Faced with the high number of cyber attacks perpetrated in 2021, the Guarantor for the protection of personal data – highlights the Report on the activity carried out in 2021, presented on Thursday 7 July to the Senate – drew the attention of public administrations and companies on the need to invest in security and provided indications, in particular, on how to defend against ransomware, software that takes an electronic device “hostage” and then “frees it” against payment of sums of money. A threat, this, which has also spread particularly in Italy.
In this regard, the number of data breach notified last year to the Guarantor by public and private entities: 2071 (with an increase of about 50% compared to 2020), many of which related to the dissemination of health data which also led to sanctions. The Authority’s interventions also concerned large social platforms such as Facebook and LinkedIn in this area. The “data breach” is a security breach that involves, accidentally or illegally, the destruction, loss, modification, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed. A personal data breach can compromise the confidentiality, integrity or availability of personal data. A few examples? Access or acquisition of data by unauthorized third parties, the theft or loss of IT devices containing personal data, the inability to access data due to accidental causes or external attacks, viruses, malware, etc.
President Stanzione: during the lockdown of cyber attacks
“During the lockdown – confirmed the President of the Guarantor for the protection of personal data Pasquale Stanzione in his speech on the occasion of the presentation of the report – there was a significant increase in cyber attacks against (also) public bodies, chains supply and health networks, according to a trend that would inevitably be amplified with the Russian-Ukrainian conflict ”. Stanzione outlined the overall context: “According to the estimates of the World Economic Forum – he recalled – in the past year there would have been a 151% increase in ramsomware attacks: a figure that is far from marginal if we consider that each incident can cause a company loss quantifiable, according to The Ponemon Institute, in 4.24 million dollars ». A threat that affects the lives of all of us: “The most pronounced online exposure of our lives – continued Stanzione – has changed, in parallel, the same general perception of computer vulnerability: according to a study by Censis, 56.6% of Italians fear, today, of being subjected to violations of their computer security more than free access to the internet by minors (34.7%), of dependence on the web (23.7%) and of being a victim of hater (22%) ” .
The range of dossiers
Returning to the report, 2021 saw a series of interventions centered on the major issues related to the protection of people’s fundamental rights in the digital world: in particular, the ethical implications of technology; the data-driven economy; large platforms and the protection of minors; big data; artificial intelligence and the problems posed by algorithms; the scenarios traced by neuroscience; the security of systems and the protection of cyber space; the spread of facial recognition systems; monetization of personal information; the phenomena of revenge porn and sharenting. In 2021, 448 collective measures were adopted in particular (with an increase of over 56% compared to the previous year). The Authority responded to 9,184 complaints and reports concerning, among other things, marketing and telematic networks; online data from public administrations; health; IT security; the banking and financial sector; the job. The fines collected were approximately 13 million 500 thousand euros. With regard to the activity of relations with the public, over 18,700 questions were answered, which mainly concerned the obligations connected with the application of the EU Regulation, unwanted telemarketing; the public and private employment relationship; the activity of the data processors. Over 5 million and 800 thousand visits to the Authority’s website. No less relevant and intense the activity of the Guarantor at the international level, with n. 281 meetings, mostly held in virtual mode due to the Covid-19 pandemic.
Protection of minors
With regard to the online protection of minors, the supervisory action on the age of registration on social networks continued in the past year. The Authority has imposed on Tik Tok, measures to keep very young users off the platform, by removing hundreds of thousands of accounts of subscribers under the age of thirteen.