Enterprises Need to Do More to Assure Consumers About Privacy
Organizations care about data privacy, but their priorities appear to be different from what their customers think are important.
Privacy concerns how laws and norms govern personal data, shaping cybersecurity duties for collection, storage, access, and disclosure.
Search across headline titles and summaries.
Background for this topic.
Privacy is the ability of people to control how information about them is collected, used, retained, and disclosed. In technical and legal contexts, it covers identifiable data and data that can support inferences about a person, not only information made public. Privacy rules and organizational policies commonly address purpose, transparency, access, correction, retention, and sharing.
For security practitioners, privacy depends on reducing unnecessary data and restricting legitimate access: data minimization, encryption, least-privilege controls, segregation of identifiers, retention limits, and audit logs all reduce exposure. Compromised credentials, misconfigured storage, excessive telemetry, or third-party access can reveal sensitive information; pseudonymized datasets may also be re-identified when combined with other data. During an incident, teams must establish what personal data was accessed or disclosed, contain further exposure, preserve evidence, and meet applicable notification and handling requirements.
Organizations care about data privacy, but their priorities appear to be different from what their customers think are important.
Data Privacy Day rolls around year after year, and data privacy breaches likewise. Two-thirds of data breaches result in data exposure.
Expect more regulatory and enforcement action in the US and around the world.
In the Play Store's ToS, a paragraph says Google may remove "harmful" applications from users' devices. Is that a step too far?
Also: Yay for Data Privacy Day! Apple has issued an emergency patch for older kit to fix a WebKit security flaw that Cupertino warns is under active attack.…
There is significant disconnect between consumer expectations and organizations’ approaches around privacy, a new report has found