One of my clients recently asked me what organizations should expect for information security and privacy in 2019. My short answer: More! Here is what to expect in five key areas in 2019, and beyond.
Throughout the past couple of decades, I have identified a dozen reasons why data privacy protection brings many business values, and should not be brushed aside or minimized in importance.
Too many organizations either provide for no security and privacy training and awareness or take a completely inadequate or ineffective (bad) approach. Effective regular training and ongoing awareness can provide tremendous return on significantly better security and privacy practices.
Why is there always some information security or privacy pros who insist on proclaiming that user awareness and training is a waste of time and money?
In the past few months the amount of talk, advice, debates, and claims about the EU GDPR which goes into effect May 25, has escalated to a fever pitch. And there is the rub. Most organizations do not know really know or understand what “personal data,” the GDPR term, is as it applies to their organization.
7 notified Sears, Best Buy, Delta, and other clients using their platform, about a data breach six months after the breach occurred. What should service providers and organizations that contract these third parties be doing better to protect their customers' privacy and personal data?
Do we need to protect the privacy of the deceased? Let’s look at the two kingpins of privacy regulation mentioned earlier – HIPAA and GDPR. We then take a brief view at a few of the literally hundreds of other personal information protection laws with regard to if and how they relate to the protection of the deceased.
Individuals, business leaders, and all other types of organization leaders need to improve their ransomware protections to protect their personal data, preserve privacy, and maintain access to their other data. What are some of the simple steps to avoid being a ransomware victim?
While so much has changed in technology and addressing privacy, it is important to never forget the lessons of the past. The basic categories of privacy risks are still the same and the general concepts for mitigating those risks are also pretty much the same as they were decades ago.