‘Wildly Different’ Privacy Regulations Causing Compliance Chaos

Threatpost talks to Anthony di Bello with OpenText, at ENFUSE 2019, about the successes and failures of security regulations, and how companies are changing as they struggle to keep up with compliance issues.

From the General Data Protection Regulations (GDPR) to the California Consumer Privacy Act (CCPA), the security landscape is becoming increasingly fraught with regulatory efforts. While privacy regulation has positive implications for data security, companies are finding themselves struggling to stay compliant with the broad scope of regulations – and it’s causing security, legal and risk management teams to increasingly collaborate.

Threatpost talks to Anthony di Bello with OpenText, at ENFUSE 2019, about the successes and failures of security regulations, and how companies are changing as they struggle to keep up with compliance issues.

Want to watch more Threatpost exclusive interviews about news, trends and threats? Subscribe to ThreatpostNOW here! 

Also, check out our podcast microsite, where we go beyond the headlines on the latest news.

Suggested articles

Discussion

  • Frank Dawson on

    The title of this article is all about Privacy Regulations, but the words in the article talk about "security". Privacy is not just about securing personal data. This myopic view that if you protect personal data you have privacy solved continues to be made by some security focused entities and interests. The Confidentiality, Integrity and Availability are important security and privacy goals, but there are others that differentiate privacy engineering from security engineering. These include Legal & Fair, Accountability, Transparency, Data Minimization, Limited Disclosure, Unlinkability, Interveneability. If you just think Privacy = Security, then you have an incomplete equation. Security is about controlling the access, tampering and disclosure to information assets, only some of which will be personal data. Personal Data is that data that can directly or indirectly identify a natural individual or person. Security includes information assets that are not personal data that are intended to be controlled by a company or legal entity, not a natural individual. Privacy is the right of an individual to control the collection, processing and sharing of their personal data such that there is no hidden, unwanted, uncontrolled, excessive, unsecure collection, processing or sharing of an individual’s personal data.
  • Michael P. O'Hara on

    Fortunately there are solutions available to rein in the ever-increasing number of privacy/compliance requirements. UCF (Unified Compliance Framework) does a very nice job of consolidating the mishmash of controls. Put simply - you check the box on, say, password complexity for PCI - and that exact/very close match on other requirements is too. Vendors have already jumped into this market - though you can grab the UCF here [external link removed]
  • Stuart Hargreaves on

    There is no such word 'compliancy'; please use 'compliance'.

Leave A Comment

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.