Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
digital economy is built on data—massive streams of data being created, collected, combined
and shared—for which traditional governance frameworks and risk-mitigation strategies are
insufficient.
It’s a game of catching up! Since data have exploded in recent years, it spurs policy debates and
yielded new and often overlapping regulations aimed at protecting consumer data and privacy.
Threat Landscape - shift towards reducing the use of complex malicious software and
infrastructures and going towards low profile social engineering attacks according to
European Union Agency for Cybersecurity (ENISA).
In the past, the scope for digital risk was limited to cybersecurity threats but leading
organizations must now also recognize risks from lackluster ethical data practices.
Business Model - Businesses will need to bridge the gap in security knowledge among the
operated services and end users of the service. The consumption of CTI knowledge is a
major step to achieve this goal.
Regulatory Environment – are trying to catch up, as data management and compliance
appears to be a moving target.
Culture change
Mabna Hackers allegedly stole more than 31TB of data from over 140 US universities, 30
US companies and five government agencies, alongside more than 176 universities in 21
other countries;
The cost of global data breaches to victim organizations will rise to over $5 trillion by 2024 as
regulatory fines take hold and firms become more dependent on digital systems, according to new
predictions from Juniper Research.
Around the world, data privacy and security regulators are becoming more active and tougher on
businesses with poor data protection practices.
Regulators are dedicating more resources to the enforcement task and we are expecting higher
penalties to be issued for non-compliance moving forward.
Regulators are also starting to collaborate with their counterparts across borders in order to align
themselves and support each other.
1. Insufficient data security and data breach notification requirements (which are increasingly
being made mandatory) will be a number #1 priority for regulators in all regions as most
recently evidenced by the UK ICO's first GDPR enforcement actions. Insufficient data
security or inadequate data incident response ranks amongst the three most common
compliance mistakes committed by business across jurisdictions indicating that many
businesses would be wise to focus their efforts on data security and incident response
practices.
2. Online Consent businesses of all sizes relying on data subject consent as a processing
ground would be wise to ensure they are transparent about their data practices vis-à-vis
the data subjects and enable data subjects to be in control of their data. A challenging task
given the requirement to make privacy notices clear and concise but at the same time
complete and comprehensive.
4. Cookies and other online tracking technologies are an important analytics tool for many
businesses. Cookie walls which block users from accessing a website or app unless the
user consents to the placing of tracking technology risk a finding that consent is not
voluntary.
5. Thhey should be reviewed and adapted to ensure users are given a genuine choice
between accepting or rejecting any tracking. Regulators views are currently not consistent
as to when such choice is given, so an area to watch for more guidance
6. Data residency requirements - Obligations to store certain personal data within the
jurisdiction are very prominent particularly prominent in Asia (e.g., China, Vietnam, India
and Indonesia) and are a particular challenge for businesses that largely operate online
and do not typically set up technology infrastructure in each jurisdiction where they offer
their products or services.
8. Cross-border compliance