Countries around the world adapt their laws to current demands for data protection
The European Union’s General Data Protection Regulation (GDPR), which has took effect since last May, has renewed the interest of organizations in spending on cybersecurity. Specialists in ethical hacking foresee that the GDPR will influence the budgetary decisions of 65% of the organizations until the end of 2018. They also believe that the impact that this has generated has reached a global scale.
New legislation in the United States
For example, the United States is discussing new legislation by taking as an example GDPR. The California Consumer Privacy Act, drafted this year, provides Californians with rights similar to those established for residents of the European Community, such as the Data Access Subject Request (DASR). By the year 2020, organizations that control or process personal data from US citizens shall to provide any information requested by their clients or employees through a request. Like GDPR, California law will not necessarily require the presence of the data subject in the territory.
The Colorado Congress, on the other hand, is discussing the passage of a law that would force organizations to implement and maintain “reasonable data security procedures”, in addition to “protecting personal information” of Colorado residents. The bill also seeks to broaden the definition of “personal information”, as well as proposing changes in the established periods to report data theft and other security breaches.
At the national level, the Consumer Privacy Act establishes for organizations a 30-day period to report security breaches after they happen. For its part, GDPR gives organizations only 72 hours to report the incident.
Data protection in the United Kingdom
The United Kingdom Information Commissioner Office (ICO) has pointed out that data protection and consumer privacy are today one of the main topics of discussion among British citizens. According to specialists in ethical hacking and data protection, UK legislators have drafted a new data protection law to keep up with GDPR after Brexit.
Data privacy in Australia
The Australian Privacy Act, like GDPR, focuses on consistent privacy regulation throughout its territory. This law seeks to facilitate the free flow of information out of Australian territory and ensures compliance with the privacy of the individual. These targets fall from Australia’s privacy principles, the first of which forces organizations to manage personal data in a transparent manner, thereby demonstrating compliance with all Australian legislation.
Federal data protection in Mexico
The Federal Data Protection Law Held by Private Parties is almost identical to its counterpart in the European Union. Experts on the subject commented that “Mexico, like the EU, lives a decisive moment in terms of data protection, accountability is the key to good governance, and organizations that work with personal data in Mexico share this ideal”. Mexico now demands organizations proactive compliance with privacy laws, in addition to the adoption and implementation of data protection measures.
Accountability, consent and reporting
GDPR is changing the way we do business around the world. Its main goal is to provide a unified framework for protecting the privacy of data from EU residents, which has led other countries to adopt similar measures, so experts in ethical hacking of the International Institute of Cyber Security believe that replicating this legislation can be beneficial for data protection and privacy.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.