Data Privacy Laws | Cybersecurity Insights #12

June 12, 2019 posted by



Hello again! Josh here from Absolute. In our last episode, we saw how the digital
world creates privacy challenges. In this episode, we'll look at the laws designed to protect personal data. The most obvious place to start is with the General Data Protection Regulation (GDPR) which is fashioned as a statement of rights, including: – the right to rectify – the right to be forgotten – and the right to civil action. And "rectify" simply means
when someone requests to change details of her digital self, you must
find her data anywhere it could be, so that you can correct
the information and comply with GDPR. The right to be forgotten is also key, allowing a person's
digital identity to be purged; in legal jargon this is called the "right to erasure". Once again, we need to find it, which means we need to probe every endpoint
to discover where the data is so we can remove it. Finally, GDPR guarantees the right to sue for damages when personal data is misused or left unprotected. This is important: we have to demonstrate safeguards are active, up-to-date, and working at all times. Because it's the only way to prove your innocence and avoid a fine, which, in this case, can be up to
4% of your organization's annual revenue. Fumbling on data privacy comes with a big price tag. What about outside of Europe? In the US, we find laws like HIPAA (for health information) and S-P and S-ID for
financial records, enforced by the SEC. But no national privacy standard. In the meantime, we need to
follow state laws like CCPA in California. And some have called CCPA, "GDPR-lite". But that's only for the penalties. CCPA imposes more restrictions, demands faster reporting, and tighter controls than GDPR. So if it's true as they say, "As California goes, so goes the country", then we can expect the US to end up with more stringent standards than the European Union. And then, we come to PIPEDA, Canada's newly refreshed hammer for privacy. Not only is reporting
unauthorized access required (like GDPR), but also if safeguards have been broken (like antivirus, encryption, security agents), regardless if the attacker was successful. Wait! You have to prove your security posture was airtight when the incident happened, not just when data stolen? Yeah, that's what we're saying! Data Privacy is today's greatest
challenge for IT and security teams, and with 35% of sensitive
data out-of-sight on endpoints, there's never been a stronger need for persistent endpoint visibility and control. Next time we'll
go into specific steps you can take to ensure data remains private. Be sure to subscribe and drop your comments below. I'll see you then.

3 Comments

3 Replies to “Data Privacy Laws | Cybersecurity Insights #12”

  1. Sarah B. says:

    Thanks for the video ! Brief and informative. I like that 🙂

  2. Frank Barone says:

    "its not that I have anything to hide, I just don't have anything I want you to see". BE SAFE PEOPLE. Never reveal your identity to anyone or anything online. Never use your real name on FaceBook or Google. Always use prepaid credit cards purchased with cash if you need to buy anything online. Never fill out DMV forms, medical or car insurance, job applications or anything online. Read all privacy statements, and terms of use before doing any business with anyone. Never let yourself be photographed and tagged with your real name. Privacy is fleeting, The more you give in, the less freedoms you'll have. Fight for you constitutional rights to travel freely without having to pay anything for "Real ID", drivers license etc. Millions of gallons of blood was spilled for your freedom, don't let it slip away!

  3. TRAVISTEN COM says:

    #TRAVISTEN #TRADERLIFE

Leave a Comment

Your email address will not be published. Required fields are marked *