Access your Pro+ Content below.
Report shows CISOs, IT unprepared for privacy regulations
This article is part of the Information Security issue of November 2019, Vol. 20, No. 4
In recent years, data privacy efforts and their associated regulations have become an important concern for CISOs as security is increasingly called upon to manage customer information protection. As part of a new report, the Internet Society's Online Trust Alliance analyzed 1,200 privacy statements for common themes in the European Union's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and Canada's Personal Information Protection and Electronic Documents Act. The report is titled "Are Organizations Ready for New Privacy Regulations?" and according to Kenneth Olmstead, internet privacy and security analyst at the Internet Society's Online Trust Alliance, the answer is a resounding no. Olmstead noted that although the organizations audited for the report were mainly based in the U.S. and do not yet have a legal obligation to meet all of the requirements, these regulations represent general benchmarks for consumer privacy that are common in new privacy laws. He added that, while many ...
Access this PRO+ Content for Free!
Features in this issue
Good guys and bad guys both use AI, but the bad guys don't need to worry about complying with rules and regulations. What can security leaders do to level the playing field?
It's hard enough keeping up with today's threats on a good day. But when your IT organization is spread thin, especially in terms of cybersecurity staff, the challenges mount.
Today's security team shortages can't be filled using yesterday's thinking. Learn what other IT security leaders are doing to plug the skills gap and keep their organization safe.
News in this issue
Security planning is tough when you're short-staffed and hackers have smart tech too. You'll need solid skills and, most of all, a willingness to use your imagination.
Columns in this issue
Several data management principles are common across new and developing privacy regulations, but Internet Society reports that many U.S. organizations are falling behind.
Security incidents, let's face it, are essentially inevitable. How do you cover the key bases -- education, inventory, and visibility -- in planning for incident response?