Summary
Tech Transactions & Data Privacy 2022 Report: Ransomware Reporting Requirements: A Look Forward into Evolving Security Incident Notification Rules
Michael J. Waters and Colin H. Black of Polsinelli write:
Tech Transactions & Data Privacy 2022 Report
Data breach notification laws in the United States have historically focused on notifying individuals, regulators and others in situations in which personal information has been accessed or acquired. Ransomware attacks, while incredibly disruptive, do not always involve data access or acquisition and, as such, are not always reported. As ransomware attacks increase in frequency and the severity of their impact, both law enforcement and industry regulators are seeking greater visibility into these incidents and, through the publication of new guidance and the amendment of notification laws, are starting to require increased reporting.
Read more The National Law Review.
(Related)
https://www.databreaches.net/secs-breach-notification-proposal-one-step-closer-to-a-final-vote/
SEC’s breach notification proposal one step closer to a final vote
Tonya Riley reports:
The Securities and Exchange Commission voted Wednesday 3-1 to approve a recommendation for tighter mandatory cybersecurity requirements for financial institutions. The proposed rule will now open to public comment before a final vote.
“The proposed rules and amendments are designed to enhance cybersecurity preparedness and could improve investor confidence in the resiliency of advisers and funds against cybersecurity threats and attacks,” SEC Chairman Gary Gensler said at the agency’s open meeting.
Most critically, the new rule would require confidential reports of any “significant” cybersecurity incidents to the SEC within 48 hours.
Read more at CyberScoop.
Surveil the teacher – it’s for the children.
Iowa Republican Introduces Bill to Put Cameras in Every Public School Classroom
Dan Spinelli reports:
Amid the ongoing Republican freakout over Critical Race Theory and the teaching of other supposedly objectionable material in public schools, an Iowa Republican has introduced a bill that would take the policing of the state’s teachers to a whole new level.
Earlier this week, Republican state Rep. Norlin Mommsen introduced a bill to place cameras at the back of public school classrooms so parents can monitor what’s being taught there. The seemingly Orwellian idea would function in a similar way to a body camera on a police officer, Mommsen told The Center Square, a conservative news site.
Read more at Mother Jones.
A frequent contributor.
https://www.pogowasright.org/article-the-limitations-of-privacy-rights-daniel-solove/
Article: “The Limitations of Privacy Rights” (Daniel Solove)
Professor and privacy law scholar Dan Solove has a new article that he is sharing via SSRN, where it can be downloaded for free. The article is called, “The Limitations of Privacy Rights.” Here is the abstract:
Individual privacy rights are often at the heart of information privacy and data protection laws. The most comprehensive set of rights, from the European Union’s General Data Protection Regulation (GDPR), includes the right to access, right to rectification (correction), right to erasure, right to restriction, right to data portability, right to object, and right to not be subject to automated decisions. Privacy laws around the world include many of these rights in various forms.
In this article, I contend that although rights are an important component of privacy regulation, rights are often asked to do far more work than they are capable of doing. Rights can only give individuals a small amount of power. Ultimately, rights are at most capable of being a supporting actor, a small component of a much larger architecture. I advance three reasons why rights cannot serve as the bulwark of privacy protection. First, rights put too much onus on individuals when many privacy problems are systematic. Second, individuals lack the time and expertise to make difficult decisions about privacy, and rights cannot practically be exercised at scale with the number of organizations than process people’s data. Third, privacy cannot be protected by focusing solely on the atomistic individual. The personal data of many people is interrelated, and people’s decisions about their own data have implications for the privacy of other people.
The main goal of providing privacy rights aims to provide individuals with control over their personal data. However, effective privacy protection involves not just facilitating individual control, but also bringing the collection, processing, and transfer of personal data under control. Privacy rights are not designed to achieve the latter goal; and they fail at the former goal.
After discussing these overarching reasons why rights are insufficient for the oversized role they currently play in privacy regulation, I discuss the common privacy rights and why each falls short of providing significant privacy protection. For each right, I propose broader structural measures that can achieve its underlying goals in a more systematic, rigorous, and less haphazard way.
Solove, Daniel J., The Limitations of Privacy Rights (February 1, 2022). Available at SSRN (free download): https://ssrn.com/abstract=4024790 or http://dx.doi.org/10.2139/ssrn.4024790
If you are not already subscribing to his free newsletter, you can sign up here.
A list for my Ethical Hackers.
https://www.makeuseof.com/penetration-testing-for-security-professionals/
The Top 10 Penetration Testing Tools for Security Professionals
No comments:
Post a Comment