Posted in Data Protection

Opinion

The Risk of the “Risk-Based Approach”

By Stuart S. Shapiro, CIPP/US, CIPP/G

At this year’s IAPP Global Privacy Summit, I repeatedly encountered references to and quasi-explanations of the “risk-based approach” to privacy. The risk-based approach is, apparently, the new black now that accountability is no longer quite so chic. With its focus on the privacy risks incurred by individuals, the risk-based approach is, I was informed, a bold new direction for the privacy profession.

Taken at face value, it’s rather difficult to imagine a more damning indictment of the privacy profession. It’s 2014 and we’ve only just started worrying about risks to individuals?

More from Stuart S. Shapiro

Opinion

Is A Criminal Statute Necessary To Supplement a Federal Breach Notification Law?

A few weeks ago, Jason Weinstein introduced Privacy Perspectives readers to Sen. Patrick Leahy’s (D-VT) Personal Data Privacy and Security Act of 2014, a bill that would enact a federal security breach notification law. While Weinstein’s position is well taken and should be considered as this bill moves through Congress, I believe that there is another issue that deserves considerable debate. In addition to creating the federal breach notification law, §102 of Leahy’s bill would open the door to criminal liability for anyone who “intentionally and willfully” conceals the fact of a security breach. Adding criminal liability is not to be taken lightly, and it would be wise for the information privacy and security community to think critically about whether the bill’s criminal statute would be a prudent addition.

More from Andrew Proia

From the Regulator

Living in Interesting Times—A View from the New Zealand Privacy Office

One of the dubious delights of being a privacy regulator is the unexpected things that crop up during every working week. It doesn’t matter how I plan and prioritise work—some headline-grabbing issue or urgent demand for time and attention will come across the desk and force a rethink. It can be a challenge, but it certainly keeps the job interesting.

More from Katrine Evans

Practical Privacy

How to Lose Your Data In 10 Days

By Heather Federman, CIPP/US

It’s no longer an “if” you’re the target of a data breach; it’s just a matter of “when.” Data loss incidents are becoming an unfortunate rite of passage. More and more businesses have found themselves exposed and ill-prepared to manage the fallout. While the average cost of a breach equals $5.5 million, the public reaction fosters graver implications. The resulting “business shock” not only paralyzes operations, but it also damages relationships with regulators, partners and consumers.

How can you best prepare and defend your organization? How can we all make 2014 the year of “data stewardship?”

More from Heather Federman

Privacy Profession

Engineers and Lawyers in Privacy Protection: Can We All Just Get Along?

By Peter Swire, CIPP/US

In March 2013 we participated in a panel titled “Re-Engineering Privacy Law” at the IAPP Privacy Summit. The topic of the panel closely matches the topic of this book, how to bring together and leverage the skill sets of engineers, lawyers, and others to create effective privacy policy with correspondingly compliant implementations. As a software engineering professor (Antón) and a law professor (Swire), we consider four points: (1) how lawyers make simple things complicated; (2) how engineers make simple things complicated; (3) why it may be reasonable to use the term “reasonable” in privacy rules but not in software specifications; and (4) how to achieve consensus when both lawyers and engineers are in the room.

More from Peter Swire

Top 10 Data Privacy Tips for 2014 #DPD14

By Dana Simberkoff, CIPP/US

With privacy breaches and security threats making headlines around the world on a daily basis, it’s becoming increasingly obvious to most enterprises that the personal information and sensitive data they hold is an extremely valuable commodity. However, shared inappropriately—whether by accident or breach—the disclosure of sensitive data can have dramatic financial impacts on an organization and erode consumer trust. The good news here is that this should be highly preventable. So in honor of Data Privacy Day—which will be celebrated this year on Tuesday, January 28—here are 10 tips for improving your privacy and data protection programs in 2014.

More from Dana Simberkoff

Trending

The Politics of Privacy in 2014

By Jedidiah Bracy, CIPP/US, CIPP/E

Though it’s not a presidential election year, 2014 looks to have some important campaigns here in the States. House Republicans will try to bolster their majority, while Democrats hope to maintain their hold on the Senate. Even some in Kentucky are looking to replace Senate Minority Leader Mitch McConnell (R-KY). Of course, campaigns will run on a lot of the typically partisan issues—you know, taxes, gun control, same-sex marriage, global warming, Duck Dynasty or legalized pot.

But a new issue is making its way into campaign platforms and partisan politics: privacy.

More from Jedidiah Bracy

Cyber Insurance

Cyber Insurance: Three Common Myths Debunked

By Michael Bruemmer, CIPP/US

In the past, cyber insurance was a polarizing issue in my discussions with privacy and risk professionals. Some professionals where adamant about the benefits of cyber insurance, while others worried that the policies currently on the market didn’t meet its needs or were too costly.  However, I believe the industry is maturing and the coverage options today are much better than just a few years ago.

More from Michael Bruemmer