May you live in interesting times: Data Privacy Day 2017

Lynn Wangerin

By LYNN WANGERIN
Stoll Keenon Ogden PLLC

“May you live in interesting times” is purported to be a Chinese curse. Certainly, today’s world of data privacy and protection likely will continue to include “interesting” times.

In observance of Data Privacy Day (January 28, 2017), here are some changes, trends and issues that have arisen or continued since Data Privacy Day 2016.

In January the National Institute of Standards and Technology released updates to the Cybersecurity Framework to address managing cyber supply chain risks. Since its origination in February 2014, the Framework has become recognized as a standard for cybersecurity preparedness. Adopting and following its principles are predicted to save companies millions.
U.S. companies and government agencies suffered a record 1,093 data breaches last year — a 40% increase from 2015, according to the Identity Theft Resource Center. Not included in these numbers are incidents that have yet to bediscovered or were not reported. Among the most publicized incidents are hacks of the Democratic National Committee, Yahoo and Wendy’s.
The Cybersecurity Assurance Report Card for 2016, based on a survey by Tenable Network Security, assigns a C- grade to overall confidence levels that the “world’s cyber defenses are meeting expectations,” with the Cloud earning a D- and mobile getting an F.
Blockchain technology will be ubiquitous. Through uses including Bitcoin, blockchain technology may change how business and finance are managed by enabling transactions to be tracked in visible, unchangeable time-stamped blocks.
IoT, the Internet of Things, is touching more of our lives, but maintaining security for things that connect to — and can be operated through — the Internet remains a concern. How protected are cars, medical devices and home appliances? The Federal Trade Commission has noticed and has filed a complaint against a computer networking equipment manufacturer alleging failure to take reasonable steps to secure routers and Internet-protocol cameras from “widely known and reasonably foreseeable risks to unauthorized access.”
Artificial intelligence (AI) technologies are expected to explode in 2017. AI is based on improvements in data collection and storage, allowing the creation of machines that use the data to “think.” The privacy aspect and hacking concerns relate to collecting and storing massive amounts of data.
In September 2016, the New York Department of Financial Services issued cybersecurity rules and revised rules in December 2016 for financial institutions. The rules set cybersecurity program, policy, training and reporting requirements that are more stringent than federal requirements. At some point, not meeting the rules could be determined as failure to meet industry standards. Other states may follow New York’s
The EU adopted new General Data Protection Regulations toreplace the “Safe Harbor” under which many multinational companies have managed data transfers out of the EU. The new law does recognize the use of Binding Corporate Rules to allow for transfers of personal information from EU to a country outside of the EU.