(Aug 27, 2015) The IAPP Privacy List recently lit up a bit when a member posed this question: Should I go get a law degree? It was a legit question; the IAPP 2015 Salary Survey found that after C-suite or VP-level positions, lead counsel had the highest median salaries among privacy pros. But getting a law degree isn't a small feat. There's studying for the LSATs; praying to some God you get in; three years of nail-biting through papers and exams, and then, and THEN, the bar. Oh, and all that debt. So is all that worth it? Will it mean a straight line to privacy pro success? This exclusive for The Privacy Advisor aims to answer that question—and commenters are already adding to the dialogue at the finish of the piece. Read More

Asia-Pacific Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

Don’t Blow Data Protection, CIOs, or You’ll Get Sued

(Aug 27, 2015) CIOs and CISOs beware—data mismanagement at your company could land you in hot water, Bloomberg BNA reports, citing Donna Seymour, CIO of the U.S. Office of Personnel Management (OPM) and her inclusion in an OPM lawsuit as precedent for the treatment of CIOs after a breach. “More and more, CIOs and CISOs will be personally accused for their actions, and inactions, prior to and during, cyber-events, and personally named as parties in lawsuits,” the report continues. “It will be argued that the CIO and/or CISO, by dint of their role and purported expertise, assume a fiduciary duty to the shareholders and to those whose information they are supposed to protect, requiring the installation, monitoring and modification/updating of appropriate cybersecurity measures.” Read More

Asia-Pacific Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

How Can You Become Compromise Ready?

(Aug 27, 2015) With data protection, the best defense is a good offense. And the IAPP’s newest web conference, Becoming Compromise Ready, shows you how. In the next installment of the Insight web conference series, privacy professionals dissect the findings from the BakerHostetler Privacy and Data Protection Team’s recent study on data breach preparedness, covering everything from how to best “react and respond” to threats to how to strategize internal security. Read More

Asia-Pacific Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

Pentagon Releases Cybersecurity Incident Reporting Rules

(Aug 27, 2015) The Pentagon is rolling out long-awaited rules governing how the defense industry should report cybersecurity incidents, The Hill reports. The regulations were published in the Federal Register on Wednesday. They require contractors and subcontractors to report “cyber incidents that result in an actual or potentially adverse effect” on either the contractor’s information system and data or its ability to provide “operationally critical support,” the report states. The rules aim to provide a single pathway for Defense Department contractors to report cyber incidents. Read More

Daily Dashboard

Coalition Calls on EU To Strike Part of GDPR

(Aug 27, 2015) A broad industry coalition is lobbying the European Union to strike out part of the General Data Protection Regulation that could force companies to deny requests for personal data from non-member countries. Article 43a of the regulation says companies should not always comply with requests from courts, tribunals and administrative authorities in non-EU countries for the personal data of Europeans—except under law enforcement treaties or relevant agreements between those countries and the EU, Politico reports. The clause could create a quagmire for global companies, according to the Industry Coalition for Data Protection, whose members include Apple, Google and AT&T. It asks that the issues be dealt with in the data protection directive rather than the regulation. Read More

Daily Dashboard, Europe Data Protection Digest

Privacy Done Right Will Fuel the IoT

(Aug 27, 2015) For corporations, respecting both user privacy and data will be the key to long term Internet of Things (IoT) success, suggests Dominique Guinard, CTO at IoT platform Evrythng in an op-ed for Ad Age. “Brands would be wise to understand that the coming influx of consumer data is a pseudo revenue stream that must be protected and nurtured,” the column states. “As such, the perception of privacy and respect are tantamount for long-term engagement with customers … It is every company's responsibility to create a plan for capturing as much consumer data through their IoT programs as they can.” Why? Because “the firms that capture and use data the best will be valued the highest.” Read More

Asia-Pacific Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

Breach of IRS Site Indicates Troubling Lack of Security

(Aug 27, 2015) The Internal Revenue Service’s (IRS) 2015 breach, in which hackers utilized weak elements of the agency’s website to steal nearly 334,000 personal records, was easy to do based on previous breaches and sub-par IRS cybersecurity measures, Quartz reports. “Just knowing a person’s address, which you can get from one of these more traditional breaches, you can discover a lot about a person,” said the University of Michigan Kevin Fu. This easy access to information coupled with weak internal programs, some of which “have been running for 50 years,” according to John Koskine, IRS commissioner, makes it a “difficult challenge competing with organized criminals who have resources.” Read More

Daily Dashboard

How Should Reporters Use Ashley Madison Data?

(Aug 27, 2015) Without doubt, the hack of the Ashley Madison site and resulting data dump is news. However, the journalism community is now debating, writes Malena Carollo for CMS Passcode, about which parts of the data are fair game. Should reporters use contact information in the stolen data to contact potential sources? How should reporters verify the information they find there? Do these people deserve less privacy because they “were doing something they shouldn’t have”? Some journalism professors argue th... Read More

Asia-Pacific Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

EFF Announces 2015 Pioneer Award Winners

(Aug 27, 2015) The Electronic Frontier Foundation has announced its 2015 Pioneer Award recipients. The award recognizes “leaders who are extending freedom and innovation on the electronic frontier.” This year’s recipients, to be recognized at an event on September 24 in San Francisco, include the late Caspar Bowden, a privacy advocate; the human rights and global security researchers at The Citizen Lab, whose work has “put a spotlight” on companies selling state-sponsored surveillance malware and the governments that use them; international Internet access champions Anriette Esterhuysen and the Association for Progressive Communications, and digital community advocate Kathy Sierra. Read More

Daily Dashboard

Facebook Launches Facial Recognition Tool

(Aug 27, 2015) Facebook has launched a facial recognition tool in India that it withheld in Europe due to privacy concerns, Planet Biometrics reports. “Moments” groups photo albums together using face recognition algorithms and allows users to search for photos of themselves and friends. American users are already using the tool. In June, Facebook said EU laws prevented it from releasing the app in Europe; regulators told the company it must offer an opt-in choice before unveiling. Read More

Asia-Pacific Dashboard Digest, Daily Dashboard