Security News
Despite the pandemic, companies are obligated to comply with many laws governing data security and privacy, including the two most familiar to consumers - the European Union's General Data Protection Regulation and the California Consumer Privacy Act. Like GDPR before it, CCPA makes data security and regulatory compliance more of a challenge and requires businesses to create a number of new processes to fully understand what data they have stored in their networks, who has access to it, and how to protect it.
As consumers' concerns about their digital privacy continue to grow and who is responsible for guarding it remains unclear, new research conducted by Ponemon Institute reveals a lack of empowerment consumers feel when it comes to their data privacy. 60% of consumers believe government regulation should help address the privacy risks facing consumers today, of which 34% say government regulation is needed to protect personal privacy and 26% believe a hybrid option should be pursued.
CBS News and CNET Senior Producer Dan Patterson talked with Bryson Bort, founder and CEO of SCYTHE, a cybersecurity company that provides attack simulation, about privacy regulations, cities being attacked by ransomware, and whether cyber-deterrence works well. Dan Patterson: Presumably, somebody will win this election, and presumably we will have many people who are going to make determinations about regulation over the next, say, 18 to 36 months.
Bryson Bort, founder and CEO of cybersecurity company SCYTHE, fears "death by a thousand paper cuts" more than than a digital apocalypse. He also shares his views on how well cyber-deterrence works.
Australia has released its promised COVID-19 contact-tracing app. Dubbed COVIDSafe, the smartphone app follows the now-established practice of asking people to register their name, age range, phone number, and postcode, and create a unique identifier.
Australia has released its promised COVID-19 contact-tracing app. Dubbed COVIDSafe, the smartphone app follows the now-established practice of asking people to register their name, age range, phone number, and postcode, and create a unique identifier.
Synthetic data is helping highly regulated companies safely use customer data to increase efficiencies or reduce operational costs, without falling under scope of stringent regulations. The GDPR does not expressly reference synthetic data, but it expressly says that it does not apply to anonymous information: according to UCL, "Information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable." Synthetic data is considered personal data which has been rendered anonymous and therefore falls outside the material scope of the GDPR. Essentially, these important global regulatory mandates do not apply to collection, storage and use of synthesized data.
MediaPRO, a leading provider of security and privacy training solutions, has announced a new partnership with BSI, the international business improvement company. The new alliance will enable BSI to offer its clients personalized privacy awareness and regulation specific training programs that can be tailored to their risk management priorities.
As organizations face having to demonstrate compliance with a broad range of regulations that have an IT and cybersecurity impact, the imperative is to adopt frameworks such as ISO 27001 and NIST 800-53, says David Ogbolumani, chief cybersecurity and privacy officer at IT Security Consultants. Tackling today's top compliance and regulatory issues;.
California Attorney General Xavier Becerra recently issued modified draft regulations to carry out the California Consumer Privacy Act that are designed to help businesses take a more pragmatic approach to privacy. The proposed regulations clarify, for example, that businesses are not obligated to search for personal information in response to a consumer's request if certain conditions are met, says Caitlin Fennessy, research director at the International Association of Privacy Professionals.