How to prevent data theft
When you suffer a data breach, the speed of your response is critical to your recovery, as well as a key consideration during regulatory investigations.
Data breaches can occur in many ways: accidentally or maliciously, via third parties or your own staff, through sophisticated cyber attacks or simple human error.
Whatever their cause, the one thing most breaches have in common is that they aren’t identified until months after they occur – usually when third parties track a set of compromised data back to its source.
And by that point, it is generally too late to mitigate the damage.
The limits of data security
The GDPR (General Data Protection Regulation) and DPA (Data Protection Act) 2018 require data controllers and the processors that operate on their behalf to implement appropriate technical and organisational measures to secure personal data and help prevent breaches.
Most security measures focus on closing technical security vulnerabilities, identifying cyber threats and training staff to follow best practice.
However, no solution is perfect, and there is always a trade-off between availability and security. After all, for data to be 100% secure, it would be unusable even by the people who need to use it.
So what can you do if you accept the reality that data breaches are inevitable? How can you monitor and track how your data is used at all points of its lifecycle, whoever is using it?
The answer is data seeding.
What is data seeding?
Data seeding is the insertion of unique synthetic data or ‘seed records’ into databases.
It is effectively a way of watermarking your data sets so they can then be tracked and monitored, however and wherever the data is used and transferred.
So if, for example, you suffer a data breach and your data is offered for sale, you will know about it.
Data seeding works for physical mail, landlines, mobile phones and email addresses, allowing you to build a detailed picture of how your data is used.
What are the benefits of data seeding?
There are many benefits to seeding your data sets, including:
- Detection
Data seeding quickly identifies any unexpected use of your data, allowing you to react as early as possible. - Protection
Monitoring exactly how your data is used will help you better protect it – you will be able to understand the full lifecycle and evaluate any potential weak points in its processing. - Prevention
Data seeding is a powerful deterrent for criminals: declaring that you have protected your data this way significantly reduces the risk of misuse because anyone handling it knows it can be traced back to them. Seeds are unique, strengthening the audit trail and providing accurate evidence to support legal cases.
DQM GRC data seeding service
Our data seeding service is a bespoke seeding programme that fits your data and its use.
Our team will create and share unique seed records with you, which you can insert into your data sets – or we can manage the process for you.
Once the seeds are in place, we will monitor any contact made with them. If your data is stolen or misused, we can help you investigate and remediate the breach, protect your data subjects, and take action against whoever is responsible.
We will also provide you with a detailed monthly report setting out the ways your data has been used, as agreed with you.
This typically includes the channels that were used, the time and date on which the use was identified, and evidence of the use, such as an image of a marketing campaign.
Learn more about DQM GRC’s data seeding solutions >>
Author
Data Scraping: How to Use Publicly Available Personal Data Compliantly
UK government and Direct Marketing Association receive feedback on proposed reforms to data protection legislation
How to write a GDPR third-party questionnaire – with examples
About Author
