CISOs are not just the keepers of our data – they must be its custodians

4 months ago AndyC

For example, the European Parliament passed a Data Act in November, expected to go into force early next year, and the UK House of Lords is currently debating its own Data Protection and Information Bill.

[…]

CISOs are not just the keepers of our data – they must be its custodians

For example, the European Parliament passed a Data Act in November, expected to go into force early next year, and the UK House of Lords is currently debating its own Data Protection and Information Bill. In the US, 12 states have already signed comprehensive privacy laws, and eight have them in process. On a federal level, the American Data Privacy and Protection Act (ADPPA) is making its way through Congress, gaining wide bipartisan support when it was first introduced in 2022.

As well as these regional standards, industry-specific frameworks like the Health Insurance Portability and Accountability Act (HIPAA) and payment card industry (PCI) compliance standards exist.

These regulations serve the dual purpose of protecting individuals’ privacy and security while establishing ethical standards for responsible data handling. Companies must remain informed about existing legislation and proactively anticipate and adapt to forthcoming changes.

CISOs as custodians – proactive defenders of our data

Effective navigation of this intricate regulatory landscape extends beyond mere compliance: it necessitates strategic, ongoing commitment. While data owners may define policies, custodians are responsible for implementing and ensuring adherence to these policies.

The landscape of data custodianship in the digital age is one defined by constant evolution, where CISOs emerge as the linchpins of responsible information management. As organizations navigate the complexities of the regulatory and compliance landscape, understanding and embracing the essentials of data custodianship becomes paramount to fostering a culture of trust, accountability, and ethical data practices.

The proactive role of CISOs, positioned as natural custodians, is central to fortifying organizations against evolving cyber threats and ensuring compliance with privacy regulations. By systematically integrating stringent measures aligned with prevailing industry standards, these CISOs exemplify the commitment required to uphold privacy and security imperatives. In the face of an ever-evolving regulatory panorama, such organizations demonstrate the resilience necessary to navigate complexities and ensure ethical data practices.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , ,

More Stories

UK government’s Pensions Dashboards Programme delayed

UK government’s Pensions Dashboards Programme delayed

2 hours ago AndyC
Raj Polanki’s five steps by which CIOs can lead holistically

Raj Polanki’s five steps by which CIOs can lead holistically

5 hours ago AndyC
Strict return-to-work policies may be driving tech workers away

Strict return-to-work policies may be driving tech workers away

5 hours ago AndyC
How to successfully integrate data in a hybrid environment

How to successfully integrate data in a hybrid environment

8 hours ago AndyC
Rethinking DevOps and automation with a layered approach

Rethinking DevOps and automation with a layered approach

8 hours ago AndyC
6 lessons to learn from the 60-year history of the modern mainframe

6 lessons to learn from the 60-year history of the modern mainframe

8 hours ago AndyC

You may have missed

Exclusive: How AvePoint is tackling complex data management

Exclusive: How AvePoint is tackling complex data management

2 hours ago AndyC
Cloudflare launches comprehensive suite for cyber risk management

Cloudflare launches comprehensive suite for cyber risk management

2 hours ago AndyC
ManageEngine integrates Log 360 with Constella for dark web monitoring

ManageEngine integrates Log 360 with Constella for dark web monitoring

2 hours ago AndyC
<div>CrowdStrike & NinjaOne unite for comprehensive cyber defence</div>

CrowdStrike & NinjaOne unite for comprehensive cyber defence

2 hours ago AndyC
Google unveils AI-driven threat intelligence to streamline defences

Google unveils AI-driven threat intelligence to streamline defences

2 hours ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.