At a glance.
- When it’s ok (and not ok) to reuse personal data.
- US Chamber of Commerce urges FTC to delay reporting rules.
- US DoD opens PMO to support zero trust implementation.
When it’s ok (and not ok) to reuse personal data.
Cooley breaks down the guidelines issued last month by the French Data Protection Authority (CNIL) regarding when and how it’s acceptable for processors to reuse personal data for their own purposes. Very specific conditions must be met for this to be permissible, and the burden is on the controller to conduct a case-by-case test to determine whether the reuse is compatible with the data’s original purpose, and also to obtain written authorization and inform the data subjects. Noncompliance by the processor can be considered a violation of the General Data Protection Regulation, so appropriate wording in the data processing agreement is essential to mitigate risk.
US Chamber of Commerce urges FTC to delay reporting rules.
The US Federal Trade Commission (FTC) has proposed cyberincident reporting requirements for the financial sector, but Inside Cybersecurity reports, the Chamber of Commerce is asking them to hold off on implementing them. “The FTC should forgo moving forward on the security event rulemaking unless it can articulate a reasonable plan to harmonize the myriad regulations that affect industry at the state, federal, and international levels vis-à-vis the Safeguards Rule, among many other requirements,” a comment from the Chamber reads. Meanwhile, key industry groups have asked the FTC to pause the implementation of the requirements to make sure the new rules avoid redundancy. In a joint comment, the Bank Policy Institute and Securities Industry and Financial Markets Association stated, “While we recognize that a properly tailored notification requirement can have benefits, reporting obligations should apply only to situations where such notice is not redundant to existing notification requirements and only to those institutions for which the Commission is the principal financial regulator.”
US DoD opens PMO to support zero trust implementation.
Federal agencies acknowledge that zero trust policies – instilling a “never trust, always verify” approach requiring device authentication regardless of location – are an essential method of securing their systems against attack. In order to support its agencies and commands in implementing zero trust, the US Department of Defense (DoD) has opened a new portfolio management office (PMO), and Army Technology talks with Mark Sincevich, federal director of cloud computing security company Illumio, about the importance of this strategy. “One of the reasons this office was created is similar to why the US Office of Director of National Intelligence was created in some respects, to oversee all the 16 other US intelligence agencies and offer continuity,” Sincevich explains. “When the DoD creates a PMO, that means it has funding attached to it and to have an understanding of what’s going on.”