Data protection

With increasing digitalisation, ever larger amounts of data are being generated, which cybercriminals can also use for targeted purposes. cyber criminals can use for targeted purposes. Data protection is therefore of great importance. Data protection and cyber security go hand in hand, as cyber criminals can, for example, penetrate computer systems and gain access to data without security measures. Politicians should promote the intercantonal harmonisation of data protection, support targeted research programmes and define clear minimum standards for data protection technologies. At the same time, binding, risk-based information and data protection management systems are needed for data-processing organisations in order to guarantee data protection in the long term.

The challenges 

  • Data confidentiality, integrity and availability: These three cornerstones of data protection are technically and organisationally difficult to implement, especially with large data streams and multiple processing points. 

  • Control of data flows: Traceability and protection against manipulation in data processing across different organisations is currently only insufficiently guaranteed. 

  • Anonymisation and pseudonymisation: These techniques are often insufficient to ensure the confidentiality and integrity of data. 

  • Implementation of regulations: Despite a legal basis, there is a lack of uniform standards, good practice and effective monitoring. 

Recommendations for politics, business and society 

  • Inter-cantonal harmonisation: Promote uniform implementation of data protection across all cantons.  

  • Research and development: The Confederation should promote research programmes to monitor and trace data processing and flows. 

  • Minimum standards for data protection: The Federal Data Protection and Information Commissioner (FDPIC) should define and continuously maintain minimum standards and good practices for the anonymisation and pseudonymisation of data. 

  • Information and data protection management systems: Require data processing organisations to introduce a risk-based information and data protection management system. 

Through these measures, politics, business and society can jointly create the conditions for a sustainable and secure handling of data. 

Authors and subject responsibility

Umberto Annino, Microsoft | Matthias Bossardt, KPMG | Martin Leuthold, Switch | Andreas Wespi, IBM Research

Review Board

Endre Bangerter, BFH | Alain Beuchat, Banque Lombard Odier & Cie SA | | Daniel Caduff, AWS | Adolf Doerig, Doerig & Partner | Stefan Frei, ETH Zürich | Roger Halbheer, Microsoft | Katja Dörlemann, Switch | Pascal Lamia, BACS | Hannes Lubich, Verwaltungsrat und Berater | Luka Malisa, SIX Digital Exchange | Adrian Perrig, ETH Zürich | Raphael Reischuk, Zühlke Engineering AG | Ruedi Rytz, BACS | Riccardo Sibilia, VBS | Bernhard Tellenbach, armasuisse | Daniel Walther, Swatch Group Services