It’s simple: If you are using a legacy ecosystem, your compliance is at risk. The fact that your security hasn’t yet been compromised is no evidence of your safety; it really is a case of it being quiet, too quiet. When it comes to security breaches, it’s not a question of if, but when. Whether your household or institutional architecture, the full value of security is only appreciated after disaster has already struck.
The acceleration of digitization initiatives was paramount to ensure business continuity during this global crisis. As we rebuild economic stability in 2021, technology – especially automation and security – will play a significant role in positioning enterprises to return to growth.
A more foundational goal is to make security and compliance part of the development process from the start. This is a transition that requires DevOps to bring along risk, security and compliance teams into the shared responsibility of making the organization resilient to change. But bringing the idea of shared responsibility to fruition can be difficult because there is a natural tension between DevOps and SecOps, as they have different charters and cultures. DevOps can be seen as more of a do culture (Atlassian calls this a “do-ocracy”) and SecOps can be seen as a control culture and they are inherently in conflict. To fulfill the promise of teaming for shared responsibility, DevOps and SecOps should align on three key objectives: collaboration, communication and integration.
Kroll, a division of Duff & Phelps, announced the hiring of three seasoned cyber experts in North America: John (Jack) Bennett, a managing director in the San Francisco office; Steve Bergman, a managing director in the Washington D.C. office; and John deCraen, an associate managing director in the Dallas office.
Consumers can easily identify opportunities to opt out of sharing personal data through the first-of-its-kind “Opt-Out Easy” browser plug-in developed by researchers from Carnegie Mellon’s CyLab Security and Privacy Institute. The plug-in makes opt-out choices more accessible to users, automatically extracting privacy information from websites’ policies and presenting it in a user-friendly way.
The World Economic Forum today launched a new report that outlines how organizational leaders can influence their companies and encourage the responsible use of technology and build ethical capacity. “Ethics by Design” – An Organizational Approach to Responsible Use of Technology integrates psychology and behavioral economics findings from interviews and surveys with international business leaders. It aims to shape decisions to prompt better and more ethical behaviors. The report promotes an approach that focuses less on individual “bad apples” and more on the “barrel”, the environments that can lead people to engage in behaviors contrary to their moral compass. The report outlines steps and makes recommendations that have proven more effective than conventional incentives such as compliance training, financial compensation or penalties.
In the wake of Schrems II, the EDPB’s much-anticipated recommendations provide extensive guidance on supplementary measures parties can use to legally transfer data out of the EEA in the absence of an adequacy decision.
In a flurry of activity last week, the European Data Protection Board (EDPB) and the European Commission made major announcements affecting cross-border data transfers out of the EEA. First, the EDPB announced the adoption of draft recommendations on measures that supplement cross-border data transfer tools as well as recommendations on the European Essential Guarantees for surveillance measures. The below post will examine the EDPB’s draft recommendations on supplementary measures. The draft new standard contractual clauses will be discussed in a separate post.