Tech giants subverting US version of Europe’s GDPR
Tech giants have said they’d support a federal data regulation across the US, under the condition that it comes into force before the Californian Consumer Privacy Act, but is this just an attempt to avoid European-style privacy laws?
On Wednesday, during a hearing before the Senate Committee on Commerce, Science and Transportation, a number of tech companies, including Google, Amazon, Apple and Twitter, supported an alternative federal privacy law. To many, this is a blatant attempt to avoid GDPR-style data protection laws.
>See also: Big tech firms want to “clean-up” the California Consumer Privacy Act …
Matt Lock, Director of Sales Engineers at Varonis, said: “It’s the GDPR effect – consumers are wising up to how big tech companies buy and sell their data and are demanding change. Tech leaders are afraid that consumer privacy laws similar to the GDPR will gain popularity among U.S. states and upend their business model, which often involves treating a person’s data as a commodity to be bought and sold in exchange for a free service.”
“When an industry bands together to help steer the discussion in their favour it’s because they fear strict laws down the road. California may be the first state to adopt GDPR-like laws, but it will not be the last.”
>See also: The California Consumer Privacy Act and the EU’s Privacy Regulation
Insiders cause 73% of data breaches in the UK
Cyber security is big business, as it gets ever more complex, companies tend to spend more preventing it. However, new research from Netwrix, the data security firm, suggests spending is in vain if organisations don’t understand where their biggest pressure points are.
While 50% of UK respondents consider hackers to be the most dangerous threat actors in terms of data breaches, Netwrix found that in reality it’s insiders that cause security incidents in 73% of cases.
>See also: Insider threat: most security incidents come from the extended enterprise
According to the survey that polled 1,558 global respondents, a fifth of UK organisations don’t know where sensitive data is located and how employees deal with it.
Matt-Middleton Leal, EMEA General Manager at Netwrix, said: “Even though GDPR has become a catalyst for UK companies to revise their security strategies, the majority of them still lack the support of their leadership teams to invest in building a holistic approach to cyber security. To improve the situation, the companies need three key points.”
>See also: How to manage and mitigate insider threats?
“The first is to follow one of the security best practice frameworks to ensure all controls are addressed. The second is to obtain visibility into their IT infrastructure and their sensitive data to ensure the right decisions and investments are being made.”
“The third, companies need to ensure their incident response plans are robust, this includes having access to user behaviour records, to replay incidents and ensure an accurate and fast remediation actions. This will help them improve their security posture and remain compliant with multiple compliance mandates not just GDPR.”
Uber pays $148m (£113m) to settle legal action over data breach
Ride-hailing firm Uber is paying $148m to settle legal action over a major data breach in 2016 which Uber initially tried to hide from regulators.
Uber has already paid the hackers behind the breach, which exposed data from 57 million customer and drivers, a $100,000 to delete the data they snatched from Uber’s cloud servers.
Uber’s $148m payment settles action brought by the US government and 50 states over Uber’s failure to disclose details of the data loss. Legal action brought by drivers, customers and the cities of Los Angeles and Chicago over the breach is still ongoing.
>See also: The dark side of Uber’s amazing customer experience
Tony West, Chief Legal Officer of uber, in a blog post, Turning the Page on the 2016 Data Breach, claimed that the settlement was in line with their focus on both physical and digital safety for our customers, which the company recently announced.
West added: “Our current management team’s decision to disclose the incident was not only the right thing to do, it embodies the principles by which we are running our business today: transparency, integrity, and accountability. An important component of living up to those principles means taking responsibility for past mistakes, learning from them, and moving forward.”
“We know that earning the trust of our customers and the regulators we work with globally is no easy feat. After all, trust is hard to gain and easy to lose. We’ll continue to invest in protections to keep our customers and their data safe and secure, and we’re committed to maintaining a constructive and collaborative relationship with governments around the world.”