Disruptive Tech Week: Food for Thought on AI and Cybersecurity

A debate around Artificial Intelligence

On a panel on AI and its effects on the legal atmosphere, Maria Suarez, Partner in Privacy and Technology, Head of Management Knowledge in DA Lawyers; María José Tavalera, General Director Iberia at VMWare; and Lluis Altés, Managing Director Iberia at VMW, provided insights and thoughts based on their expertise.

The discussion revolved mainly around a variety of topics and various hypothetical questions were raised, most of them in relation to future challenges and situations involving artificial intelligence, legal aspects and its relationship with humans. Some of the questions debated during the event were the following:

How will AI transform the future of work? Similar to what happened during the industrial revolution in the XIX century, technology will transform jobs: new ones will appear and AI will become cheaper and more attainable.

Will AI make humans lazier? According to María José Tavalera, General Director Iberia at VMWare, it won’t, as it will allow us to be more creative and innovative: rather than dedicating our time on mechanic tasks, we will invest our knowledge and creativity on finding better ways to do the job and add value.

Who is responsible: the robot of the developer? It is a challenge for lawyers to advice companies with new technologies as there are a variety of issues that may arise. Consider a car that crashes with an automatic pilot. Who is held responsible? The software developer, the actual driver, the creator?

On Data Breaches & Cybersecurity

The discussion during the Cybersecurity panel centered on the availability of personal data online and the possible threats this may imply.

Cristina Sirera, Group Data Protection Advisor Corporate, Colt Technology Services; Daniel López, Partner Of Privacy and Data Protection Area; and Ecija Jesús Yáñez Partner Of Security, Risk And Compliance Area, Ecija Associate Director, DPO & IT Law, provided important insights and demonstrated how easily (and legally) data may be extracted from online sources through the use of different applications.

From a legal perspective, there are a variety of aspects that allow the retention and use of personal data for a period of time. Moreover, there is a huge amount of data available online that may be easily extracted and thus, used for other purposes.

To start with, a data breach is defined as any violation of security; a destruction, loss, accidental or unlawful alteration of personal data; it is an unauthorized disclosure of data. There are various legal measures to deal with data breaches and cybersecurity such as the GDPR, the European Regulation on Data Protection, which will be enforced as of May 25, 2018.

During the panel, we learned some facts about data breaches and cybersecurity and how can individuals and companies deal with this issue.

In an experiment conducted, approximately 30% of employees pursue actions that may be dangerous for the company in terms of cybersecurity

Are companies (and individuals) ready to deal with it?

Imagine there is a data breach in a company you work for. How should it be handled? Are there any laws to protect employees?

In 2017, only a 17% of large companies in Spain have articulated technical procedures on security breaches. In the case of a data breach, the Notification Control Authority allows 72 hours to inform about a data breach, in order to inform other countries to prevent further attacks. Newspapers are able to publish data breaches without having the responsibility to notify it, as they are in the journalism business. It is the company’s responsibility to notify the breach.

Regarding this notification, if someone inside the company notifies the breach without the consent of the company, the law protects them. There is a whistleblower protection, which does not allow the company to fire them. It is relevant that this notification is done with simple language and it includes the DPO  (Delegado de Protección de Datos), the consequences and the specific data that has been stolen. In today’s world, ignorance is not an excuse as it is the responsibility of the employees of a company to be up to date.

How are companies protecting themselves from data breaches?

25% of companies continue using Windows XP, which since 2014 it is unsupported by Windows, meaning it is an “open window” to hackers.

In an experiment conducted, approximately 30% of employees pursue actions that may be dangerous for the company in terms of cybersecurity due to ignorance. For example, finding a USB in the floor and plugging it in a computer, as it may contain a virus or other digital threats.

Another quite common negligence that leads to possible data breaches is social engineering, which is the act of collecting information online to steal identities from people inside a company and using it. This may be done with apps that are available online, for free, and legally.