Search Results for: gdpr

It’s no secret that Americans are becoming increasingly concerned about their digital identities.

Take the recent case in Louisiana, where a whopping 6 million public records were exposed as part of a global attack on third-party file transfer app MOVEit. The attack made users more wary of trusting their data to often-obscure third parties. A recent survey, conducted across 1,000 U.S. consumers by Thales found that 44 percent are afraid their identity will be stolen in a cyberattack, and a quarter have no confidence in the protection of their personal data.

Continue reading →

Earlier this year, several prominent tech leaders came together to sign a letter advocating for pausing development of advanced AI models, citing their potentially "profound risk to society and humanity”. This was swiftly followed by British Prime Minister Rishi Sunak proposing the creation of a new UK-based watchdog dedicated to the AI sector.

Although the move garnered mixed responses, an essential aspect seems to have been overlooked amid this debate -- a legislation-led institutional may not be the most effective or comprehensive approach to regulating AI.

Continue reading →

New research reveals a high proportion of vulnerable public cloud, mobile and web applications exposing sensitive data, including unsecured APIs and personal identifiable information (PII).

The study from CyCognito, based on analysis of 3.5 million assets across its enterprise customer base, finds 74 percent of assets with PII are vulnerable to at least one known major exploit, and one in 10 have at least one easily exploitable issue.

Continue reading →

Around the world, data borders and regulations are being strengthened in a drive to protect customer privacy and fight cybercrime. As a result, multinational businesses are contending with a complex regulatory landscape. For business, data, and technology leaders, today’s challenge is to comply with local regulations while respecting customer expectations and managing complex global supply chains. To meet these macro and micro-economic challenges, organizations are looking for borderless data systems that enable global business operations but meet local demands.

The European Union’s General Data Protection Regulation (GDPR) has given rise to similar laws across the world, and the United Nations Conference on Trade and Development (UNCTAD) reports that 71 percent of countries have data protection regulations in place and 9 percent have legislation in development. Data governance professionals have increased their focus on data and cloud sovereignty in response, as some of these regulations restrict how data can be shared across physical national borders. In many cases, these regulations are positive and protect organizations and nations from criminals and aggressive states. However, today’s supply chains require data to be shared. A further complication is that cloud computing enables data sharing and business efficiency, yet the major cloud computing providers are firms from the USA. These businesses must comply with the US Cloud Act, which gives the US government access to data stored by these firms, even when hosting takes place outside of the USA.

Continue reading →

From high-profile data breaches (think Facebook’s Cambridge Analytica scandal that resulted in millions of people’s data being shared without their consent) to the introduction of legislation like the General Data Protection Regulation (GDPR), the data privacy landscape has evolved considerably in the last few years.

Though more organizations recognize the necessity of implementing a data privacy program, many modern privacy programs are missing foundational components required for full compliance, and attorneys and authorities have little sympathy for these privacy gaps.

Continue reading →

As growing businesses rush to upgrade their hardware, many are simply throwing old computers, routers, and other IT assets into the trash, leading to security and environmental concerns.

A new study from Capterra of 500 IT professionals at US small and midsize businesses (SMBs) reveals that nearly a third (29 percent) indulge in improper IT hardware disposal practices.

Continue reading →

Imagine a hidden system that tracks and scores you based on every phone call you make or take. It might sound like something straight out of a Black Mirror episode and remind you of China's controversial social credit system. But surprisingly, half of the world's mobile phone users are already part of a similar system, and many of them are Europeans, who are supposed to enjoy the strongest privacy protections.

NOYB, a privacy advocacy group, has filed a lawsuit against the US company TeleSign, a Belgian telecom provider BICS, and their mutual parent Proximus. They claim these companies are unauthorizedly profiling billions of phone users to assign them a 'reputation' or 'trust' score.

Continue reading →

User authorization for access to data is complicated. Knowing who has access to what information is often difficult because of complex role hierarchies, different authorization models used for different technologies, and the variety of data that may be accessible across technologies and clouds.

Ben Herzberg, chief scientist at data security platform Satori, believes there's often a blindspot around authorization, but that the issue doesn't have to be as complex as it can seem. We talked to him to learn more.

Continue reading →

There tends to be some confusion about where cyber risk ends and where IT risk starts and the terms are often used interchangeably.

We spoke to Gary Lynam, head of ERM advisory at risk management specialist Protecht, to find out more about understanding and managing the different types of risk that enterprises face.

Continue reading →

A survey by Deloitte reveals that as many as 79 percent of people are ready to share their data if they see obvious value in doing so. However, people also need to know that their data privacy is taken seriously. For companies at the cutting edge of personalization in technology and marketing, this means reassuring customers that their data will be kept safe and used transparently and for their own benefit.

While personalization and privacy may seem diametrically opposed, it is possible for businesses to achieve both and prosper. We can compare the privacy versus personalization dilemma with the legendary myth from Homer’s Odyssey, Scylla and Charybdis. These two sea monsters presented a perilous choice to our hero Odysseus, who needed to creatively navigate a route between the two. In the same way, businesses must carefully maneuver between the need for privacy and an ever-deeper demand for customized services.

Continue reading →

Facebook owner Meta has been fined a record €1.2 billion (around $1.3 billion) by Ireland's Data Protection Commission (DPC). The fine was issued for breaching EU data sharing regulations by failing to sufficiently protect user data.

In addition to the record fine, Meta has been ordered to cease the transfer of user data from the EU to the US for processing within six months. Responding to the demand to stop the "unlawful processing, including storage, in the US" of European user data, Meta points out that it "uses the same legal mechanisms as other organizations" and indicated that it intends to appeal against the ruling.

Continue reading →

For decades, businesses have been using data for growth. Today, the importance of utilizing data to gain insights into customer behavior, market trends and business performance continues to develop. However, harnessing the power of data requires more than just the right tools and technology -- it also requires the right talent.

Technological developments, such as artificial intelligence (AI) and the Internet of Things (IoT), have resulted in data and data analysis providing increasing opportunities for businesses to improve their competitive edge. Data is a valuable resource in all sectors, but it is only useful if it is analyzed, interpreted and applied correctly -- this is where talented individuals with an understanding of data science and analytics come in.

Continue reading →

Most businesses will complete regular risk assessments as standard practice. They’re crucial to reducing the threat of financial or reputational loss and give you an overview of the high-risk areas you must address.

One type of risk analysis that is critical but sometimes overlooked is a cybersecurity risk assessment. In today’s digital-first world, it’s difficult to overstate the importance of analyzing and addressing threats to your IT security. Making it a regular occurrence is also advised because cybercriminals are finding new holes in your defenses every day.

To address these threats, full and frequent cybersecurity audits are necessary to review:

Continue reading →

The UK's new Data Protection and Digital Information Bill is set to reduce costs and burdens for British businesses and charities, and remove barriers to international trade.

We know from when it was first brought before parliament last summer that it will also cut the number of repetitive data collection and cookie pop-ups online.

Continue reading →

A new study from Specops Software finds that 88 percent of passwords used in successful attacks consisted of 12 characters or less, with the most common being just eight characters (24 percent).

The research, largely compiled through analysis of 800 million breached passwords, finds the most common base terms used in passwords are depressingly familiar: 'password', 'admin', 'welcome' and 'p@ssw0rd'.

Continue reading →