One of my clients recently asked me what organizations should expect for information security and privacy in 2019. My short answer: More! Here is what to expect in five key areas in 2019, and beyond.
Rebecca has 25+ years of IT, information security & privacy experience, is CEO of The Privacy Professor® consultancy & President of SIMBUS, LLC Information Security, Privacy & Compliance cloud services. Rebecca has authored 19 books and contributed to hundreds of other books & articles. Rebecca led the NIST Smart Grid Privacy Subgroup for 7 years, is co-founder of IEEE P1912, and is on many advisory boards. Rebecca was Adjunct Professor for Norwich University MSISA program for 9 years, has received numerous awards & keynoted on 5 continents. Rebecca appears regularly on KCWI23 morning show & hosts VoiceAmerica radio show “Data Security & Privacy with the Privacy Professor.” Rebecca is based in Des Moines, Iowa, USA.
Throughout the past couple of decades, I have identified a dozen reasons why data privacy protection brings many business values, and should not be brushed aside or minimized in importance.
Too many organizations either provide for no security and privacy training and awareness or take a completely inadequate or ineffective (bad) approach. Effective regular training and ongoing awareness can provide tremendous return on significantly better security and privacy practices.
Why is there always some information security or privacy pros who insist on proclaiming that user awareness and training is a waste of time and money?
In the past few months the amount of talk, advice, debates, and claims about the EU GDPR which goes into effect May 25, has escalated to a fever pitch. And there is the rub. Most organizations do not know really know or understand what “personal data,” the GDPR term, is as it applies to their organization.
[24]7 notified Sears, Best Buy, Delta, and other clients using their platform, about a data breach six months after the breach occurred. What should service providers and organizations that contract these third parties be doing better to protect their customers' privacy and personal data?
Do we need to protect the privacy of the deceased? Let’s look at the two kingpins of privacy regulation mentioned earlier – HIPAA and GDPR. We then take a brief view at a few of the literally hundreds of other personal information protection laws with regard to if and how they relate to the protection of the deceased.
Individuals, business leaders, and all other types of organization leaders need to improve their ransomware protections to protect their personal data, preserve privacy, and maintain access to their other data. What are some of the simple steps to avoid being a ransomware victim?
While so much has changed in technology and addressing privacy, it is important to never forget the lessons of the past. The basic categories of privacy risks are still the same and the general concepts for mitigating those risks are also pretty much the same as they were decades ago.
This article is based on a presentation made during the Data Privacy Asia 2016 conference held on 9-11 November 2016 by well-known and widely respected information security, privacy and compliance expert Rebecca Herold. Rebecca addresses how IT leaders are increasingly challenged by the myriad of physical, legal, political and logical considerations for data residency.