Proposed new rules, including a "right to be forgotten" clause, could create compliance mess for multinational businesses.
The European Commission has unveiled a proposal to strengthen data privacy laws, putting forward what could be another layer of compliance concerns for multinational businesses.
The new rules include a "right to be forgotten" for the public, where they can demand their data be deleted if there is no "legitimate grounds" for it to be kept. Businesses would also be required to notify the public of data breaches within 24 hours "if feasible." The rules have a long way to go before they become law, and may be modified during what is expected to be at least a two-year legislative process.
Still, the debate about the new rules--which also mandate companies with 250 or more employees would have to appoint a data protection officer--underscores the challenges corporations face when juggling both their interests and the various laws that apply around the globe.
"The commission's proposal today errs too far in the direction of imposing prescriptive mandates for how enterprises must collect, store, and manage information," argued Thomas Boue, director of European affairs for the Business Software Alliance. "The rules should focus more on the substantive outcomes that matter most to citizens. The risk in the proposal's current design is that it will bog down companies with onerous compliance obligations, which could inhibit digital innovation at the expense of job creation and growth."
Reducing complexity is one of the main drivers behind the proposed changes. According to the commission, a single set of rules would encourage a more consistent application of the law across the European Union (EU) and give businesses clear rules on how to treat private information. Tracking the various data privacy laws from country to country can be difficult, said Matthew Norris, e-risk and privacy expert at small business insurance specialist Hiscox.
Heightened concern that users could inadvertently expose or leak--or purposely steal--an organization's sensitive data has spurred debate over the proper technology and training to protect the crown jewels. An Insider Threat Reality Check, a special retrospective of recent news coverage, takes a look at how organizations are handling the threat--and what users are really up to. (Free registration required.)
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.
As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Published: 2014-10-23 Untrusted search path vulnerability in Hamster Free ZIP Archiver 22.214.171.124 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the current working directory.
Published: 2014-10-23 Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php.
Published: 2014-10-23 Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot.
Published: 2014-10-23 Open redirect vulnerability in the Click-Through feature in Newtelligence dasBlog 2.1 (2.1.8102.813), 2.2 (2.2.8279.16125), and 2.3 (2.3.9074.18820) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to ct.ashx.
Published: 2014-10-23 Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote attackers to inject arbitrary web script or HTML via the (1) givenName, (2) familyName, (3) address1, or (4) address2 parameter to registrationapp/registerPatient.page; the (5) comment parameter to all...