It's Data Privacy Week 2023! The purpose of this annual campaign by the National Cybersecurity Alliance (NCSA) is twofold: (1) to educate consumers on how to best protect their personal information and (2) to nudge businesses into adopting best practices for data privacy and data protection.
We at TechBeacon want to do our part. Data privacy is an important part of our coverage, and we anticipate it becoming more important as data-privacy awareness increases and new data-privacy laws proliferate and go into effect.
So to help you along your own data-privacy education, here we're highlighting four of our most recent and best articles on compliance with data-privacy laws.
And if Data Privacy Week 2023 (January 22–28) is over, keep reading anyway. After all, every week should be Data Privacy Week—for individuals and organizations alike.
1. Make Your Product Compliant with Privacy Laws: A New Framework
Lawyers have a certain degree of comfort with data-privacy laws, but engineers are less likely to—particularly given how many data-privacy laws there are. At some point, the IT administrators, systems engineers, software developers, cybersecurity specialists, and other technical staffers will have to be able to do their jobs in a compliant manner without having an attorney looking over their shoulder.
In this article, product security and privacy architect Shlomi Ben-Hur lays out a novel framework for complying with privacy requirements from a collection of laws, regulations, and standards—translating the legalese into techspeak. The result is 90 technical requirements graded on a five-point scale for compliance maturity—with a particularized focus on the California Consumer Privacy Act (CCPA) and the EU's General Data Protection Regulation (GDPR).
2. What You Need to Know about KVKK Data-Privacy Requirements
There's more to European privacy laws than GDPR. In Turkey, the Kişisel Verileri Koruma Kurumu (KVKK) (translating to "Personal Data Protection Authority") is in charge of enforcing the nation's Law on Protection of Personal Data No. 6698—Turkey's first legislation specifically addressing personal-data protection. The law came into being in 2016, predating GDPR; as such, it was modeled on GDPR's predecessor, Directive 95/46/EC.
In this evergreen article on Turkish data-privacy compliance, data-security evangelist Cumhur Keles provides insights into registration considerations and privacy-related duties for those handling Turkish citizens' data.
3. Organizations Unprepared for CPRA, Survey Finds
In November 2020, California promulgated the California Privacy Rights Act (CPRA)—a collection of updates and amendments to California's GDPR analog, the CCPA. With the CPRA going into effect in July 2023 (and retroactively applying from January 2022 on), writer Dustin Lowman took the opportunity to give TechBeacon readers a look into (1) a view of some of the CPRA's updates and changes and (2) what the practical effect will be on business.
In this article, Lowman takes a look at the maturity of organizations' data-privacy programs, citing findings and recommendations from a report on CPRA compliance by Osterman Research and Micro Focus.
4. GDPR vs. PIPL: 4 Differences
Speaking of GDPR analogs, on November 1, China's own analog to GPDR—the Personal Information Protection Law (PIPL)—went into effect.
But how similar is PIPL to GDPR? Well, the gist is much the same ("GDPR analog" should have spelled that out for you)—in particular, the breadth of coverage and the long-arm jurisdiction. But there are some quirks differentiating the two. These differences are too numerous and voluminous to include in a standard TechBeacon article, so this article focuses on four notable distinctions that respectively involve:
(1) The treatment and categorization of sensitive information
(2) The treatment and categorization of the personal information of minors
(3) Differing regulatory-oversight standards over risk assessments
(3) The severity of penalties for violators
Also, I hear the author of the article is a talented writer and very handsome and possibly underpaid and not at all biased or vain, so it's worth a look on that basis alone.
Keep learning
Learn from your SecOps peers with TechBeacon's State of SecOps 2021 Guide. Plus: Download the CyberRes 2021 State of Security Operations.
Get a handle on SecOps tooling with TechBeacon's Guide, which includes the GigaOm Radar for SIEM.
The future is security as code. Find out how DevSecOps gets you there with TechBeacon's Guide. Plus: See the SANS DevSecOps survey report for key insights for practitioners.
Get up to speed on cyber resilience with TechBeacon's Guide. Plus: Take the Cyber Resilience Assessment.
Put it all into action with TechBeacon's Guide to a Modern Security Operations Center.