ICO urges data protection
A report urging organisations to put a value on personal information and invest in privacy protection was released by the Information Commissioner's Office this week.

A report urging organisations to put a value on personal information and invest in privacy protection was released by the Information Commissioner's Office this week.



From forensic cyber to encryption: InfoSec17
Security technologist Bruce Schneier’s insights and warnings around the regulation of IoT security and forensic cyber psychologist Mary Aiken’s comments around the tensions between encryption and state security were the top highlights of the keynote presentations at Infosecurity Europe 2017 in London.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
Information Commissioner Christopher Graham said that not only is it the law to protect people's privacy, but there is also a business imperative.
Privacy protection should be hard-wired into organisational culture and governance, he said.
But the document has been criticised for not addressing the belief that data breaches only happen to other people.
Chris McIntosh, CEO of encryption company Stonewood, said: "The risks to security, reputation and the well-being of employees and customers that can be caused by data loss have been well documented but more discussion is needed to convince organisations that not only can this happen to them, it more than likely will."
The report offers guidance on steps to assess the costs and benefits of a privacy protection scheme, creating business cases for implementing a new system or change an existing one, and assessing the value of personal information and putting figures to the business case.
But McIntosh said: "While this report will be a useful tool to those seeking to convince their organisation to secure data, it does not address the crucial issue of organisations trusting to luck."
Read more on IT risk management
-
Why businesses must think like criminals to protect their data
-
Security Think Tank: Use awareness, education and controls to halt cryptojacking
-
Security Think Tank: Awareness is a good starting point to counter fileless malware
-
Security Think Tank: Human, procedural and technical response to fileless malware
Start the conversation
0 comments