In addition to the personal information of 146 million Americans put at risk by the Equifax fiasco, the information of 400,000 Brits and Scots was exposed as well – a development that also astounded James Neville.
When Global Atlanta spoke with Mr. Neville over the phone on Oct. 5 he soon would be returning to London where Citizen, the company that he founded and currently heads, is based. He co-founded and serves as CEO of Citizen after having been the chief technology officer of the payment processing company Worldpay prior to its 2015 IPO.
He was in Atlanta for the Atlanta International Startup Exchange, a program begun last year in partnership with the French city of Toulouse, and expanded this year to include U.K. companies with the U.K. Department for International Trade, Invest Newcastle and Sage, the British multinational enterprise software company headquartered in Newcastle upon Tyne.
Part of the program included attending events around Atlanta Cyber Week from Oct. 2-6.
Having widened his focus on Worldpay’s customer base ranging from airline to video game companies, Mr. Neville currently is focused on individual customers. He said that Citizen wants to return the control of personal data back to the consumer, using biometrics and cryptography to ensure that their personal data is handled with the same levels of security as the companies involved in the world of payments.
His timing can only be admired for arriving in Atlanta when Atlanta-based Equifax’s data breach was receiving the closest scrutiny on Capitol Hill in Washington. From his years at Worldpay, the ability of hackers to take advantage of a flaw in Apache Struts software may not have been so surprising to him.
Yet even for a professional closely acquainted with the “Dark Web” and the extent of the hackers around the world, the amount of personal data of millions of people exposed remains startling.
It’s still too early to tell the perpetrators of the hacking, he said. And it will be difficult to conduct an investigation until there is more evidence as to what nefarious uses the information may be put to use. “Even the hackers may be surprised to the extent that they succeeded,” he added.
Somewhat reassuring for Europeans, he said, is the General Data Protection Regulation (GDPR) that is to be enforceable on May 25, 2018.
The European Union regulation intends to strengthen and unify data protection for all individuals within the EU. It also addresses the export of personal data outside of the EU and seeks to give control back to citizens and residents over their personal data.
Its passage by a number of EU institutions as far back as April of 2016 indicates the concerns that arose more than a year ago to the prevalence of hacking and the need to unify the regulations across the EU.
Under the regulation, EU citizens will have the right to request the deletion of personal information related to them, and companies will have to be able to prove that the offending data has been properly wiped away.
Among the many provisions to protect Europeans is one that would have made officials of Equifax cringe if it had been applied to the company. Breach notifications are to become mandated where a data breach is likely to “result in a risk for the rights and freedoms of individuals.”
According to the regulation, “data processors will also be required to notify their customers, the controllers, ‘without undue delay’ after first becoming aware of a data breach.
In comparison to the response at Equifax between the time the breach which occurred in May and formally announced in September, under the GDPR such breaches are to be announced within 72 hours.
In view that “timing is everything,” Mr. Neville’s arrival in Atlanta may be propitious. He underscored that Citizen’s vision is to provide “a safer, legitimate internet.”
“One where individuals control their own data, and businesses are granted deeper direct information,” his company’s website promises. “Our model is never to resell or pass on personal data without consent. To achieve this, we use cryptographic tokens, so that we cannot see or sell our customer’s data.”
In the telephone interview, he made it clear that he felt comfortable in Atlanta where he learned that 70 percent of all payment transactions in the U.S. pass through the city.
So much so, that he is contemplating opening an Atlanta office, perhaps as soon as in the second quarter of next year.
Mr. Neville may be reached by email at firstname.lastname@example.org