Tatyana Isakova about contradictions in working with personal data

Changes in working with personal data are taking place around the world: companies, including market leaders, are attracting more specialized experts and expanding the range of services they can offer clients with their help. However, fear of risks increasingly stands in the way of progress.

Thus, the Mozilla Foundation (the organization that maintains the Firefox browser) last weekend suddenly broke off cooperation with the personal data protection service Onerep (monitors the distribution and attempts to sell user data and allows you to automatically send requests to delete information to resource owners), which was integrated into the browser only in February. stating that the activities of Onerep’s CEO “do not coincide with the company’s values.”

The fact is that recently American journalist Brian Krebs published an article where he revealed other projects of the creator and head of Onerep Dmitry Shelest: it turned out that in the past he was involved in systems for collecting and selling personal data, some of them still exist.

It turns out that the experience of such specialists as Dmitry Shelest is needed by international companies, but it also hinders cooperation with them. Similar situations have already occurred in Russia. According to my interlocutors in the cybersecurity market, not all companies are ready to work with “the founders of data leak detection services or darknet specialists”: the fears are related to the “gray zone” of their activities and fear for their own data.

One of the market participants explains that large ecosystems always put forward requirements for partners regarding the cybersecurity of products for integration. However, negative circumstances associated with the past activities of a partner’s employees are “quite difficult to identify,” he admits: “If a partner pays insufficient attention to personnel security, reputational risks can affect all participants in the information exchange.”

It turns out that large companies need the experience of specialists who worked in the shadow market, but this same factor creates risks for them. Meanwhile, the State Duma is currently discussing, on the one hand, a bill to tighten liability for data leaks, and on the other, to legalize the work of “white hat hackers,” who represent the quintessential problem of attracting specialists with dubious experience.

If the contradiction remains unresolved, the development of technologies for working with data and protecting it may stall. After all, if large customers refuse projects with specialists in “shadow resources,” then investors will stop investing in them.