On Our Radar: April 5, 2019
In my role at RADAR, I have the distinct pleasure of working directly with our customers, learning about the challenges they face and the success they find in building a strong culture of compliance within their organizations.
One thing I hear from privacy champions across industries and from companies large and small is that privacy is an evolving beast. Regulations are constantly being introduced or amended. New technology threat vectors are emerging every day. The proliferation of data in the way we do business – and the continued need to be thoughtful stewards of this data – is never going away.
In a way, this work demands that privacy professionals be lifelong learners, research proposed laws, keep track of the latest data breaches and sources, and stay informed of the technologies that can help or hinder their work in privacy. Staying sharp and remaining curious are critical qualities in any privacy professional.
In that spirit, here are some of the recent stories we are reading, in an effort to keep up with our fellow privacy professionals.
- This week, global law firm Hunton Andrews Kurth announced a partnered report with the U.S. Chamber of Commerce that proposes a framework for effective data breach notification legislation across the globe. Privacy professionals will particularly identify with this quote from the report: “From a global perspective, there is a cacophony of data breach notification rules that vary based on geography and industry sector. The requirements form a patchwork quilt of obligations that are not uniform even when applied to the same incident.” Read the report here.
- This article in Medill Reports Chicago has some interesting ways of displaying data around the biggest data breaches in recent years, including the duration of the incidents, and how delayed notification was to impacted individuals. We’ve noticed a trend in changing data breach notification regulations that notification timelines are becoming increasingly specific. John Reed Stark, independent cybersecurity consultant and former chief of the SEC’s Office of Internet Enforcement said “It’s important to have the latest tools and technology because the threat is evolving. It’s even more important to have the proper governance and proper response framework in place.”
- This article gives an interesting insider look at how hospital physicians are being trained to provide care in the event of a ransomware attack. Avoiding ransomware and other similar spear phishing attacks is top of mind among healthcare providers, one of the biggest targets for this kind of attack.
- Privacy cybersecurity provider Carbon Black released its first Singapore threat report. In a survey of over 250 individuals, “92 per cent of the organisations surveyed had seen an increase in attack volumes, and 95 per cent of the breaches were getting more sophisticated.”
- Congresswoman DelBene, representing Washington State’s 1st district, introduced last week The Information Transparency and Personal Data Control Act, which “allows the FTC to fine companies who are in violation of federal privacy regulations on their first offense. Currently, companies can only be fined for their second violation of an FTC enforced rule.” It also expressly doesn’t preempt state data breach notification laws, which has been a sticking point for these continuing conversations around a federal privacy regulation in the past.
If you’d like to share what privacy and data breach news is currently on your radar, we would love to hear from you at [email protected]