Tag: Security Operations Management

(Aug 27, 2019) Recently, the Cyberspace Administration of China released new draft "Measures on Security Assessment on Cross-border Transfer of Personal Data" for public consultation. The June 13 release presents another approach to cross-border data transfer under the China Cyber Security Law. These CAC New Draft Measures superseded the previous efforts of CAC on cross-border data transfer, i.e., CAC’s draft "Measures on Security Assessment on Cross-border Transfer of Personal Data and Important Data" and the... Read More

(Aug 23, 2019) Israel is adding facial-recognition technology to its West Bank checkpoints in an effort to expedite verifications for Palestinians to cross into the country, NPR reports. Israeli defense officials confirmed that AnyVision software will be at all checkpoints within the next few months. In a statement regarding the ethics of its software, AnyVision wrote that privacy "is of the utmost importance" and that privacy protection "is instrumental to both our business strategy and our own standard of et... Read More

(Aug 20, 2019) When the International Standards Organization published earlier this month the world's first international standard to help organizations manage information privacy, it noted that digital privacy has "become a significant business concern." No doubt this has been demonstrated on the enforcement front in recent months. The new standard, ISO/IEC 27701, is an extension of ISO/IEC 27001 — the commonly adopted security standard — and "specifies the requirements for establishing, implementing, maintai... Read More

(Aug 20, 2019) When the International Standards Organization published earlier this month the world's first international standard to help organizations manage information privacy, it noted that digital privacy has "become a significant business concern."  No doubt this has been demonstrated on the enforcement front in recent months. The U.S. Federal Trade Commission fined Facebook a record $5 billion in the same week that it fined Equifax $575 million. Each settlement also included board-level requirements a... Read More

(Aug 14, 2019) Sometimes it seems like all authenticators are compromised. Passwords, identity documents and even knowledge-based authentication — a plethora of these and other authenticators are readily available on the web or the dark web. The terrible beauty of the California Consumer Privacy Act is that innumerable companies will soon be required to undertake totally novel consumer-facing responsibilities. In the name of empowering consumers, the law is actually introducing threat vectors that can be mani... Read More

(Aug 14, 2019) One of the requirements in the California Consumer Protection Act gives consumers the right to access their data and those requests must be verified. Annie Bai, CIPP/US, CIPM, FIP, and Peter McLaughlin, CIPP/US, raise concerns the upcoming law does not clarify what "verified" means. “The terrible beauty of the California Consumer Privacy Act is that innumerable companies will soon be required to undertake totally novel consumer-facing responsibilities,” they write. “In the name of empowering con... Read More

(Aug 8, 2019) "Privacy engineering will be central to the privacy profession going forward," writes IAPP Senior Privacy Fellow Caitlin Fennessy, CIPP/US. "That is an easy assertion to make. Privacy professionals have long discussed the importance of building privacy in rather than bolting it on ... – But as technology has raced ahead, the need for privacy engineering has evolved and intensified." In this in-depth post for Privacy Tech, Fennessy discusses the IAPP's privacy engineering initiative — to better d... Read More