In my line of work, I’m afforded the opportunity to talk to privacy professionals on a daily basis. What always strikes me when I consider the daily life of a privacy pro is the challenges inherent in the work. Assessing, mitigating, and providing notification for data breaches is a large and often stressful part of the job. Beyond that critical work, however, is a long laundry list of complex, routine, and equally important privacy tasks.
When it comes to data breach response and establishing strong incident response best practices, a seasoned veteran of this profession will tell you that their workload is often concerned with work that better prepares them for an inevitable breach - things like staying on top of changing regulations, keeping informed of regulator issued enforcements and guidance, and analyzing the privacy landscape to evaluate the areas for future research and investment.
In that vein, here are a number of privacy industry reports and regulatory updates that has the RADAR team talking this week:
- As a follow on to recent hints from European regulators that new fines and enforcement actions under the GDPR are imminent, the Hungarian DPA issued a warning about failing to properly notify the affected individuals of a personal data breach and for not having an internal data-breach management procedure in place.
- International law firm Pinsent Masons recently issued a report on the GDPR's impact on data breach notifications that touch on the risk of over or under notifying when it comes to data breach: "since the General Data Protection Regulation (GDPR) took effect in May 2018, the UK's Information Commissioner's Office (ICO) has received a monthly average of 1,276 data breach notifications – 43 notifications per day."
- Here’s a consumer data breach report with a troubling finding: Data breaches cost $654 billion in 2018, 2.8 billion consumer records exposed.
- Meanwhile, we continue to see regulatory complexity in U.S. states, as legislation is proposed or has recently passed in Texas, Oregon, Maine, New Jersey, Washington, and beyond.
If you’d like to share what privacy and data breach news is currently on your radar, we would love to hear from you at firstname.lastname@example.org.