"Data is the new oil," hints at the worth of large information troves in computer systems, and authorities are taking that seriously, and will smack careless businesses hard around the chops if they don't do the same.

Information has always been hugely valuable, and it's in the very nature of people - and the businesses they run - to collect as much relevant data as possible.

What's different now is that it's much easier to collect data, to store it, and to access it for analysis. You can also join multiple data sets and learn things in minutes that would've taken weeks and months before the IT become commonplace.

There's nothing wrong with this. It's how any organisation should reinvent itself and become more efficient and competitive.


By making use of the often large amounts of information a business has collected over the years using computers, it's possible to develop and share institutional knowledge and insights that would otherwise be hidden, or locked up with just a few staffers.

The flipside of that coin is that the data is very valuable to others outside the organisation that generated it. In fact, an organisation's data could be more valuable to outsiders than to itself, if for instance a competitor could glean knowledge about your customers and approach them directly.

That and the fact that criminals steal personal data to abuse for high-volume electronic fraud is nothing new. Despite that, there are serious data breaches on almost a daily basis causing misery for people and million dollar losses.

Most breaches are due to sheer incompetence, with the organisations that have collected the data being clueless about how to safeguard it. What else would you call it when they dump vast amount of information into a totally unprotected database servers and connect them to the internet no access controls?

Spilling sensitive personal information that can be used and abused with no checks is downright dangerous, and the authorities have had enough.

The European Union in particular will make sure that from next year, data spills and information mishandling will really hurt.

Fines of up to 20 million euro (NZ$31.5 million) or four per cent of a company's annual worldwide turnover, whichever is the largest, are built into the new General Data Protection Regulation (GDPR) directive that'll go into effect from next year.

The fines in the GDPR are actually a compromise, as EU legislators wanted 100 million euro, or five per cent of annual turnover penalties initially.


Part of the problem here is that it's so easy to collect data, even if people do not provide it themselves. From next year, the GDPR means companies covered by the new legislation need to tell people what information they have, and how it's being used.

If an organisation stores data on individuals, it'll have to be prepared to develop the tools to notify people what information on them it has.

This will be an interesting one to watch, when giant data snafflers like Google and Facebook that use people's personal information as a tradeable commodity will need to comply with the GDPR.

The GDPR is arguably a good thing and well overdue. Information is power, especially when it comes to individuals, and should be treated with due respect for that reason.

If your organisation stores data, pay heed to that. Especially if you have any dealings with the EU.