iTnews

ISF criticises 'privacy puzzle' over data

By SC Australia Staff on Mar 24, 2010 12:45PM

Conflicting standards lead to confusion.

An absence of uniform global legislation, regulations and data privacy standards is leaving a ‘privacy puzzle' for organisations.

The view of the Information Security Forum (ISF) is that organisations are faced with protecting the confidentiality, integrity and availability of personal customer and employee information, but the range of issues affecting them is leaving them confused.

Simone Seth, a senior ISF research consultant and author of the ISF's Solving the Data Privacy Puzzle report, said: “While the changing regulatory climate has placed an increased focus on data privacy, compliance requirements can differ based on geography and industry sector.

“Some countries enact regulation at a federal or state level, while other regulations such as the UK Data Protection Act are based on legal requirements. In other cases, such as the PCI DSS for payment card protection, compliance is based on industry standards; and the problems are further compounded by the increase in third-party relationships and new cloud-based computing.”

It further claimed that security controls are often seen as the solution to privacy compliance obligations, potentially leaving organisations vulnerable to process and business related risks.

Furthermore, blurred boundaries between the organisational functions of information security, compliance and privacy - where these exist separately - can make it more difficult to manage risk across the enterprise.

Despite these anomalies and challenges, the ISF said that almost all data privacy compliance obligations, irrespective of jurisdiction or industry sector, are based on fundamental principles regarding the protection of personal information.

Seth said: “The challenge to address the multiple elements of privacy compliance remains an urgent priority. Failure to comply with obligations may lead to fines, penalties, reputational damage and loss of customer confidence.”

Speaking on PCI DSS compliance last week, Amichai Shulman, CTO of Imperva, said that one of the problems is that deadlines for compliance are set by credit card companies and are not always consistent.

He said: “There are some for small businesses and big companies, it is a moving target but they would have to get there.”

He also commented that there is a budget barrier and auditors are looking at costs that are unrealistic for some businesses.

See original article on scmagazineuk.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
a among and baffled confusion in leaves organisations privacy puzzle regulations security standards

Partner Content

How Australian governments can accelerate their cloud-first IT strategies
Promoted Content How Australian governments can accelerate their cloud-first IT strategies
Business email: the ultimate playground for cybercriminals
Promoted Content Business email: the ultimate playground for cybercriminals
Kick the tyres of AI systems using real world data at #BuildWithAI Hack 2021
Promoted Content Kick the tyres of AI systems using real world data at #BuildWithAI Hack 2021
NDR comes of age as frontline security application
Promoted Content NDR comes of age as frontline security application

Sponsored Whitepapers

The CISO View 2021 Survey: Zero Trust and Privileged Access
The CISO View 2021 Survey: Zero Trust and Privileged Access
How and why to backup your Office 365 tenant
How and why to backup your Office 365 tenant
ForgeRock for Australia’s Trusted Digital Identity Framework (TDIF)
ForgeRock for Australia’s Trusted Digital Identity Framework (TDIF)
How engineering has been operating in the dark and what to do about it
How engineering has been operating in the dark and what to do about it
The Top Six Digital Transformation Trends Shaping Business and Society
The Top Six Digital Transformation Trends Shaping Business and Society

Events

  • SAP e'ffect 2021
  • #DevDay
By SC Australia Staff
Mar 24 2010
12:45PM
0 Comments

Related Articles

  • Geolocation threats rise following demonstration of router hacking that can pinpoint a person's home
  • Company directors could be held accountable for cyber security failures
  • More than 20,000 US organisations compromised through Microsoft email flaw
  • Israel reportedly slashes list of countries that can buy cyber tech
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

NSW bans police from accessing QR code check-in data

NSW bans police from accessing QR code check-in data
Macquarie Bank shoots for eight technology 'north stars' for 2025

Macquarie Bank shoots for eight technology 'north stars' for 2025
Insurers run from ransomware cover as losses mount

Insurers run from ransomware cover as losses mount
South32 to pursue new IT operating model

South32 to pursue new IT operating model

Digital Nation

Catastrophic governance failures are rooted in organisational culture
Catastrophic governance failures are rooted in organisational culture
Case Study: Intrepid Group uses global travel shutdown to reimagine HR function
Case Study: Intrepid Group uses global travel shutdown to reimagine HR function
Case Study: Keeping CPA's board up to date about cybersecurity risks
Case Study: Keeping CPA's board up to date about cybersecurity risks
Fringe innovation unlocks power of diverse thinking
Fringe innovation unlocks power of diverse thinking
COVER STORY: Automation drives marketing success but complexity torments delivery
COVER STORY: Automation drives marketing success but complexity torments delivery
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.