Cybersecurity, privacy not mutually exclusive, European data official says

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.fiercegovernmentit.com/story/cybersecurity-privacy-not-mutually-exclusive-european-data-official-says/2015-05-04

Worldwide collaboration on cybersecurity is necessary to keep entities
safe, but arguments over whether security and privacy are at odds are
hampering the effort, an EU official said.

In fact, better cybersecurity means better data processing, which leads to
a higher degree of data protection, European Data Protection Supervisor
Giovanni Buttarelli told the Cybersecurity and Privacy Innovation Forum
2015 in Brussels April 28 (pdf).

"Work on cybersecurity can thus play a fundamental role in contributing to
ensuring the protection of individuals' rights to privacy and data
protection in online and networked environments," Buttarelli said. "With
more and more personal data being processed through information systems and
networks, cybersecurity must not become an excuse for disproportionate
processing of personal data."

An organization already exists to exemplify how the two issues interplay.
The Budapest Convention on Cybercrime, established in 2001, is a "basis for
cooperation in [the] fight against cybercrime based on respect for
fundamental rights," he said. Forty-five countries, including the United
States and Australia, have ratified it.

Also, EDPS established the Internet Privacy Engineering Network last year
to unite disciplines and developers from different areas to work together
on implementing practical privacy.

Additionally, EDPS published in March a five-year strategy on cybersecurity
that reinforces the rights to privacy and data protection in cyberspace, he
said. It has three main objectives:

- To take data protection digital
- To create global partnerships
- To get the EU to "open a new chapter for data protection"

To that last point, the EU may be nearing reform on data protection rules,
including data security. The current Data Protection Directive has three
elements to selecting technical and organizational measures, including the
risk of processing, the state of technology and the cost.

"One tool for reinforcing accountability is the introduction of a general
data breach notification obligation, which will force controllers to take
the necessary organizational and procedural measures," Buttarelli said.
"The new rules will create a strong incentive to allocate responsibility
for the prevention of such breaches at the appropriate level of the
organization.

Cybersecurity is a global issue, and threats can affect organizations
worldwide simultaneously. That's why a holistic approach is important, he
added.

"Threats and vulnerabilities in one organization, if communicated properly
to partners, can be dealt with quickly and thoroughly, thereby ensuring the
protection of all systems and all data processed on those systems," he
said. "Collective risk requires collective responsibility."

Looking ahead, Buttarelli said cybersecurity challenges are growing. He
expects to see more politically motivated attacks that seek to disrupt
industrial control systems and more widespread and sophisticated cyber
attacks. At the same time, though, security will improve, more events will
be reported and more vulnerabilities discovered, he added.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!