iTnews
  • Home
  • News
  • Technology
  • Security

ISF criticises 'privacy puzzle' over data

By SC Australia Staff on Mar 24, 2010 12:45PM

Conflicting standards lead to confusion.

An absence of uniform global legislation, regulations and data privacy standards is leaving a ‘privacy puzzle' for organisations.

The view of the Information Security Forum (ISF) is that organisations are faced with protecting the confidentiality, integrity and availability of personal customer and employee information, but the range of issues affecting them is leaving them confused.

Simone Seth, a senior ISF research consultant and author of the ISF's Solving the Data Privacy Puzzle report, said: “While the changing regulatory climate has placed an increased focus on data privacy, compliance requirements can differ based on geography and industry sector.

“Some countries enact regulation at a federal or state level, while other regulations such as the UK Data Protection Act are based on legal requirements. In other cases, such as the PCI DSS for payment card protection, compliance is based on industry standards; and the problems are further compounded by the increase in third-party relationships and new cloud-based computing.”

It further claimed that security controls are often seen as the solution to privacy compliance obligations, potentially leaving organisations vulnerable to process and business related risks.

Furthermore, blurred boundaries between the organisational functions of information security, compliance and privacy - where these exist separately - can make it more difficult to manage risk across the enterprise.

Despite these anomalies and challenges, the ISF said that almost all data privacy compliance obligations, irrespective of jurisdiction or industry sector, are based on fundamental principles regarding the protection of personal information.

Seth said: “The challenge to address the multiple elements of privacy compliance remains an urgent priority. Failure to comply with obligations may lead to fines, penalties, reputational damage and loss of customer confidence.”

Speaking on PCI DSS compliance last week, Amichai Shulman, CTO of Imperva, said that one of the problems is that deadlines for compliance are set by credit card companies and are not always consistent.

He said: “There are some for small businesses and big companies, it is a moving target but they would have to get there.”

He also commented that there is a budget barrier and auditors are looking at costs that are unrealistic for some businesses.

See original article on scmagazineuk.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
aamongandbaffledconfusioninleavesorganisationsprivacypuzzleregulationssecuritystandards

Partner Content

Why rethinking your CMS is crucial for customer retention
Promoted Content Why rethinking your CMS is crucial for customer retention
How to turn digital complexity into competitive advantage
Promoted Content How to turn digital complexity into competitive advantage
Security "mindset shift" needed to protect organisations
Promoted Content Security "mindset shift" needed to protect organisations
The Great Resignation has intensified insider security threats
Promoted Content The Great Resignation has intensified insider security threats

Sponsored Whitepapers

Free eBook: Digital Transformation 101 – for banks
Free eBook: Digital Transformation 101 – for banks
Why financial services need to tackle their Middle Office
Why financial services need to tackle their Middle Office
Learn: The latest way to transfer files between customers
Learn: The latest way to transfer files between customers
Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see

Events

  • Forrester Technology & Innovation Asia Pacific 2022
By SC Australia Staff
Mar 24 2010
12:45PM
0 Comments

Related Articles

  • HTTP/3 becomes a standard, at last
  • Quad countries to boost CERT cooperation
  • Gov pledges to mandate IoT cyber security standards
  • Government re-launches cyber security strategy
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Services Australia sets changeover date for myGov

Services Australia sets changeover date for myGov

Google Cloud IoT Core goes on the end-of-life list

Google Cloud IoT Core goes on the end-of-life list

NBN Co proposes to axe CVC across all plans by mid-2026

NBN Co proposes to axe CVC across all plans by mid-2026

Bunnings assembles a tech team of 700 in four years

Bunnings assembles a tech team of 700 in four years

Digital Nation

Stakes are higher for cybersecurity in Web3: Gal Tal-Hochberg, CTO at Team8
Stakes are higher for cybersecurity in Web3: Gal Tal-Hochberg, CTO at Team8
Save the Date — Digital Nation Live launches on October 25
Save the Date — Digital Nation Live launches on October 25
Edge and IoT critical to Web3 infrastructure
Edge and IoT critical to Web3 infrastructure
CommBank’s mobile banking app beats ANZ, NAB, Suncorp and Westpac: Forrester
CommBank’s mobile banking app beats ANZ, NAB, Suncorp and Westpac: Forrester
Crypto losses to crime surge to $1.9 B in first half of 2022: Chainalysis
Crypto losses to crime surge to $1.9 B in first half of 2022: Chainalysis
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.