Exactis, a US-based marketing firm you didn’t know existed, discovered earlier this year that it was storing its database of 340 million customer records on a publicly accessible server. The security firm that located the risk told WIRED it was one of the most far-reaching databases of information it had ever seen—the entirety of which was easily vulnerable to attack.
Exactis’ failure presents obvious parallels to Equifax Inc.’s 2017 breach of 143 million US customers’ Social Security Numbers and much else. Disasters like it are why Senator Elizabeth Warren is championing for an Office of Cybersecurity at the US Federal Trade Commission to enforce higher data protection standards for handling consumer records.
The core principles of Senator Warren’s proposed Data Breach Prevention and Compensation Act of 2018 (DBPCA) became a reality in the European Union as of last May. For EU members it’s called the General Data Protection Regulation (GDPR)—and the LeanIX blog has reported on it from conception to reality plus hosted compliance seminars with those like Andreas Bosch from McKesson. But seeing that many EU companies grapple with its terms, are American enterprises likely to also struggle if/when their turn to submit?
And more specifically, must Enterprise Architects re-think operations to prepare for whatever wave of intensified scrutiny is coming their way?