Company Data Protection - Friend or Foe?

Anna Wennakoski, , LL.M. Scholar

"There are only two types of companies: those that have been hacked, and those that will be. Even that is merging into one category: those that have been hacked and will be again --." Quite a pessimistic view, one might think. Yet, even if one would refuse to undersign any such though-provoking statement as the ultimate truth, one can not totally by-pass it either. Moreover, it could even be posited that some companies might not even acknowledge that they have been victim of a data breach. For, today, in the midst of the information society we live in, the legal requirements set to data protection should – and can no longer ignored. Phenomena such as globalization, digitalization, outsourcing, fast pace employee mobility, with digital equipment, not to mention various mobile application that collect and track our living habits as well as “Bring Your Own Device” (“BYOD”) –policies, are becoming omnipresent in our daily life. Further, it has been posited that the mankind has probably never produced as much information as does today. At times, the sheer volume of data seems exhausting, not the least from an in-house counsel’s workload perspective. Nonetheless, companies typically have a need to exploit and utilize various data in their respective business and perhaps to further commercialize it too. A start-up business can even be based entirely on a business concept around (personal) data.