Equifax suffered huge damages after the well-publicized breach. Now, come to find attribution points to a culture of complacency. Executives should attend the The First Annual Atlanta Symposium on Cyber Culture and Team Building with others from their executive team. This event is intended to be cross-cultural and bring together the entire C-Suite. Learn more and register today!
Should we be surprised at all that Facebook, Google and others base their business plan on the marketing of our personal information and on the doorstep of GDPR, from customers to Senators are astonished they haven’t noticed or cared up until now? A heavy-handed regulatory response could have us rethinking the current model of social media and marketing. Does the pendulum swing back to the closed communities like AOL of the 1990s? This issue requires informed discussion (frankly, many Senators are out of touch on this topic) if we are to avoid throwing the baby out with the bathwater.
Iowa House Study Bill 526 would require organizations to report a breach within 45 days, add new categories to reporting requirements, and expand the definition of what is considered personal information. The bill would apply to personal data in any form and also cover medical records, effectively shortening HIPAA breach reporting requirements by 15 days. If organizations implement increased encryption methods, they can be exempt from the proposed state reporting requirements.
IAPP (morning newsletter) suggests companies may back off from bug bounties due to Uber leak – that just moves us in the WRONG direction. We can’t ignore vulns for a year and then blame the hacker. Companies need to do whatever works for them to uncover vulns and take a risk-based approach to close them.
