Gear-up for CyberSafety Compliance.
The CyberSafety Registry is a risk scoring service providing a compliance impact score and governance risk evaluation to address the compliance requirements affecting the regulatory environment of date exposure relevant to business sectors, and trade verticals by geography. That said, compliance is the new risk to business.
Yesterday’s Privacy Regulation vs. Today’s GDPR Compliance
Academic experts who participated in the formulation of the GDPR agree that the law is the most consequential regulatory development in information policy and privacy in a generation. The GDPR brings personal data into a complex and protective regulatory regime. The ideas contained within the GDPR are not entirely European, nor new to the European Economic Area (EEA). Similar regulations, albeit in weaker and less prescriptive forms are found in U.S. privacy laws and in Federal Trade Commission settlements with companies. [1]
The mandatory mass adoption of the new privacy standards by international companies is an example of the “Brussels effect” phenomenon wherein European laws and regulations are used as a global baseline due to their gravitas.[2]
Research indicates that approximately 25% of [all] software vulnerabilities have GDPR implications.[3] For example, the GDPR’s Article 33 emphasizes the consequences of breaches, not bugs, and advises security experts of companies to invest in processes and capabilities to identify vulnerabilities including Coordinated vulnerability disclosure processes before they can be exploited.[4][5]
Another example is GDPR Article 37 which requires appointment of a Data Protection Officer (DPO). If data processing is carried out by a public authority (except for courts or independent judicial authorities when acting in their judicial capacity), or if processing operations involve regular and systematic monitoring of data subjects on a large scale — the DPO is the person with expert knowledge of data protection law(s) and practices. Therefore, the DPO must be designated to assist the controller or processor in monitoring internal compliance under the GDPR. [10]
USA vs. International Laws
The U.S. State of California passed the California Consumer Privacy Act (ACT) on June 28, 2018, taking effect January 1, 2020. The ACT grants rights to the transparency and control over the collection of personal information by companies in a similar means to GDPR. Advocates argue that such laws must be implemented at the federal level to be universally effective and eliminate confusion and complications if similar laws are implemented on a state by state basis.[6][7][8]
Recently, U.S. Senators Deb Fischer and Mark Warner introduced the Deceptive Experiences To Online Users Reduction (DETOUR) Act, on April 9, 2019, making it unlawful for U.S. technology companies with over 100 million monthly active users to use deceptive and ambiguous user interface patterns when seeking consent to collect personal information.[9]
CyberSafety-as-a-Score (CsaaS)
The CyberSafety Registry (CSR) is a compendium of data privacy and cybersecurity regulations matched to a global compliance directory of rules and recitals within a single database. It is a practical, extensive, searchable database incorporating the regulations and business rules from the EU/GDPR, U.S.A., and Canada’s data privacy security regulations. The CSR is of critical importance to all organizations who must comply with the above regulations to function in today’s online business services environment.
Compliance Impact Score (CIS) is a practical, extension of the CSR compendium that identifies the complex regulatory exposures affecting an individual organization into a meaningful, cross-correlated summary of regulatory compliance language including a score. The Compliance Impact Score is the measured outcome that quantifies the combined risk of each regulation and its impact to business operations.
Governance Risk Score (GRS) is a resourceful cross-reference tool matched to 170+ governance risk questions and compliance rules that help the CISO/DPO manage their inherent responsibilities in the complex regulatory world of data security and privacy in a cloud service world. The outcome is an objective GRS score is to qualify/quantify the governance risks of an individual organization attributable to non-compliance of the mandated regulatory requirements of business data protection operations and policies.
The combination of the CIS and GRS is the basis of the CyberSafety Score (CSS). CSS is a real-time, relevant and accurate cyber-safety comparative analysis of an organization’s risk attributed to data governance, cybersecurity and data privacy. The CSS is incrementally applied to demonstrate the level of compliance in cyber-risk protection afforded to data, software, hardware, including operations and policies in IT network environments. Ultimately, the CSS is a corporate measure of its data compliance and is as important to a company as any other measure related to a businesses’ corporate health.
About CloudCover
CloudCover is a software-defined cybersecurity risk aware, risk control organization with the goal of utilizing automated intelligent risk analytics to underwrite cybersecurity data insurance in sub-second. Since inception, CloudCover’s research and development expanded its product portfolio with AI-based machine learning, i.e., Automated Intelligence machine learning, including decentralized blockchain technology to revolutionize the insertion of the CyberSafety Platform that will disrupt traditional data privacy structures lacking sub-second cybersecurity.
“Our CyberSafety compliance scoring approach goes well beyond the rules-based compliance solutions and data base configurations of today. The CSR enables us to stake claim on the new compliance marketplace, making compliance scoring a risk metric within the next generation’s cyber-safety insurance markets.” The CSR constitutes yet another critical technology first, which sees data governance and compliance risk scoring as key practice information of its overall technology strategy to provide real time cybersecurity data insurance, on-demand.
For more information, please visit: https://cloudcover.cc or follow @TheCloudCover on Twitter.
1. Hoofnagle, Chris; van der Sloot, Bart; Borgesius, Frederik Zuiderveen (10 February 2019). “The European Union general data protection regulation: what it is and what it means”.
2. Roberts, Jeff John (25 May 2018). “The GDPR Is in Effect: Should U.S. Companies Be Afraid?”. Archived from the original on 28 May 2018. Retrieved 28 May 2018.
3. “What Percentage of Your Software Vulnerabilities Have GDPR Implications?” (PDF). HackerOne. 16 January 2018. Archived (PDF) from the original on 6 July 2018. Retrieved 6 July 2018.
4. “The Data Protection Officer (DPO): Everything You Need to Know”. Cranium and HackerOne. 20 March 2018. Archived from the original on 31 August 2018. Retrieved 6 July 2018.
5. “What might bug bounty programs look like under the GDPR?”. The International Association of Privacy Professionals (IAPP). 27 March 2018. Archived from the original on 6 July 2018.
6. “Commentary: California’s New Data Privacy Law Could Begin a Regulatory Disaster”. Fortune. Retrieved 10 April 2019.
7. “California Unanimously Passes Historic Privacy Bill”. Wired. Archived from the original on 29 June 2018. Retrieved 29 June 2018.
8. “Marketers and tech companies confront California’s version of GDPR”. Archived from the original on 29 June 2018. Retrieved 29 June 2018.
9. Kelly, Makena (9 April 2019). “Big Tech’s ‘dark patterns’ could be outlawed under new Senate bill”. The Verge. Retrieved 10 April 2019.
10. 4 Data protection officer, https://en.wikipedia.org/wiki/General_Data_Protection_Regulation, Retrieved Wikipedia 14 August 2019.
© copyright cloudcover 2019 / All rights reserved.
