I was talking to someone about data security yesterday afternoon, and mentioned the Mexican data breach where 93.4m citizen records were left in an unsecured cloud database – and immediately stolen – as an example of the carelessness people seem to experience when taking advantage of cheap web storage and processing.
Pretty much while I was having that conversation, this happened. A new record: 198m US voter records, terabytes of data. On Amazon. Unencrypted. Not even password-protected. Seriously?
Imagine the fine if that had been a UK research firm subject to the GDPR.
You can’t rely on Amazon – or Microsoft, or Rackspace, or your cloud provider of choice to keep your data secure. Unless they explicitly say that they will protect it, it’s up to you.
Read the EULA in the one-inch-square box before you sign up. It’s not even a box on AWS, it’s a link. Read it here. It’s 6,400 words. So don’t expect to have your first instance up in 5 minutes’ time.
Now read the GDPR and the PECR.
Now you know who’s responsible for what. Yes, that’s right. You. For everything.
So please at least try.