Identity theft is a frighteningly real concern during the holiday season as consumers shop more and cyber criminals get busy. Companies that proactively offer identity protection to cushion the full impact of a data breach on customers that are victimized will reap benefits of trust and loyalty from their customers.
Data Protection
Certain types of personal data are very valuable to criminals, and can be very damaging to an individual or business if it falls into the wrong hands. As the world becomes more digital and more connected, more of this sort of data is generated and passed between various sources on a regular basis.
Government regulations and supervisory authorities aren’t just about keeping irresponsible parties in line. They also provide vital security guidance to every type of organization that handles sensitive personal, business or government information.
Data protection regulations also ensure that the end user has a transparent view of and a say in the processing of personal data. These safeguards play a significant role in everything from the preservation of civil rights to ensuring that democratic institutions function properly.
Some types of personal data are clear candidates for regulation: medical records, banking information, national ID numbers and so on. But some of these regulations also cover items that might seem relatively innocuous at first glance: home addresses, email addresses, website profile information and so on. For example, the European Union General Data Protection Regulation (GDPR) has stipulations about anything that is unique to an individual to include phone numbers and social media accounts. People have varying levels of privacy preference with these items, but they are often protected by regulation because they can be used for targeted scams and attempts at identity theft.
Given that regulations often take the size and customer count of businesses into consideration in terms of penalties and the scope of protection of personal data, compliance is particularly important for enterprise-scale organizations. You do not necessarily have to have an active business presence in a country or region; simply storing data on or moving it through servers there may subject you to their data protection rules.
According to a new survey conducted by the IAPP and EY, Global 500 companies will spend a combined $7.8 billion over the next year on GDPR compliance. Those escalating compliance costs will mostly result from new hiring, as corporations race to catch up with changes to privacy laws.
As more CPOs need to interact with security, they need the right skills to integrate security into the privacy strategy and compliance with regulations.
Avoid the common pitfall of using pre-existing approach to Data Protection Impact Assessment (DPIA) without knowing the Article 29 Working Party guidelines.
Recently released IAPP-EY Annual Privacy Governance Report 2017 shows that privacy governance is outpacing data breach reporting as a board-level concern.
While one of the primary goals of the GDPR is to harmonize data protection laws across the EU, there are over 50 provisions, which allow GDPR derogations by Member States.
With the GDPR coming into full effect in May 2018, organizations are ramping up demand for GDPR jobs including DPOs, business analysts and project managers.
Equifax breach demonstrates how data breaches are getting bigger and more frequent. Is identity theft protection no longer optional in the digital age?
Data governance is critical today. Why should board directors engage on governance of data? What are the risks and missed opportunities of failing to do so?
Overhaul of UK data protection law to align with the EU GDPR necessary for free data flow but adequacy questions remain unanswered as GDPR deadline looms.