My work with RADAR has afforded me the opportunity to attend a number of privacy events in the past few years. Just this week I had the pleasure of attending the American Bankers Association RIsk Management Conference in Austin. This event, which covered a wide range of risk concerns for banking professionals, surfaced many conversations about breach notification requirements and the challenges facing privacy professionals.
Hot privacy topics at industry events over the years have continued to revolve around a few key points: changes in privacy regulations, organizational challenges in operationalizing privacy, and the latest fines, enforcements, and breaches hitting the news cycle. Along those lines, and influenced by the conference this week, the following breach news stories and industry reports have been on my radar:
- This was a big week for data breaches in the news. Several companies put out announcements warning the public that information had been exposed – from pizza parlors and ecommerce companies to paper pension plan records going missing or medical centers falling victim to phishing attacks, it seems that incidents impacting sensitive data can occur in every sector.
- If this week in reported breaches wasn’t enough, the Identity Theft Resource Center released its Monthly Breach Report for February 2019: 101 total breaches and approximately 2,064,279 records exposed.
- Internationally, the Hungarian Data Protection Authority imposed a fine of over EUR 34,000 for failing to notify the regulator and impacted individuals of a data breach, and for failure to document the breach according to the requirements of the GDPR. In the Philippines, the National Bureau of Investigations sued 12 people who were allegedly behind the leak of 2,411 confidential security papers that went missing from the Maritime Industry Authority.
- The BakerHostetler 5th Annual Data Security Incident Response Report was released this week, analyzing 750 data breaches from 2018. Highlights from the report include the following statistic: in 2018, 34% of the incidents that required consumer notification received inquiries by state attorneys general, compared to just 16% in 2015 — perhaps signaling the increased scrutiny we can come to expect from regulators in a post-GDPR world.
- One interesting impact on the work privacy professionals do every day is the growing public awareness of privacy concerns. As the public becomes increasingly aware of how organizations use or mishandle personal data, our industry is under increasing scrutiny. One signal of this change? The New York Times has launched The Privacy Project, a months long project to explore privacy, technology, and impacts on our society.
I will also be at the IAPP Global Privacy Summit in Washington DC this May! If you’d like to share what privacy and data breach news is currently on your radar, we would love to hear from you at [email protected]