BreachExchange mailing list archives
Cybersecurity, privacy not mutually exclusive, European data official says
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 5 May 2015 19:14:23 -0600
http://www.fiercegovernmentit.com/story/cybersecurity-privacy-not-mutually-exclusive-european-data-official-says/2015-05-04 Worldwide collaboration on cybersecurity is necessary to keep entities safe, but arguments over whether security and privacy are at odds are hampering the effort, an EU official said. In fact, better cybersecurity means better data processing, which leads to a higher degree of data protection, European Data Protection Supervisor Giovanni Buttarelli told the Cybersecurity and Privacy Innovation Forum 2015 in Brussels April 28 (pdf). "Work on cybersecurity can thus play a fundamental role in contributing to ensuring the protection of individuals' rights to privacy and data protection in online and networked environments," Buttarelli said. "With more and more personal data being processed through information systems and networks, cybersecurity must not become an excuse for disproportionate processing of personal data." An organization already exists to exemplify how the two issues interplay. The Budapest Convention on Cybercrime, established in 2001, is a "basis for cooperation in [the] fight against cybercrime based on respect for fundamental rights," he said. Forty-five countries, including the United States and Australia, have ratified it. Also, EDPS established the Internet Privacy Engineering Network last year to unite disciplines and developers from different areas to work together on implementing practical privacy. Additionally, EDPS published in March a five-year strategy on cybersecurity that reinforces the rights to privacy and data protection in cyberspace, he said. It has three main objectives: - To take data protection digital - To create global partnerships - To get the EU to "open a new chapter for data protection" To that last point, the EU may be nearing reform on data protection rules, including data security. The current Data Protection Directive has three elements to selecting technical and organizational measures, including the risk of processing, the state of technology and the cost. "One tool for reinforcing accountability is the introduction of a general data breach notification obligation, which will force controllers to take the necessary organizational and procedural measures," Buttarelli said. "The new rules will create a strong incentive to allocate responsibility for the prevention of such breaches at the appropriate level of the organization. Cybersecurity is a global issue, and threats can affect organizations worldwide simultaneously. That's why a holistic approach is important, he added. "Threats and vulnerabilities in one organization, if communicated properly to partners, can be dealt with quickly and thoroughly, thereby ensuring the protection of all systems and all data processed on those systems," he said. "Collective risk requires collective responsibility." Looking ahead, Buttarelli said cybersecurity challenges are growing. He expects to see more politically motivated attacks that seek to disrupt industrial control systems and more widespread and sophisticated cyber attacks. At the same time, though, security will improve, more events will be reported and more vulnerabilities discovered, he added.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Cybersecurity, privacy not mutually exclusive, European data official says Audrey McNeil (May 13)