Tag: Legislation

Implications of the California Consumer Privacy Act of 2018

It’s no secret, consumers are increasingly mindful of who is accessing, collecting, receiving, storing and otherwise processing their personal data. In an effort to standardize data protection requirements across the European Union and improve trust in the rapidly expanding digital economy, the European Parliament and Council introduced the General Data Protection Regulation (GDPR), which went into effect this past spring.

The GDPR is effectively changing the way business is conducted around the world, with massive implications for global ecommerce. And we’re now seeing the push for data protection in the United States with the adoption of the California Consumer Privacy Act of 2018 (CCPA).

Read more about the CCPA and its implications on Help Net Security.

Global information security spending to exceed $124 billion in 2019

Worldwide spending on information security products and services will reach more than $114 billion in 2018, an increase of 12.4 percent from last year, according to the latest forecast from Gartner. In 2019, the market is forecast to grow 8.7 percent to $124 billion.

“Security leaders are striving to help their organizations securely use technology platforms to become more competitive and drive growth for the business,” said Siddharth Deshpande, research director at Gartner. “Persisting skills shortages and regulatory changes like the GDPR are driving continued growth in the security services market.”

Read more about the predicted rise in security spending, and the drivers for it, on Help Net Security.

California Consumer Privacy Act: What you need to know to be compliant

In late June, 2018, California passed a consumer privacy act, AB 375, that could have more repercussions on U.S. companies than the European Union’s General Data Protection Regulation (GDPR) that went into effect this past spring. The California law doesn’t have some of GDPR’s most onerous requirements, but in certain respects it goes even farther.

The California Consumer Privacy Act takes a broader view than the GDPR of what constitutes private data. The challenge for security, then, is to locate and secure that private data.

Read more about California’s new privacy law, AB 375, and learn how to be compliant on CSO.

Businesses collect more data than they can handle, only half know where sensitive data is stored

With pressure to ensure consumer data is protected mounting, Gemalto today released the results of a global study which reveals that 65% are unable to analyze all the data they collect and only 54% of companies know where all of their sensitive data is stored. Compounding this uncertainty, 68% of organizations admit they don’t carry out all the procedures in line with data protection laws such as GDPR.

These are just some of the findings of the fifth-annual Data Security Confidence Index, which surveyed 1,050 IT decision makers and 10,500 consumers worldwide.

Read more about the findings of the fifth-annual Data Security Confidence Index on Help Net Security.

A Seismic Shift: What California’s New Privacy Law Means for Cybersecurity

The enactment of the California Consumer Privacy Act of 2018 (CCPA) on June 28 is the latest in a series of new laws and regulations around the world that represent a fundamental shift from the reactionary approach to security governance we’ve followed since the 1980s.

Starting with the European Union’s General Data Protection Regulation (GDPR) and continuing with New York’s Department of Financial Services (NY DFS) cybersecurity regulations, privacy and security are now inextricably linked in the U.S.

Read how the CCPA, GDPR and the NY DFS regulations are driving a change in how businesses approach cybersecurity thanks to similar language found in all three policies: the duty to implement and maintain reasonable security procedures and practices, on Security Magazine.

NSA deleting millions of phone call and text records over privacy violations

“Technical irregularities” have the NSA scrambling to delete millions upon millions of phone and text message data records the agency should never have obtained under the USA Freedom Act.

While The New York Times reported the number of call detail records (CDR) the NSA was deleting was in “hundreds of millions,” the Associated Press clocked the number at “more than 685 million call records.” If that number is correct, then it came from the 534 million records the NSA collected in 2017 as well as the 151 million records collected in 2016, which was the first full year after the USA Freedom Act surveillance rules kicked in.

Read more about why the NSA has started deleting all call detail records acquired since 2015, something it has admitted  in a public statement, on CSO.

​European Union prepares to wreck internet with new copyright law

The internet is a bastion of free speech. You can say whatever you want about anything on any site that allows comments and post any content you like on sites that allow you to share music, code, words, video, and so on. That may be changing. The European Union (EU) Article 13 was just passed by the EU’s Legal Affairs (JURI) Committee. If it makes it into law, freedom of speech on the net will be gagged.

Under Article 13, instead of letting you be free to say whatever you want or share whatever content you desire, every website has to check your every word, sound, video, programming code, image, or video to see if it’s a copyright violation. In short, everything.

Read more about EU Article 13 which, if it makes it into law, will force all websites to check any and all posts for copyright violations, on ZDNet.

92 million MyHeritage email addresses found on private server

On Monday, MyHeritage, an online genealogy platform, announced that more than 90 million of their users had email addresses and hashed passwords compromised, after a researcher discovered a file being hosted on a private server. MyHeritage confirmed that the contents of the file originated from the company.

While the other systems, such as those that manage payments, genealogy, and DNA were not compromised, the company has hired an outside firm to determine the full scope of the breach. Also, following GDPR requirements, MyHeritage alerted the public to the incident the same day they were told about it, and said they’re taking steps to inform relevant authorities.

Read more about the MyHeritage data breach, which could be seen as the first major post-GDPR data breach, on CSO.

The emergence and impact of the Data Protection Officer

One of the lesser known mandates of the General Data Protection Regulation (GDPR) is the creation of a completely new role: The Data Protection Officer (DPO). If you haven’t heard of this before, it’s time to pay attention.

This new role is responsible for many critical areas relating to the anonymization and the preservation of personal information collected by a company. The DPO acts as the architect of the procedures by which personal information is collected, processed and stored within the IT infrastructure; ultimately, promoting the adherence to GDPR requirements. And while this may sound straightforward, the intricacies of the position are magnified when you consider the widespread impact of cyber-attacks and data breaches.

Read more about the emergence of the Data Protection Officer and what experts predict for the future of compliance on Help Net Security.

GDPR vs. ePrivacy: The 3 differences you need to know

After months of waiting, the EU’s General Data Protection Regulation (GDPR) went into effect on May 25, 2018, and user inboxes were flooded with emails alerting them of changes to company privacy policies. However, even though the world has (mostly) accepted GDPR and kept moving forward, that isn’t the end of EU privacy regulations for the tech industry.

On the heels of GDPR comes the ePrivacy regulation, a separate regulation that focuses on ensuring individual privacy as it relates to electronic communications. While the final draft of the ePrivacy regulation didn’t make it out in time to release with GDPR, it is in the works and expected to release soon. As such, it is important that companies understand the different ways in which the GDPR and ePrivacy regulations will affect their business.

Read about the three differences that business leaders and professionals need to know on TechRepublic.