Can U.S. law enforcement use a warrant to seize emails stored outside the U.S. by a cloud services provider? That's the question the Supreme Court has agreed to consider next year. Microsoft continues to fight an order to turn over emails stored in an Irish data center.
Organizations need to develop "a friendly business relationship" with law enforcement so they can share information about a data breach to help with the investigation, says Luis Cerritos of the Royal Canadian Mounted Police.
Organizations that must comply with Europe's GDPR need to identify gaps in their ability to meet various requirements, including making prompt breach notifications and gaining consumers' consent to store their data, says Sunil Chand of Grant Thornton.
In North America, many organizations mistakenly believe the European Union's General Data Protection Regulation won't impact them, says Robert Mills of the Information Security Forum. "If they are multinational and holding EU data, it does apply to them," he points out.
With less than a year to go before enforcement of the EU's General Data Protection Regulation, or GDPR, which applies to any organization that handles Europeans' data, many larger organizations affected in India have yet to make much headway in appointing a data protection officer as required by the law.
Srinivas Poosarla, Infosys's data privacy chief, discusses the impact of the European Union's General Data Protection Regulation, or GDPR, on Indian companies and the steps that security practitioners need to take to comply.
"Fake news" isn't just a political concept. It's also a component of the marketing hype about Europe's General Data Protection Regulation, says Jonathan Armstrong of the law firm Cordery. How can security leaders cut through the hype and focus on what's truly important to their business?
The European Parliament and European Commission are pushing for mandatory end-to-end encrypted communications, and banning backdoors, as part of the EU's rebooted e-privacy regulation. But the move runs counter to anti-crypto rhetoric being spouted by government ministers in Britain and France.
GDPR is in effect, and in one year, regulators will start to assess penalties against enterprises not in conformance with the regulation. How prepared are entities? Will it take a high-profile penalty to get the world's attention? Michael Hack of Ipswitch weighs in.
The House of Representatives has passed the Modernizing Government Technology Act, which supporters contend could help improve the security of the government's information networks. "It will keep our digital infrastructure safe from cyberattacks while saving billions of dollars," says bill sponsor Rep. Will Hurd.