Question 9: Doing the Right Thing: Cyber Security and Ag Data Concerns

Ransomware and malware attacks seem to have become commonplace. The ag industry is certainly not more immune than any other industry, as the ransomware attack on meatpacker JBS recently proved. Many people are right to worry about the security of our food supply chains and potential disruptions from cyber-crime. Is there a role for the Ag Data Transparent certification in addressing these hacking attempts?  Yes - but it’s probably not what you think.

The Ag Data Transparent (ADT) certification has always been first and foremost about data transparency. That means understanding how farmers’ data is collected, stored, shared and used by ag tech companies. The ADT certification does not mandate certain cyber-security practices for these companies because, frankly, that would be impossible. Cyber-security requires an ever-changing response as hackers continually adapt and adjust to existing security. It would be impossible to mandate a standard response to such an ever-moving target. 

However, there is a role for the ADT when it comes to data security.  The ADT’s role is to make sure that data originators and data owners know when their data has been compromised. That’s why we require companies to notify users if a breach of their data causes disclosure to an outside party. Specifically, Question 9 states: Will the tech company notify the user if a breach of data security causes disclosure of the user’s data to an outside party?

 Companies should not only notify users of a data breach when the law requires them to do so. They should notify users because it's the right thing to do. That’s why the ADT makes companies commit to notify you when your data has been breached. It’s the right thing to do.