State Data Privacy Regulators Are Coming. What Story Will You Tell Them?
Regulators are ready to enforce new state data privacy laws. Here's how experts say organizations can stay compliant and avoid penalties.
Privacy concerns how laws and norms govern personal data, shaping cybersecurity duties for collection, storage, access, and disclosure.
Search across headline titles and summaries.
Background for this topic.
Privacy is the ability of people to control how information about them is collected, used, retained, and disclosed. In technical and legal contexts, it covers identifiable data and data that can support inferences about a person, not only information made public. Privacy rules and organizational policies commonly address purpose, transparency, access, correction, retention, and sharing.
For security practitioners, privacy depends on reducing unnecessary data and restricting legitimate access: data minimization, encryption, least-privilege controls, segregation of identifiers, retention limits, and audit logs all reduce exposure. Compromised credentials, misconfigured storage, excessive telemetry, or third-party access can reveal sensitive information; pseudonymized datasets may also be re-identified when combined with other data. During an incident, teams must establish what personal data was accessed or disclosed, contain further exposure, preserve evidence, and meet applicable notification and handling requirements.
Regulators are ready to enforce new state data privacy laws. Here's how experts say organizations can stay compliant and avoid penalties.
Italy's data protection watchdog has blocked Chinese artificial intelligence (AI) firm DeepSeek's service within the country, citing a lack of information on its use of users' personal data
Feds Warn Flaws Could Lead to 'Simultaneous Exploitation' of All DevicesU.S. federal authorities are warning that cybersecurity vulnerabilities in two brands of patient monitors used in healthcare settings and in patients' homes can allow remote attackers to take over control the devices when connected to the internet, posing safety and data privacy concerns.
Neither Labour, Conservatives, nor the Lib Dems offered a retort to rights org's report The Open Rights Group (ORG) has raised concerns about a number of security issues it found in all three of the canvassing apps developed on behalf of the UK's three major political parties.…
Employers remain blissfully unaware/wilfully ignorant of the impact of surveillance on staff More than three-quarters of UK employers admit to using some form of surveillance tech to spy on their remote workers' productivity.…
Data Storage in China Sparks Privacy ConcernsThe Italian data regulator launched an inquiry into data storage and processing practices of Chinese generative model DeepSeek following the Friday public debut of its R1 reasoning model. The DeepSeek app is no longer available in the Apple and Google app stores in Italy.
Government agencies and privacy watchdogs have started investigating the Chinese AI chatbot provider over data privacy concerns
Compliance standards are mandating better data security. There are several ways to do this, but most organizations would admit that erasure is not one of them.
Also, Subaru web portal spills user deets, Tornado Cash sanctions overturned, a Stark ransomware attack, and more Infosec in brief Using a custom-built tool, a 15-year-old hacker exploited Cloudflare's content delivery network to approximate the locations of users of apps like Signal, Discord, and others.…