Friday Five: 10/18 Edition
A new bill that could put execs in jail for not taking privacy seriously, Singapore hires 500 data protection officers, and more - catch up on the news of the week with the Friday Five!
1. NSA chief drills in on new cyber directorate by Lauren C. Williams
Defense Systems recaps a keynote given by the U.S. Cyber Command head and NSA Chief Gen. Paul Nakasone at FireEye's big Cyber Defense Summit this week. In a talk, Nakasone discussed the NSA's new cyber directorate and how he hopes it will be able to set security standards and work in tandem with Cyber Command, Homeland Security, FBI, and the cyber industry. Nakasone also highlighted one of the year's hot button issues, IP theft, as being one of the directorate's goals: "We must better protect our nation's advantage in the defense sector from intellectual property theft," he said, according to the piece. First teased back in July, the NSA's Cybersecurity Directorate launched at the beginning of the month with a few goals, namely sharing critical threat information and better collaborating with partners and customers.
2. New privacy bill threatens years of jail time for companies that misuse consumer data by Brian Fung
If we told you a Senator introduced new data privacy legislation this week would you even need to know the name of the Senator? Per usual, the prolific Ron Wyden (D-OR) is behind a new law, the Mind Your Own Business Act, proposed on Thursday this week. The act, which would give the Federal Trade Commission the ability to impose steep fines, as much as four percent of a company's revenue, against companies that violate it. The act builds off a discussion draft of the bill Wyden released around this time last year. One of the big differences between this version and that version is that the Mind Your Own Business Act would require companies provide a "one-click" solution to consumers in order to opt out of having their personal data tracked, shared, or sold. “Today’s economy is a giant vacuum for your personal information – Everything you read, everywhere you go, everything you buy and everyone you talk to is sucked up in a corporation’s database. But individual Americans know far too little about how their data is collected, how it’s used and how it’s shared,” Wyden said in a statement.
3. The Yahoo Breach Settlement Means You Could Be Eligible for $358. Here's How to Claim Your Share by Jason Aten
Emails went out this week around a class action settlement related to Yahoo's massive data breaches, from 2012 to 2016 - one of our biggest cybersecurity incidents of the last decade – and naturally there was some confusion. This piece, via Inc., does a good job recapping what the options are for victims. Users can either choose credit monitoring, file a claim for compensation, object or opt out of the settlement, or do nothing. Like with the Equifax class action lawsuit that came out this summer, it's worth noting that the payments will be based on the total number of eligible claims. While victims could be eligible for a $358 payout
4. 500 data protection officers to be trained to safeguard company data by Lester Wong
We use this space from time to time to check in on data protection trends worldwide and there was encouraging news from Singapore, where there was news that there will be upward of 500 data protection officers trained over the next year to monitor and assess data protection policies and practices in the state. The Republic's Personal Data Protection Commission (PDPC) laid out its Data Protection Competency Framework and Training Framework in July, essentially outlining the different levels of competency around data protection management, data breach management, ethics, and design thinking that DPOs need to attain.
Singapore image via Hu Chen
5. IAPP updates CCPA Amendment Tracker, US state law table by the International Association of Privacy Professionals
While this isn’t an article or a blog, it is a helpful resource for users and data protection professionals looking to familiarize themselves with what’s been a handful of ongoing amendments to the California Consumer Privacy Act. This tracker and state law table, via the International Association of Privacy Professionals, breaks down the amendments that have been either signed off by the state's governor, lying in wait, or assumed to be dead. The table, updated this week, reflects the seven bills that were signed off by California Governor Gavin Newsom last week.
The Definitive Guide to DLP
- The seven trends that have made DLP hot again
- How to determine the right approach for your organization
- Making the business case to executives
The Definitive Guide to Data Classification
- Why Data Classification is Foundational
- How to Classify Your Data
- Selling Data Classification to the Business