Risk Roundup for September and October 2018
Our final Risk Roundup of 2018 checks in with GDPR at 100 days, braces for a devasting hurricane in Florida, goes online for Google’s data breach before wrapping up with Yahoo’s $50 million-plus class action lawsuit for its data breach.”
GDPR 100 days later
In early September, GDPR, the European Union regulation on data protection and privacy, crossed the 100-day mark. This video interview shows GDPR has made an impact but UK businesses are just now starting to embed processes for managing GDPR requirements. Overall, there has been a shift from keeping data to more urgently discarding of it. Whether it’s GDPR, California’s Consumer Privacy Act of 2018, or data privacy bills under review in state houses, how your company protects people’s privacy is growing in importance.
On October 10, Hurricane Michael hit the Florida Panhandle near Mexico Beach as a Category 4 hurricane leaving devastation in its wake. The hurricane was the strongest storm ever recorded in the Florida Panhandle, and local regulations do not require building to withstand hurricane-force winds. The lesson here is being prepared for anything. It’s a good time to review and update your company’s business continuity and disaster recovery plan.
Google data breach
The Wall Street Journal reported a software glitch at Google that gave outside developers potential access to private Google+ profile data for three years. What made the breach noteworthy was the appearance that Google failed to provide breach notification for fear of triggering regulatory interest. Time will tell what falls out from this tech giant’s data breach and initial disregard for breach notification rules that are a key aspect of managing data privacy risk.
Yahoo’s $50 million-plus class action settlement for data breach
Based on a proposed agreement that would settle a class action suit, Yahoo will pay out millions of dollars to Yahoo users whose identity was compromised between 2012 and 2016. Legal fees will add millions more to the bill. While most organizations are rightfully concerned about customer trust and company reputation, this agreement is a helpful reminder of the financial ramifications of a data breach.
That’s it for our November edition of Risk Roundup. We’ll be back in January with a roundup of notable risks from November and December.
Learn about CIS’s first five controls and examine what each control addresses.
Learn about how privacy programs and the importance of being prepared for a breach.
Learn about the constant vigilance of continuous security monitoring.