AI/ML
A year in review: How 2023 shaped the future of data protection
Data breaches and privacy violations continue to climb
In 2023, we saw a significant surge in privacy-related complaints and data breaches across the globe, with estimates stating that some 217 million accounts had been compromised worldwide in the first three quarters of the year.
The Office of the Privacy Commissioner of New Zealand received 80% more privacy complaints between July 1, 2022, and June 30, 2023, and saw a 27.5% increase in the number of breaches reported compared to the previous year.
The situation is equally concerning in the UK, as revealed by the NCSC’s Annual Review 2023. The UK cybersecurity agency reported a 64% rise in cyber-attacks this year, with data exfiltration incidents up by 18.5%. The agency received 2,005 reports of cyber incidents, compared to 1,226 last year. Data exfiltration, which can cause significant damage to individuals and organizations, affected 327 incidents.
According to the Identity Theft Resource Center (ITRC) in the US, there were 2,116 publicly reported data breaches and leaks in the first nine months of 2023, smashing the previous annual record with three months of the year still to go.
The financial implications of these breaches are staggering. This year’s IBM Cost of a Data Breach Report states that the global average cost of a data breach in 2023 was $4.45 million USD; a 15% increase over three years.
One of the most significant data breach events of 2023 was the MOVEit breach, in which more than 2,500 organizations suffered data loss resulting from the exploitation of a security vulnerability by cybercriminals. It is likely that many organizations were unaware of the data they had hosted in the platform, and losses could have been avoided with not only proactive patch management practices but also strict data retention and expiry periods on file sharing links and content.
The evolving legislative landscape
It is no surprise that this year has also been one of rapid development in privacy legislation and regulation globally. In an increasingly digital world, data privacy has become a paramount concern. Several countries have made significant strides in their data privacy legislation this year.
In the US, several new state laws have been passed and others came into force, including in Virginia, Colorado, Connecticut and Utah. President Biden’s State of the Union address committed to developing more stringent legislation to protect citizens’ privacy and data rights.
Canada introduced Bill C-27 to parliament, a comprehensive piece of legislation that aims to strengthen data privacy protections for Canadian citizens, including against the potential risk of harm posed by some AI systems. Australia’s attorney-general’s department conducted a review of its Privacy Act, outlining 116 proposals to amend the legislation. Recently, the government released its response, committing to 38 of the recommendations and agreeing in principle to a further 68. The review and subsequent response aim to ensure that Australia’s data privacy laws remain robust and relevant in the digital age.
New Zealand has proposed the Privacy Amendment Bill, which seeks to enhance transparency in data privacy practices. Several other jurisdictions have also made notable strides in data privacy legislation. India has introduced the Data Protection Bill (DPDPB), the African Union has adopted the Malabo Convention, Saudi Arabia has enacted the Personal Data Protection Law (PDPL) and Switzerland has revised its Federal Act on Data Protection (FADP).
The rise of Artificial Intelligence
2023 has been the year artificial intelligence took the world by storm. Since the launch of Open AI’s ChatGPT in November 2022, organizations and the public alike have embraced the technology.
The world of artificial intelligence (AI) has seen a rapid adoption of large language models (LLMs) such as ChatGPT, Bing Chat, and Google Bard. Organizations are increasingly developing internal AI and machine learning (ML) models for a wide range of applications, from customer service chatbots to financial decision-making, customer profiling, and more.
However, the speed of adoption and acceptance of these technologies has not been without its challenges. 2023 brought the first significant AI breaches, which resulted in the exposure of secret and sensitive information. Microsoft and Samsung suffered exposure of secret information including keys, passwords and internal messages through employee use of public AI platforms. Although later overturned, we have also seen the first fines issued for data misuse and privacy violations levied against an AI company.
Privacy considerations are paramount in the use and development of AI technologies. As AI becomes more integrated into our daily lives, it is crucial to ensure that personal data is handled responsibly and securely.
Regulation is emerging to address these challenges. The EU AI Act, currently under review, was the first published regulation on artificial intelligence when it was introduced in June. South Korea published guidance for the safe use of personal information in AI, and Canada’s recently published Code of Practice provides “guardrails” for the development and use of generative AI by organizations processing personal information. The G20 has also published its declarations for digital privacy and AI regulation.
Last month, the UK’s National Cyber Security Centre (NCSC) published what is being promoted as the world’s first globally agreed guidelines for safe AI development. Developed in collaboration with industry experts and 21 other international agencies and ministries, and endorsed by 18 countries, these guidelines represent a significant step forward in ensuring the responsible and secure use of AI.
Preserving privacy in the digital age
The year 2023 has demonstrated the importance of privacy and data security in the digital age. As technology evolves, so do the threats and opportunities associated with it. Data breaches and privacy violations can have severe consequences for individuals, organizations and wider society, running far deeper than the initial incident and data loss. It is vital we adopt proactive and preventive measures to protect data and privacy rights.
Data discovery can give you the insight you need for data security, global privacy compliance and the foundation of data management. Find out more.