General Data Protection Regulation (GDPR) , Governance & Risk Management , ISO Standards
Regulations Create Pressure to Take Privacy More SeriouslyExpert Analysis of Evolving Laws Worldwide and How to Comply
Companies that want to continue doing business globally will need to take privacy much more seriously, especially in light of increasingly strict new laws - from the California Consumer Privacy Act to the EU's General Data Protection Regulation - says security and privacy expert Michelle Robles.
"Every single [U.S.] state has passed breach notification laws," she notes. In addition to California recently enacting the country's most stringent privacy law that goes into effect in 2020, some other states, including Colorado and Louisiana, have amended their breach notification laws "to include some provisions around privacy," says Robles of the consultancy Dimension Data Americas.
"So we're starting to see that paramount change out there," she says in an interview with Information Security Media Group. "We're starting to see countries such as Brazil, Australia ... and a lot of countries in the Asia Pacific rim passing very stringent privacy laws right now, very similar to GDPR."
As a result, she says, "being a global society, I don't think we'll be able to get away from privacy. Doing business globally, we're not going to have an option."
Assessing Security Controls
And as businesses around the world need to comply to the array of rigorous local and national privacy regulations, they'll also need to raise the bar on their security practices to effectively protect that data, she adds.
"What organizations need to do is start looking at all their security controls," she says. All entities should consider adopting a robust security framework, such as those from the National Institute of Standards and Technology, the International Organization for Standardization, ISACA or another standards-based organization, she stresses.
"Having a solid security framework goes a long way."
In the interview (see audio link below photo), Robles also discusses:
- Steps entities should take to prepare for compliance with the California Consumer Privacy Act;
- How organizations are changing their privacy and security practices to comply with GDPR and the mistakes some are making;
- Other evolving privacy law trends.
Robles is a principal consultant for Dimension Data Americas. She has more than 20 years of experience in privacy, security, compliance and risk management.