The EU's General Data Protection Regulation has significantly raised privacy awareness worldwide in the brief time that it's been in force, says Rob Hinson of OneTrust. Organizations are revamping both internal and external privacy programs to meet the minimum global standard, he says.
Cloud-based CRM giant Salesforce.com is warning some of its Marketing Cloud users that any data they stored may have been accessed by third parties or inadvertently corrupted because of an API error that persisted for six weeks.
Facebook is making substantial investments to improve its data security and privacy practices. But the long-term cost of those investments and impact on the bottom line has spooked investors, leading to a $120 billion loss in market value on Thursday, the largest one-day loss of value for a U.S. traded company.
Under the EU's General Data Protection Regulation, within 72 hours of an organization learning about the data breach, it must report the breach to relevant authorities or face fines. The U.K.'s data privacy watchdog says it's already seen the volume of self-reported breaches quadruple.
A Spanish consumer rights organization says telecommunications company Telefónica has fixed an elementary security error in its Movistar website that potentially exposed billing invoices for millions of customers. Telefónica says it hasn't detected fraudulent use of the data.
The latest edition of the ISMG Security Report features a discussion of California's groundbreaking new privacy law as well as an update on the potential impact of the hacker group responsible for the Ticketmaster breach.
Support for building in privacy and security by design is growing as a result of the explosion of such new technologies as such artificial intelligence, IoT and various digital devices, says Latha Reddy, co-chair of the Global Commission on the Stability of Cyberspace.
In the age of GDPR, more organizations are looking to data classification - including more automated techniques for doing so - as a way to not only help them protect their crown jewels, but in the case of a breach quickly identify what went missing, says Digital Guardian's Tony Themelis.
Much more must be done to shore up the U.K.'s national infrastructure. "It's partly austerity, and it's partly what's happening in the global economy, but we've really seen an underinvestment, specifically in the critical national infrastructure," says LogRhythm's Ross Brewer.
Old technology never dies, but rather fades "very slowly" away, as evidenced by there being 21 million FTP servers still in use, says Rapid7's Tod Beardsley. Rapid7's scans of the internet have also revealed a worrying number of internet-exposed databases, memcached servers and poorly secured VoIP devices.
California's legislature has quickly introduced and passed new privacy legislation, making the state's laws the strongest in the U.S. The new law gives consumers a raft of new rights, and aims to bring more transparency to the murky trade in people's personal information.
Europe's General Data Protection Regulation is reshaping the way organizations handle data. That's going to have an impact on the sharing of threat intelligence. But the Anti-Phishing Working Group hopes the law will provide legal clarity that will make more organizations comfortable with sharing threat data.
The EU's GDPR is already having an impact on how organizations approach data breach detection and remediation, leading many to rely more strongly on security orchestration and automation, says Allen Rogers of IBM Resilient.