News Alerts and Breach Report for Week of October 17, 2022
Implications of Pending EU-US Data Transfer Agreement
Earlier this month, President Biden issued an executive order restricting how US intelligence services gather data that belongs to EU citizens. The order comes as a vital step forward in reaching a data transfer agreement between the two governments. ADCG’s guide to the final EU-US agreement will be released in the coming weeks.
New York’s Chief Information Officer Sets Goals
Michele Jones, an attorney and former longtime compliance and risk management officer, has begun a new role as New York State’s Chief Information Officer. Jones noted at the National Association of State Chief Information Officers conference last week that she plans to spend the first several months of her new role evaluating frameworks and drafting an executive order for New York Governor Kathy Hochul that will implement NIST’s framework as a standard for encryption and data sharing by government agencies. She noted that government agencies will not be expected to share every piece of consumer data with other agencies. Though there has been talk about creating a central database, Jones doesn’t see this practice as conducive to protecting privacy.
European Commission Proposes Cyber Resilience Act
New rules for protecting software and hardware products could come into play soon. The European Commission published a proposal for a Cyber Resilience Act last month, introducing mandatory reporting requirements, sanctions for violations, and resilience requirements for cybersecurity programs. The proposal applies to “products with digital elements.” This includes, “any software or hardware products and their remote data processing solutions, including software or hardware components to be placed on the market separately, whose intended or reasonably foreseeable use includes a direct or indirect logical or physical data connection to a device or network.” These products fall into two classes. Class I products are “standalone and embedded browsers, network interfaces, firewalls, and mobile device management software,” while Class II products are those “exposed to a greater cybersecurity risk: operating systems for servers, desktops and mobile devices, routers, modems intended for the connection to the internet, and switches intended for industrial use.”
KPMG Report Shows Increased Cybersecurity Expectations
KPMG’s 2022 ‘Cyber Trust Insights’ report has surveyed 1,881 executives to identify key takeaways and best practices. The report found that “Weaving cybersecurity and privacy into organizations, building internal alliances, evolving the role of the CISO, securing leadership support, and collaborating with other partners in the corporate ecosystem is key to increased trust. Trust comes with improved profitability – according to more than a third of respondents – better customer retention and stronger commercial relationships. Innovation, talent retention and an increased market share are also possible if organizations recognise that digital trust matters.”
BREACH REPORT
* * * * * * *
To read our article on the United Kingdom’s proposed legislation, the Data Protection and Digital Information Bill, set to replace the GDPR, click here.
To browse through our previously published articles and news alerts, please visit our website, and don’t forget to subscribe to receive free weekly Data and Cyber Governance news and Breach Reports directly to your email.
Jody Westby hosts our podcast, ADCG on Privacy & Cybersecurity, bringing together leaders in the privacy and cybersecurity arenas to discuss a wide range of issues ranging from the proposed federal and state regulations to best practices and standards for compliance. Episodes can be enjoyed on many platforms including Spotify and Apple Podcasts. Don’t forget to subscribe!
Our most recently released episodes:
79 | Understanding 5G Cybersecurity Issues (with guest Carlos Solari)
78 | The Nexus Between Privacy, Cybersecurity & National Security (with guest, Corey Simpson)
77 | Privacy & Cybersecurity Whistleblowers: A New Trend? (with guest, Andrew Grosso)