BOARDROOM BEST PRACTICES

Huawei – GDPR Corporate Governance Challenges to Businesses

The UK government’s decision to allow Huawei to be involved in the non-core parts of the UK’s 5G network poses a corporate governance challenge to UK businesses.

 

The UK government’s decision, announced on 28 January 2020, to allow Huawei to be involved in the non-core parts of the UK’s 5G network, but with a 35 per cent cap on use of the Chinese company’s equipment, poses a governance challenge to the country’s businesses.

In May 2018, the UK government passed the Data Protection Act, which is the implementation to transpose the terms of the EU’s General Data Protection Regulation (2016/679) into UK law. The Act requires businesses to take strict measures to guarantee the security of personal data that they control and process.

There is a danger, however, that Huawei could use its position as part of the UK’s 5G network to capture sensitive personal data and share it with the Chinese government. This potential for collecting data for unsanctioned uses, of course, carries political risks, but it also puts data that businesses are obligated to protect at risk.

Read our white paper to learn about the risks of using insecure email and communication tools:

The Importance of Using Secure Communications Technology in the Boardroom

Data Governance Challenges and Privacy Risks

“By providing network access to Huawei, the UK government is potentially putting data privacy at risk,” writes cybersecurity expert Carisa Nietsche.

“5G is revolutionary because it provides consumers with up to one hundred times faster connections than 4G while expanding the capacity of networks to handle many more devices. Some 5G-enabled technologies, such as autonomous vehicles or the internet of things devices, involve near-persistent data transfer, meaning a user’s device is constantly sending and receiving data from the network. As data travels from Point A to [Point] B, there is a risk that Huawei could capture this data by rerouting it through servers that allow Huawei to copy the data.”

Huawei has repeatedly insisted that it would never allow the Chinese government to use its position in the UK 5G network for espionage purposes. “We are willing to sign no-spy agreements with governments, including the UK government, to commit ourselves to making our equipment meet the no-spy, no-backdoors standard,” Huawei Chairman Liang Hua said at a recent business conference in London.

But there is evidence of large-scale hacking of data by Chinese telecommunications companies.

“On April 8th, 2010 China Telecom hijacked 15 per cent of the Internet traffic for 18 minutes; experts speculate it was a large-scale experiment for controlling the traffic flows. The incident also affected US government (‘‘.gov’’) and military (‘‘.mil’’) websites. Many other similar cases have been reported by the experts over the years.”

Businesses Must Take Action to Secure Data to Prevent Governance Challenges

There are actions that businesses can take to secure data and prevent corporate governance challenges, and these measures should be made a priority now that the additional threat from Huawei is added to the ever-increasing number of threats from hackers.

“We need to open our eyes: computers and smartphones — whether professional or personal — are, at best, sieves, at worst, data traps,” explains cybersecurity expert Marc Triboulet.

“The General Data Protection Regulation has brought this issue to the public’s attention. But how can we protect our data without penalising the business of our companies? About 80 per cent of French people have a smartphone and 52 per cent use it as their preferred means of connecting to the Internet, according to the Digital Market Barometer published by Crédoc (2018).

With the advent of 5G, almost all of our information will pass through poorly protected smartphones that are exposed to frequent vulnerabilities. The antennas and core network routers of equipment manufacturers such as Huawei form the basis of the computer networks through which all our data passes. And network equipment supplied by non-European companies will be used to protect the confidentiality of 5G data.”

With lots of board management software to choose from, here are the 5 most important questions to ask during your search.

The Importance of Security and Encrypting Data

Businesses must make use of the best techniques available to make data safe. The most important of these is .

Encryption is the process through which data is encoded so that it remains hidden from or inaccessible to unauthorised users. It helps protect private information and sensitive data and can enhance the security of communication between client apps and servers.

When your data is encrypted, even if an unauthorised person or entity gains access to it, they will not be able to read it unless they have the key – a mathematical formula. Storing the key in a secure way is also critical to keeping data safe – too many companies simply keep the key somewhere near the encrypted data, and hackers find it.

The problem is that vast amounts of data, exchanged via insecure email platforms or faulty messaging, is not encrypted.

If your board members, for example, are still using email to exchange ideas, then it’s probably vulnerable to snooping. Or simple human error can route an email with sensitive information to the wrong person.

Not long ago, Goldman Sachs mistakenly sent a sensitive email with account information to a random Gmail user because someone fumbled some keystrokes and sent the message to a “gmail.com” account instead of a “gs.com” account. The email contained such sensitive information that the only recourse Goldman had was to get a court order to require Google to retract the message.

“Every email we send is insecure by default. While Google and Yahoo have taken positive steps to encrypt traffic, the basic protocols are still all plain text, and forget about controlling the emails you compose after you hit send. While an email address routes your message to a recipient, there’s no ability to recall or encrypt messages baked into this 30-year-old standard,” warns John Ackerly, co-founder and CEO of the digital privacy company Virtru.

Diligent Governance Cloud Enables Stakeholder Engagement

Diligent, the pioneer in modern governance, provides board management software that prevents corporate governance challenges with the highest grade of security.

Diligent Corporation’s collection of innovative software suite, known as the Governance Cloud, provides portal software, secure communications through Diligent Messenger, board assessments/evaluations, entity management software and more. As a governance professional, you can make both current and historical stats available to dedicated groups or a committee, or the board as a whole.

This board management software can be used across multiple sectors, including financial services, the private sector, the public sector and charities. By ensuring the security and efficiency of confidential board information and communications, your board will perform better.

 WANT TO LEARN MORE ABOUT OUR BOARD SOFTWARE?

Learn more about the Diligent Boards board portal and discover how Diligent’s modern governance solution can empower today’s board members and company secretaries to achieve key outcomes. Request a demo today

Featured Blog