RESOURCE ARTICLEMEMBER

Some Privacy Practices May Result in Under-Reporting of Breach Incidents

This white paper presents scenarios and vulnerabilities that could compromise encrypted data and result in a data breach.

Published17 May 2018

Contributors:

Kelce Wilson

CIPP/E, CIPP/US, CIPM

General Counsel

InfraGard Members Alliance of North Texas

Several privacy laws, including the EU General Data Protection Regulation and some U.S. state laws, carve out an "encryption exception." If a company encrypts its data but the key to access the data was not compromised, the thinking goes, the encryption renders the data unreadable, and hence, "there is no reasonable likelihood of harm to the data subjects, and the theft incident does not actually meet the legal definition of a data breach." This white paper presents several scenarios and corresponding vulnerabilities that could compromise encrypted data and result in a data breach.

Contributors:

Kelce Wilson

CIPP/E, CIPP/US, CIPM

General Counsel

InfraGard Members Alliance of North Texas

MEMBER

Unlock this exclusive content and more

Join the IAPP Already a member? Sign in

Membership opens up a world of resources

In-depth knowledge

From original research reports and daily news coverage to legislative trackers and infographics, we have the information you need to stay ahead of change.

A global network

Make valuable professional connections through more than 160 local IAPP KnowledgeNet chapters in 70 countries.

Access to the experts

Connect with top thinkers in privacy, AI governance and cybersecurity for fresh ideas and insights.

Learn what you get from membership