In the US, the Federal Trade Commission (“FTC”) has registered a complaint against Amazon, alleging that the security of its Ring products was such that every Amazon employee was able to access every customer video, even when it wasn’t necessary for their jobs. Employees, including some third-party contracts, were evidently able to download videos too. The complaint stems back to summer 2017 but has recently come to light, and Amazon has changed its practices to make things more secure since. Amazon is challenging the complaint, which could see a fine of $5.8 million levied if proven. You can read more about the complaint in Malwarebytes blog https://www.malwarebytes.com/blog/news/2023/06/amazons-ring-camera-used-to-spy-on-customers.
Human nature being what it is, if people can do these sorts of things, then some will. So what are the implications for all of us?
Of course we need policies and procedures in place that clearly describe our organisations approach to data protection, and the consistent behaviours we expect our staff, volunteers and others to adhere to. This needs to be underpinned with training.
However, we also need to apply access and other controls so that people cannot, deliberately or accidentally, go gainst the procedures. So next time I hear someone say “we don’t restrict access to our systems (CRM etc) as we trust everyone” I will remind them of this.
And if you are not confident that you have everything in place to protect yourselves and your colleagues, or you would like more information, you can contact us in the normal ways, use the contact form at https://zorva.info/about-us/contact-us/ or book a free 20-minute insight call at https://zorva.info/free-insight-call/