As we make our way into 2017, the UK has a new piece of legislation to come to grips with—The Investigatory Powers Act, also known as the ‘Snoopers’ Charter.’ This act effectively gives the UK government the power of legal mass interception and hacking—even forcing communications service providers (CSPs) to store every member of the public’s communications data and web browsing history. In short, it will give Britain perhaps the most extreme spying powers in the democratically driven developed world.
The government maintains that this is to aid in fighting terrorism. This might be true. But there are also those in the tech industry making the argument that these powers are tantamount to a massive violation of personal—and potentially intellectual—privacy.
How the heck did it get passed?
Despite criticism from almost every major technology and internet company (including Code42), the deed is done. Some say the reason for the low resistance to this act is Brexit—the UK’s plan to leave the European Union—with people too focused on that matter to put up a big enough fight. Others say that UK political party Labour, which should have been the Bill’s biggest opponent, was too busy fighting its own internal wars. Ultimately though, the general public were all looking elsewhere as the bill was passed.
A potential problem for businesses
While the political implications of the IP Act and its effect on personal privacy are yet to be fully realised, the impact will not be just limited to individuals. Businesses that store company data within the jurisdiction of the UK must also be aware of the changes to the law, and take the necessary steps to ensure company and customer data remains as secure and private as possible.
Is your data within your control?
As bleak as this situation appears, things could be worse—at least companies that store data on-premise can decide how far they are willing to aid the authorities with information requests. However, for businesses that backup and store data in an unencrypted format with a third party, this decision could easily be taken out of their hands.
For example, if an organization’s backup and recovery provider is hit with a bulk collection request under the IP Act and they decide to honor it, all of that company’s sensitive information will be passed on to the authorities in an easily accessible format. However, there is a way to ensure that the enterprise maintains sovereignty over data that is stored off-premise: encryption.
Choose your partner wisely
Businesses that choose to store data off-premise with a third-party provider must ensure that it is encrypted end-to-end, with the encryption keys remaining in the custody of the enterprise itself—something that is assured with Code42 CrashPlan. This way, in the event that a storage provider is forced to hand over the information in its possession, it will not be in an accessible format, as the encryption keys stay in the hands of the company that owns the data.
So while unwelcome, yet legal, data requests may now be a fact of life in the UK, the advantage that encryption can offer to a business is control. With Code42 CrashPlan, this control is absolute. CrashPlan offers business leaders visibility over what data is stored where. It also protects data from being disclosed without permission, and renders it useless in the event of intrusion attempts by cybercriminals and hackers. One thing you can be sure of in this vulnerable political climate? There’s no backdoor or vulnerable master key for the Code42 lock.