On January 28, the whole world celebrates Data Privacy Day — more and more relevant topic with the technology implementation into our everyday lives. That's why Data Privacy is part of Parimatch Tech's Customer's Protecting&Care direction, which we are developing in line with a Sustainable Development strategy. For Data Privacy Day, we have asked our Chief Information Officer, Andrey Chygarkin, about measures we are taking and will continue to take to protect our user's data.
What security measures are taken across the company?
Parimatch Tech has been addressing security considerations systemically for a long time, which is why there are numerous methods and mechanics that we use to ensure security. This is a broad issue, and it cannot be covered with a short answer. Let’s put it this way, we manage security strategy by focusing on the risks associated with access, data security, product security, network security, employee security and supply chain threats. We have a remarkable team of over 1,000 tech experts, developers, and analysts working from different corners of the world in Parimatch Tech’s R&D centres, and their work helps us keep Parimatch platform safe and prepared to fight attempts on our digital security.
What developments are you looking forward to following in 2022? How important is it to your company to follow these?
We have quite an extensive strategy on IT and information security. Parimatch Tech’s priorities include ensuring employee security when working remotely, data security, and product security. We will also pay extra attention to vendor management and supply chain cyber attacks.
How does your work with data privacy issues apply in each region/country that you operate in? Do you follow the same principles in each, or does it differ?
It’s crucial. Security is one of the main strategic priorities for the company's growth, and we are glad that both the management and our partners see it as a critical element of Parimatch Tech operations.
We try to use a unified approach to ensuring data security with the same level of rigidity, regardless of the clients’ country of origin - our product features a plethora of tech solutions that allow us to adapt to the needs of clients in different regions very efficiently. Of course, we consider local legislation and local regulations, follow the laws in each individual region. However, IT and information security management practices are centralized and the same for everyone.
Is there anything that has surprised you about the changes and development of data privacy over the past 5 years?
To be honest, nothing has surprised me. On the contrary, we see a growing focus on privacy concerns, more and more people are paying attention to this issue. This area is getting more regulated, there are many formal requirements that need to be followed.
Also, the trend for comprehensive control and management of your personal data is seen clearly. Privacy breaches are not uncommon, and it can be a challenge to guarantee the security of personal data when people share this data with many sources themselves. Proving that the breach wasn’t related to your platform is tough when you know numerous cases of your clients sharing this data themselves through different, less secure channels. So, I believe that the trend for educating the public about data safety and security will continue in the future.
Do you have any plans for investment or focus within this area this year?
If the question is about investing in the security of personal data — the answer is yes. The internal strategy involves further upgrading the protocols of working with personal data, as well as the mechanics to limit access and prevent breaches.
What are the rising threats in data privacy that may appear or become major in the coming years? How should companies react to them and prepare?
Once again, it’s all about the breaches. The first vector is information hacking, when hackers get some personal data on clients or employees. The means to obtain it are getting more creative every day, so we need to stay sharp to counter these threats.
The second vector, the most popular one, is getting information from an insider when a person abuses his work power and gets some data to share or sell it. This isn’t new, there are no fundamentally new risks.
Parimatch Tech works with both of the above-mentioned directions. It makes sense to pay more attention to the first scenario, because of the increasing number of technical opportunities hackers can utilise. One of the challenges we thought about was switching to a remote or hybrid mode of working. It gets more difficult to monitor the activities of employees, so building trust and educating people on data security is key.
Is data privacy a one-way street, and the responsibility for keeping user data safe lies solely on the shoulders of the companies, or should the users keep something in mind to keep their data safe, too?
I would say that the client is equally responsible for personal data protection. As I mentioned earlier, there is no culture of not sharing your personal data nowadays. People may sign up in an online shop, which doesn’t care much about data protection, and leave their personal data there. In our case, the most popular scenario is a weak password of the user - for their mailbox, or personal account, or our platform. In this case, a hacker can crack this password and access the account without much trouble. This leads to the breach of personal data. It is the case of equal responsibility with a strong focus on the user. After all, the company’s effort and investments into security infrastructure can be undermined by the user who shares their personal data with this hypothetical online shop with weak security protection policies. The worst thing about this is that often times there is nothing the companies can do about this.
To make up for that, Parimatch Tech constantly develops and launches education programs for our teams. Our tech experts cover access management, data security, hands-on security, incident and risk management, social engineering, to name a few directions we work with. The programs are kept up-to-date and are mandatory to complete for every new member of Parimatch Tech.
What are the most common misconceptions people have about data privacy, where these misconceptions come from, and how companies need to address them?
One of the misconceptions is about relying solely on the company, it’s important for the users to treat their personal data seriously, too.
- It seems that each year the number of data leaks and privacy breaches keeps growing. Is that true and privacy issues are more common, or these cases are just more public now? If they are more common, what is the reason behind it? After all, there are a ton of measures taken by the companies to protect the data.
Indeed, the number of breaches is increasing. I think that one of the points of concern is the fact that the data being leaked is not unique. People log in to Facebook, LinkedIn, Twitter and other social platforms, and share the same info with numerous sources even without knowing it. Yes, the numbers are huge, but there are also intersections in databases and the information that is stored there. On the other hand, personal data, from a business point of view, is confidential. If a company possesses the information on a competitor’s client database, it may take advantage of this. From this perspective, business creates demand for this data. Some businesses buy this data and use it, and doing so contributes to this data availability in the market.
Also, in terms of risks, this may be one of the opportunities to blackmail the company. For example, in terms of GDPR, the company incurs financial losses in case of violation of the regulations on data privacy. Again, this may be a weapon in competitive battle. These mechanisms can also be used to damage a company’s reputation.
Privacy is a trending topic and can be used for both good and bad. I think that the trend for information leaks will continue to grow, sadly. If small companies are not concerned about privacy, their databases can be leaked. On the other hand, giants like Meta, G oogle and Apple can profit from marketing and advertising using personal data. Personalized approach, understanding people’s interests and preferences allows profiling more clearly and using ads in business more efficiently. I think that the trend will continue to grow to meet the demand.