The International Lawyers Network is pleased to announce the release of its latest initiative, the ILN Data Protection Guide. Developed by our cybersecurity and data privacy experts, this comprehensive guide offers valuable insights into data protection regulations across multiple jurisdictions.

About five years ago online data backup services began to emerge as an alternative method of backing up your data. The best advantage of online data backups is that they, by definition, are remote, so if a fire burns down your home you'll still have a backup to roll your data back.

The EU 'General Data Protection Regulation' (GDPR) marked the most important step towards reforming data privacy regulation in recent years, as it has brought about significant changes in data process in various sectors, ranging from healthcare to banking and beyond. Various concerns have been raised, and as a consequence of these, certain parts of the text of the GDPR itself have already started to become questionable due to rapid technological progress, including, for example, the use of information technology, automatisation processes and advanced algorithms in individual decision-making activities. The road to GDPR compliance by all European Union members may prove to be a long one and it is clear that only time will tell how GDPR matters will evolve and unfold. In this paper, we aim to offer a review of the practical, ethical and constitutional aspects of the new regulation and examine all the controversies that the new technology has given rise to in the course of the regulation's application.

With the continuous growth and importance of data, the need for strong data protection becomes crucial. Encryption plays a vital role in preserving the confidentiality of data, and attribute-based encryption (ABE) offers a meticulous access control system based on attributes. This study investigates the integration of Fernet encryption with initialisation vector (IV) and ABE, resulting in a hybrid encryption approach that enhances both security and flexibility. By combining the advantages of Fernet encryption and IV-based encryption, the hybrid encryption scheme establishes an effective and robust mechanism for safeguarding data. Fernet encryption, renowned for its simplicity and efficiency, provides authenticated encryption, guaranteeing both the confidentiality and integrity of the data. The incorporation of an initialisation vector (IV) introduces an element of randomness into the encryption process, thereby strengthening the overall security measures. This research paper discusses the advantages and drawbacks of the hybrid encryption of Fernet and IV with ABE.

With the increased focus on data security and privacy, BPO service providers will need to restructure their data compliance plan ahead of time. This is not only to ensure that the soon-to-be-updated rules are implemented in a timely manner but also to improve customer service efficiency and increase the firm's general reputation.

The Drugs, Medical Devices and Cosmetics Bill, 2023, will replace the existing Drugs and Cosmetics Act of 1940.

Beginning with iOS 16.3, the security feature will allow users to enable end-to-end encryption for a variety of additional iCloud data categories, including Photos, Notes, Voice Memos, Messages backups, device backups, and more, reports MacRumors.

Educate your customers and partners on the real threats and real solutions to help them be cybersmart to be cybersafe with your own corporate university.

Matthew O. Keane is a leading expert in the technology sector as a principal client solutions architect at AHEAD

Centris, a leading provider of innovative data protection solutions, proudly announces the launch of its Outsourced Data Protection Officer (DPO) services tailored specifically for North American businesses.

Centris is excited to announce the launch of its GDPR Data Protection Officer (DPO) outsourcing services, now available to North American businesses at fixed fees.

Centris, a premier consulting firm specializing in compliance and regulatory solutions, is excited to announce the launch of its Data Protection Officer (DPO) Outsourcing Services.

Many data protection regulations, such as PCI DSS and HIPAA, levy heavy fines for data breaches of sensitive information. Effective data protection controls are necessary to avoid breaches of regulatory, statutory, or contractual obligations related to sensitive data.

Organizations that handle sensitive data, such as healthcare and credit card information, are required to audit data protection controls on an annual basis. Leveraging Tenable reports enables organizations to protect data in accordance with business risk posture for Confidentiality, Integrity and Availability (CIA).

The National Institute of Standards (NIST) Special Publication 800-53 provides comprehensive guidance for a secure infrastructure, including guidance on data protection and encryption. The information provided in Tenable dashboards and reports enables Risk Managers and Chief Privacy Officers to demonstrate to third parties and regulatory bodies that sensitive data is protected in accordance with Data Loss Prevention requirements.

The NIST Cybersecurity Framework (CSF) is a control framework, which has high level controls that align with
ISO 27001, NIST SP 800-53, and others. The Cybersecurity Framework’s prioritized, flexible, and cost-effective approach helps to promote the protection and resilience of critical infrastructure and other sectors important to the economy and national security. Many regulating bodies accept evidence documentation of compliance with the NIST CSF as assurance that the organization has effective controls in place to meet their security requirements. The HIPAA Security Rule Crosswalk to NIST Cybersecurity Framework is an example of a regulation aligning with NIST.

The report is available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The report is located in the Tenable.sc Feed under the category Threat Detection & Vulnerability Assessments.

The report requirements are:

Tenable.sc 5.9.0
Nessus 10.2.0

Leveraging Tenable reports enables operations teams to verify that appropriate protections are in place for data at rest, data in transit, and removable media. Security leaders need to SEE everything, PREDICT what matters most and ACT to address cyber risk and effectively align cybersecurity initiatives with business objectives.

Chapters

Executive Summary: This chapter provides a summary view on the state of protections controls relating to Certificates, Encryption, and Confidentiality and Protected Information.

Data Protection Details – This chapter provides details on the state of protection controls in the environment for Certificates, Encryption, and Confidentiality and Protected Information, which are described below.

• Certificates – This section displays findings for hosts with expired certificates, certificates that are expiring soon, untrusted certificates and self-signed certificates.  Expired certificates and other certificate problems cause a denial of service, man-in-the-middle, and trust-related concerns for organizations.  
• SSL/TLS Vulnerability Summary – This section provides an overview of systems and vulnerabilities related to SSL/TLS.  The SSL/TLS Vulnerabilities by Type element displays a count of systems and vulnerabilities related to SSLv2 and SSLv3 in the first two rows. From the third row down, information is provided on all the systems running any version of TLSv1 and higher.
• Encryption – This section provides an overview of systems and vulnerabilities related to SSL/TLS and Encryption/Cryptographic Compliance. Information presented in this section highlights issues such as weak hashing algorithms and keys as well as the use of insecure encryption ciphers. Many of these issues are the result of misconfigurations or use of outdated encryption methods. This detailed information also highlights vulnerabilities that can be exploited by attackers. Tenable recommends that security teams review the data to determine the risk to the organization.
• Confidentiality of Protected Information – This section provides an overview of systems and vulnerabilities related to Security Requirement 3.13.16 in the NIST Special Publication 800-171. Revision 2 provides guidance to protect the confidentiality of Controlled Unclassified Information (CUI) at rest and maps to Security Control SC-28 of NIST Special Publication 800-53.  
• File Content Audit Results – The following section displays File Content Audit Results. The first two rows of the File Contents Audit Results Compliance Checks provide the total count of Passed checks, Failed checks, and checks requiring a manual review. The first row, ‘Check Count’, provides a count of the current checks per check status. The second row, ‘Check Ratio’, provides a ratio view of check status. The three columns together total 100%. The last two rows provide a system count analysis. The third row, ‘System Count’, provides the number of systems with at least one audit check in the applicable state. The last row, ‘System Ratio’, provides a percentage of systems with at least one audit check in the applicable state.

Data has emerged as the most important driver for modern economic development. New industries have arisen from the use of data with personal information as the core asset, while many traditional models of business are ‘disrupted’ or drastically transformed. Artificial Intelligence (A.I.) has also become an integral tool for the management and processing of data, including personal data, as it provides greater accuracy and capability. How should the use of A.I. in data management be regulated and should it be treated any differently under the data protection regime? What role can A.I. play in regulating the use of personal data and as a cybersecurity tool? Is creating a form of propertisation of personal data and ‘data ownership’ useful? These are just some of the lingering questions that regulators and organisations are currently grappling with. Central to the issue is how A.I. can best serve and safeguard humanity’s interests. Warren Chik is Associate Professor of Law at SMU School of Law, and concurrently Deputy Director at SMU’s Centre for AI and Data Governance. In this podcast, he shares his recent research into Artificial Intelligence and Data Protection in Singapore, which takes a deeper look into consumers’ trust, organisational security and government regulation.

[Daily Trust] The federal government has stressed the importance of robust personal data protection to prevent cybercrimes and foster trust.

Dutch data protection authority fines TikTok €750,000 over privacy flaw

Ireland fines WhatsApp €225m for breaking EU data protection rules

A new data bill from the U.K. Department for Science, Innovation and Technology (DSIT) aims to revive several measures that failed to pass under the prior government, while rowing back on some controversial post-Brexit reforms proposed by conservative ministers. The government reckons the “Data (Use and Access) Bill” (DUA) stands to boost the U.K. economy […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Recent years have seen an outburst of interest in artificial intelligence. Technologies based on AI have attracted investors all over the world on an unprecedented scale. More and more smart services are becoming a reality. For example, Staples is u...

The ICO has announced its first use of its recent power to issue fines or monetary penalties for serious breaches of the data protection legislation. The power became effective in April 2010 (see Full Article