EU gets serious on privacy, but too many companies ignore the risk
Check out all the on-demand sessions from the Intelligent Security Summit here.
If you ask most tech workers the difference between security and privacy, they probably won’t be able to tell you the difference — unless their main job is working on one of those teams. Given how much of our life is now online, this is a problem that can lead to corporate liability and multimillion-dollar fines, especially from European regulators. With this increased focus, what’s the difference between security and privacy, and how should employees think about these issues?
To start, let’s look at Twitter’s announcement this summer that a hacker had been in its system for more than six months, and was offering to sell user data from 5.4 million accounts. (In 2020 a Florida teen was also charged with taking over accounts). Hackers breaching Twitter’s system pose a security problem. But since these hackers may have had access to millions or billions of records, that’s also a privacy problem.
This summer, Meta was fined $403 million by Ireland’s GDPR (General Data Protection Regulation) authority. Last year, European regulators fined Amazon $888 million. This is a big problem for major platforms, but it can hit almost any company today: California recently fined Sepora $1.2 million for violating the CCPA (California Consumer Privacy Act).
If we want to reduce the impact of fines and breaches, we need software companies to focus on privacy as much as security, and make sure their employees know the difference. If you go to the doctor, your doctor knows exactly what HIPAA regulations allow them to disclose. Any trucker on the road knows exactly how many hours they can drive based on DoT Hours of Service regulations. But if you ask tech workers what they can and can’t do under CCPA, most may not even recognize the acronym.
Event
Intelligent Security Summit On-Demand
Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.
Watch Here
Privacy is about creating trust in your organization. It’s about how you handle personal information, and making sure that you’re treating this data responsibly and in line with what consumers would expect you to do.
TL;DR on GDPR
GDPR guidelines call for data to be stored in a manner that ensures users can request that their information be corrected, deleted as part of the “right to be forgotten,” or acc
Be the first to write a comment.
