How To Deal With the Vagueness in New Cyber Regulations
Recent regulations for privacy, AI, and breaches tend to be overly broad, suggesting that the rulemakers lack tech acumen.
Privacy concerns how laws and norms govern personal data, shaping cybersecurity duties for collection, storage, access, and disclosure.
Search across headline titles and summaries.
Background for this topic.
Privacy is the ability of people to control how information about them is collected, used, retained, and disclosed. In technical and legal contexts, it covers identifiable data and data that can support inferences about a person, not only information made public. Privacy rules and organizational policies commonly address purpose, transparency, access, correction, retention, and sharing.
For security practitioners, privacy depends on reducing unnecessary data and restricting legitimate access: data minimization, encryption, least-privilege controls, segregation of identifiers, retention limits, and audit logs all reduce exposure. Compromised credentials, misconfigured storage, excessive telemetry, or third-party access can reveal sensitive information; pseudonymized datasets may also be re-identified when combined with other data. During an incident, teams must establish what personal data was accessed or disclosed, contain further exposure, preserve evidence, and meet applicable notification and handling requirements.
Recent regulations for privacy, AI, and breaches tend to be overly broad, suggesting that the rulemakers lack tech acumen.
The well-known collective is taking on targeted advertising with the Veilid framework and says it wants to make the Internet accessible to everyone who fears being monetized.
The privacy-focused search engine Brave Search has finally introduced its own, independent image and video search capabilities, breaking free from relying on Bing and Google for media search. [...]
Bill 362 is a perfect template for a nationwide win against data brokers and the privacy infringements they cause.