author:
.png)
