Why Cathay Pacific’s handling of its data breach deserves praise – honesty is better than silence
- Richard Harris says the aviation giant is just one of a long list of companies preyed on by hackers but it responded with greater thoroughness and transparency
- With data breaches having become the norm, making sure that leaked information is not used illegally or immorally is a collective responsibility
I do not have to act as an apologist for Cathay Pacific; goodness knows, I have paid enough money to them over the years. But look at the evidence. Your personal data is highly available – look down, your mobile number is already a global identity card.
There is a huge amount of data collected unnecessarily and for trivial reasons. By allowing Google access to your location to find you a nearby restaurant, you send your valuable location data to servers worldwide.
I went to a conference last week whose attendees were mostly much younger than I. Call me old-fashioned, but I expected in the traditional way to be able to buy a ticket at the door as well as on the internet. It took 20 minutes – of nearing the limit of my will to live – for the helpful ticket seller to insert my title, name, address, telephone number, credit card details, and inside leg measurement into the machine, checking each item with inscrutable thoroughness. I have no idea why they needed so much information but I impatiently surrendered. Could I have said no?
Cathay’s delay of seven months in revealing the loss seems excessive. Then again, within hours I received an email stating that my name, Hong Kong ID, nationality, phone number and title had been leaked – little more information than you can retrieve from this article. Others had more clone-able material stolen, like their birthday, email address and travel document number. But is speed really more important than careful investigation when the hackers can move at the speed of light? I felt peace of mind in knowing the full limit of the breach soon after the announcement.
Watch: The declining fortunes of Cathay Pacific
In 2016, I attended a panel on artificial intelligence at Harvard Business School at which the audience was spellbound at the prospect of machine learning. Classes at Harvard are noisy affairs, as knowledgeable, experienced and ego-filled as they come. But one question stilled the class for a chilling second – no one could answer if privacy meant a hill of beans any more.
Watch: China denies spying on Trump’s iPhone, suggests he get a Huawei instead
Cathay admitted their breach – how many others do not? Attacking a company for being honest makes it hard for others to admit their failures. Those successful hacks that we do hear about are the tip of the iceberg.
Once we give up our data, we give up control. Data breaches are part of the millennial age. Taking care that data is not used illegally or dishonestly is now everybody’s responsibility.
Richard Harris is chief executive of Port Shelter Investment and is a veteran investment manager, banker, writer and broadcaster and financial expert witness