POPULARITY
In this special compilation episode of AI and the Future of Work, we celebrate Data Privacy Day by revisiting powerful conversations with industry leaders tackling some of today's biggest AI challenges. From deepfake detection to ethical AI, this episode highlights the critical role of privacy, trust, and security in the future of AI.Join us as we revisit insights from top experts in AI:
The nature of work and careers is undergoing profound changes that are often obscured by debates over return-to-work mandates. This week we consider the rise of decentralized work that's networked and elevates autonomy over outdated command and control approaches developed in a different century. Plus: a celebration of Data Privacy Day and Deepseek's cannonball into the Big Tech AI pool party.Watch us on YouTubeTroy Young's People vs Algorithms newsletterBrian Morrissey's The Rebooting newsletterAlex Schleifer's Human ComputerFollow Alex, Brian and Troy on Twitter
It's national data privacy day! What better day to focus your attention on keeping your data secure than now. Take a couple of moments today and throughout the week to evaluate and safeguard your identity so you can effectively protect yourself from current or future threats. Links: Check out resources from the National Cybersecurity Alliance and the Cybersecurity & Infrastructure Security Agency Learn more about the features and benefits of a Better Checking Account with IDProtect Register or log into our Better Checking portal to access the credit score tracker, credit report and other account benefits Transcript: Welcome to Money Tip Tuesday from the Making Money Personal podcast. One of the most important things you can do for yourself is to take identity and privacy threats seriously. There are new breaches occurring every day that choosing to not take steps for proper security could be costly. It's critical to put guards in place before any threat arises. If you use digital services, tools and technology, National Privacy Day, and Week, is a great time to assess your existing security protocols and determine whether you're adequately protected. With fraud threats everywhere, it's important to remember to stay on top of current scams to keep your privacy secure. Familiarize yourself with common tactics scammers use to trick you as well as stay abreast of new tactics arising. Check out the National Cybersecurity Alliance at Stay Safe Online for up to date information and resources about proper cyber protection. You can also explore resources and tools from the Cyber Security and Infrastructure Security Agency at CISA.gov. Other, more active steps to take involve reviewing your current situation and identifying any areas where security could be improved. Ensure all account passwords are secure, that you have proper PIN or biometric authentication on all devices and that all have been maintained with the most recent updates. Monitor all your credit and credit card information. Make sure you're paying attention to all your credit cards and have sufficient access to card controls to easily turn them off if they're lost or stolen. Set up notifications for immediate awareness any time your cards are used. Receiving a simple message on card usage gives you the ability to act immediately if a suspicious charge occurs. Keep an eye on your credit score for any inconsistencies or anomalies. Familiarize yourself by checking your score and viewing your current credit report. Your credit report will list out all your open credit lines, loans and other information like credit inquiries, payment history and other personal data regarding your credit activity. Look over the report to ensure all the activity is legitimate and accurate. Finally, consider identity theft protection. Having identity theft protection offers benefits that help prevent fraud as well as cover you in case fraud occurs. These services monitor data bases and the dark web for sensitive information that way if any issue arises, you can act swiftly to resolve any issues. They also offer expense reimbursement, case managers and recovery assistance to help all throughout the recovery process. With a Triangle Better Checking account you can get affordable access to amazing identity theft protection benefits for a small monthly fee of $4.99. With this one account you'll gain access to identity theft monitoring, reimbursement coverage, a credit score tracker, credit reporting, card registration as well as reimbursement coverage and full service identity recovery with a case manager if you ever become a victim. To learn more about the benefits and for further account information, visit trianglecu.org. If you already have a Better Checking account you're already enrolled in the protection service but to access the other great benefits register at betterchecking.trianglecu.org to get started there. If keeping your identity and sensitive information is high on your priority list, take some time today or throughout the week to set up additional protections for your devices and identity. If there are any other tips or topics you would like us to cover, let us know at tcupodcast@trianglecu.org. Like and follow our Making Money Personal FB and IG page and look for our sponsor, Triangle Credit Union on social media to share your thoughts. Thanks for listening to today's Money Tip Tuesday and check out our other tips and episodes on the Making Money Personal podcast. Have a great day!
What should we celebrate on January 28th? What is the difference between Privacy and Data Protection? What about Data Privacy? Will Data Protection (or Data Privacy) evolve to encompass many of the things we now discuss in the context of AI regulation? We have asked Carissa Véliz (Oxford University), Gabriela Zanfir-Fortuna (Future of Privacy Forum), Markus Wünschelbaum (Advisor, Hamburg Data Protection Authority), Brendan Quinn, and Tim Turner. What do you think? Feel free to participate in the conversation by finding this episode's post on: Our Spotify feed: https://open.spotify.com/show/6M2DpgfTPaGCHm31rKstBr Our LinkedIn channel: https://www.linkedin.com/company/masters-of-privacy/ Our YouTube channel: https://www.youtube.com/@MastersofPrivacy References: Council of Europe: Data Protection Day US Government: Data Privacy Day
Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society. In this episode, Justin interviews CISA Chief Privacy Officer James Burd about data privacy and protection. Topics include how CISA protects agencies and critical infrastructure, how they responded to a recent data attack, and what risk professionals and data privacy professionals can work together to ensure their organization is resistant to data breaches. Listen for actionable ideas to improve the cyber security at your organization. Key Takeaways: [:01] About RIMS and RIMScast. [:14] Public registration is open for RISKWORLD 2025! RIMS wants you to Engage Today and Embrace Tomorrow in Chicago from May 4th through May 7th. Register at RIMS.org/RISKWORLD and the link in this episode's show notes. [:32] About this episode. We will discuss data privacy with James Burd, the Chief Privacy Officer of The Cyber Infrastructure Security Agency (CISA) here in the U.S. [:58] RIMS-CRMP Workshops! On February 19th and 20th, a two-day virtual workshop for the RIMS-CRMP will be led by former RIMS President Chris Mandel and presented by the RIMS Greater Bluegrass Chapter, the 2024 RIMS Chapter of the Year. [1:20] The next RIMS-CRMP-FED exam course will be held from February 4th through the 6th, 2025. Links to these courses can be found through the Certification page of RIMS.org and this episode's show notes. [1:36] Virtual Workshops! Chris Hansen will return on February 11th and 12th to lead the two-day course “Claims Management”. Gail Kiyomura of The Art of Risk Consulting will host the “Fundamentals of Insurance” virtual workshop on February 19th and 20th, 2025. [1:59] On February 26th and 27th, Elise Farnham of Illumine Consulting will lead “Applying and Integrating ERM”. “Managing Data for ERM” will be hosted by Pat Saporito. That course starts on March 12th, 2025. [2:22] A link to the full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode's show notes. [2:34] The RIMS Legislative Summit 2025 is back! It will be held on March 19th and 20th in Washington, D.C. Join RIMS for two days of Congressional meetings, networking, and advocating on behalf of the risk management community. [2:51] This event is open for RIMS members only so if you're not a member, join now! Visit RIMS.org/advocacy for registration details. [3:02] Interview! It is Data Privacy Week here in the U.S., through January 31st. This is an annual effort to promote data privacy awareness and education. Its events are sponsored by the National Cybersecurity Alliance. This week's theme is Take Control of Your Data. [3:23] Here to discuss how to take control of your data, and the best practices that risk professionals and business leaders need to know, is Chief Privacy Officer of CISA, James Burd. [3:36] James is the senior agency leader responsible for managing and overseeing CISA's privacy, external civil rights, civil liberties, and transparency programs. [3:46] We're going to talk about some of the big events that made headlines in late December and early January around cybersecurity and data privacy and the frameworks and strategies that risk professionals can implement to take control of their data. [4:02] CISA Chief Privacy Officer James Burd, welcome to RIMScast! [4:18] James has a fantastic team of privacy, transparency, and access professionals who provide transparency to the American public while integrating full privacy rights, liberties, and protections into the management of a safe, secure, and resilient infrastructure. [4:48] As Chief Privacy Officer, James Burd's primary responsibility is to ensure that privacy is at the forefront and integrated into every initiative, program, and policy CISA undertakes, regardless of whether it's by policy, process, or technical solutions. [5:00] This includes ensuring compliance with Federal privacy laws and embedding privacy considerations in the agency's operations and partnerships. [5:08] Protecting critical infrastructure inherently involves safeguarding sensitive and critical information that any organization holds, whether it's CISA or any of the many stakeholders of CISA. Privacy and cybersecurity are inherently interconnected. [5:21] CISA ensures its cybersecurity programs focus on protecting systems, networks, and data from unauthorized access while the privacy portion ensures that personal and sensitive data are handled responsibly, ethically, and securely. [5:39] What are the keys to a strong cybersecurity strategy? [5:52] The work CISA does in the privacy world is to ensure that the information CISA is holding is secure and safeguarded and also to tell the public how exactly they do that. [6:14] In the early days of CISA, it was a Computer Emergency Readiness Team (CERT). CERTs respond to major cybersecurity incidents at a state, local, national, or international level. A cybersecurity incident in the U.S. is similar to a cybersecurity incident in any nation. [6:50] All nations are facing the same cybersecurity issues. CISA's international work is about information sharing and helping each other understand what threats we all face. [7:19] Integrating privacy into risk management frameworks is a core consideration. A lot of the privacy work CISA does with risk managers is for ERM, identifying privacy risks and impacts and ensuring that mitigation strategies align with goals. [7:42] Risk managers are key partners in implementing strong data governance practices. CISA works with them to establish policies for data handling, access, and usage that align with the security needs and privacy protection of an agency or organization. [7:56] Risk managers have the opportunity to help privacy officers identify a privacy problem or privacy risk all across the organization. That's part of the risk manager's job as a point person. [9:13] CISA wants to do this privacy protection work with organizations before a breach. Many privacy professionals have learned the hard way that if you don't collaborate up front, you have to collaborate later, as a result of your emergency. That's not a great day. [9:29] Risk professionals have different viewpoints to consider. They may see that some privacy risks overlap with some financial risks, depending on the risk owner's point of view. It doesn't make sense to solve the same problem in 10 different ways. [10:30] The National Institute of Standards and Technology (NIST) is a valuable partner of CISA's. NIST can see what works or doesn't work as a conceptual or technical framework. NIST studies a problem from several angles and gives CISA an effective solution for the framework. [11:23] Daniel Elliott of NIST has been on RIMScast. James has collaborated with Daniel. [11:49] CISA is a collaborative agency. It does not exist without its partners and stakeholders. When NIST facilitates conversations between CISA and other stakeholders, it helps CISA figure out, of all the problems in the world, which critical problem we need to solve right now. [12:17] CISA has Cyber Performance Goals or CPGs, which are a subset of the NIST Cybersecurity Framework. CISA will tell a small business that they should start with the CPG and get it right, and then expand to everything else. [12:38] CPGs are not a substitute for a risk management framework, but they are a starting point. The CPGs would not exist if not for the work NIST had done in talking to small, medium, and large businesses and figuring out all the different issues they face. [13:08] In December, Chinese cyber attackers infiltrated U.S. agencies. When there is a major incident like that, there is a whole-government response. CISA plays an important role in that response, like a firefighter. Law enforcement plays the role of investigator. [14:16] CISA and its interagency partners are heavily involved in responding to recent Chinese activity associated with both Salt Typhoon and Volt Typhoon. They've been working very closely with the Treasury Department to understand and mitigate the impacts of the recent incident. [14:35] There's no indication that any other Federal agency has been impacted by the incident but CISA continues to monitor the situation and coordinate with other authorities, like the FBI, to ensure that there's a comprehensive response. [14:50] The security of federal systems and data is of critical importance to national security. CISA is working aggressively to safeguard any further impacts. The People's Republic of China is a persistent threat, specifically, the GRC and related entities, who perform these activities. [15:12] They're one of the most persistent and strategically sophisticated adversaries we face in cyberspace today. The PRC has decades of experience in conducting rampant cyber espionage against U.S. businesses and critical infrastructure. [15:26] CISA has become increasingly concerned over the last year that the PRC is not just doing espionage but is trying to burrow into the critical infrastructure for a rainy day. These state-sponsored activities are coming from campaigns like Volt Typhoon and Salt Typhoon. [15:45] What happened to Treasury provides a stark example of these types of tactics. These tactics target critical infrastructure such as telecommunications, aviation, water, and energy. [15:56] Their goal, as far as we can tell, is not to cause immediate damage but to gain persistent access to those systems and remain undetected until they want to do something. [16:08] CISA has been very involved, not just responding to these incidents, but deeply studying these incidents to understand what is happening and what we need to do as a government and nation to protect ourselves from these burrowing activities. [16:27] Plug Time! RIMS Webinars! Resolver will be joining us on February 6th to discuss “4 Themes Shaping the Future of GRC in 2025”. [16:39] HUB International continues its Ready for Tomorrow Series with RIMS. On February 20th, they will host “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025”. [16:55] More webinars will be announced soon and added to the RIMS.org/webinars page. Go there to register. Registration is complimentary for RIMS members. [17:07] Nominations are also open for the Donald M. Stuart Award which recognizes excellence in risk management in Canada. Links are in this episode's show notes. [17:20] Let's Return to My Interview with James Burd of the Cyber Infrastructure Security Agency! [17:42] Whether talking about AI, IoT, or 5G, the issues are hardware problems and software problems. [18:02] The issues of the 1970s are similar to the issues of the 2020s, regarding vulnerabilities, exposure, and unsafe practices when developing software and hardware. [18:20] What we're seeing in the emerging technology space with AI, IoT, and 5G is an increase in the volume and velocity of data. The improvement of technology in this space is based on power and efficiency. Software improvement is based on the reach of interconnectivity. [18:34] Privacy and cybersecurity risks do not just appear. We're seeing existing risks and issues increasing in size and complexity. What we previously thought of as a perceived risk is now a real risk, thanks to advances in computational power and the amount of data available. [18:54] It's always been a risk but it was less likely to occur until this point where there's more data, more volume, and more complexity. AI systems rely on a vast amount of personal data, raising concerns about data security, algorithmic bias, and a lack of transparency. [19:11] We've heard about these risks with machine learning and big data databases. They require governance frameworks that address how data is collected, stored, and used in systems, or, in this case, AI models. [19:28] Those frameworks should be familiar to anyone working in the data protection space or the risk management space for the last three decades. Insurers getting into the cybersecurity space have been paying stark attention to this. [19:58] We've found out that IoT devices are probably the easiest and most risky entrance points within networks into homes and critical infrastructure devices. The biggest risks they create are unauthorized access, data breaches, and potential surveillance. [20:19] These are not new risks. They're existing risks that are promulgated because of the new avenue to get in. It used to be that the worst thing that could happen to an IoT device like a router is that it gets compromised and becomes part of a botnet to take down websites. [20:38] Today, that still happens, but that IoT device is looked at as the back door for entering someone's network if it's not properly secured. [20:49] In itself, 5G is awesome. There are fantastic things to do with increased data flow. With increased speed and connectivity come the ability to move more data at a time and we're facing data being transferred in an insecure manner. People don't know what data they're sharing. [21:15] We're running into the same classic issues but they're exacerbated by something we view as a major success, access. Access should be celebrated but we shouldn't open doors because we can open them. We need to be able to make sure those doors are secured. [21:48] James paraphrases Mark Groman, a privacy expert formerly with the FTC. “Privacy and cybersecurity are sometimes viewed as competing priorities. They are two sides of the same coin. I refuse to live in a world where you compromise security for privacy or vice versa.” [22:11] We live in a world where you can have both. The great thing about advancing technologies is that we can do both. Both cybersecurity and privacy aim to protect sensitive data and systems, just from slightly different angles and for different reasons. [22:31] There has to be a collaborative approach between cybersecurity and privacy. An intermediary like a risk professional can help cybersecurity and privacy teams work together. [22:41] By leveraging things privacy-preserving technologies and designing privacy into cybersecurity measures, organizations can bridge the gap and achieve harmony between the two essential functions. This strengthens the organization and its overall risk management. [22:58] When a risk is realized in one area, it's common for it to be a harmonious risk with another risk in a different area. In the privacy and cybersecurity space, risks overlap often. Conflicts between cybersecurity and privacy are easily bridged. [23:24] Cybersecurity professionals want to collect more data; privacy professionals want you to minimize the amount of data you collect. [23:34] Cybersecurity relies on extensive data collection to detect, monitor, and respond to threats. Privacy wants to collect only what's necessary and maintain it for a minimum time. [23:46] Security monitoring tools like intrusion detection systems may gather logs or metadata that could include personal data, creating potential privacy risks, especially for an insider threat. [24:00] Organizations can implement privacy-aware cybersecurity solutions that anonymize or pseudo-anonymize data where possible, allowing cybersecurity professionals to get to the root of the problem they're trying to solve while masking sensitive data. [24:13] If you're investigating an insider threat, you can unmask the data. Do you need that data to do the job that you're tasked to do? If not, why run the risk of inappropriately accessing it? [24:53] Privacy frameworks will always encourage transparency about data usage and sharing, especially by private entities doing consumer business and handling personal information. [25:07] The public needs to know what you are collecting from them, how you are using it, and whether are you sharing it. They need to know if you are handling their data securely. [25:38] James would tell cybersecurity professionals that if they think obscurity is security, they should find another job. Obscurity is typically the worst way to secure things. [25:51] There are ways to describe how data is being held or secured by an organization without compromising the cybersecurity tools or techniques used to monitor or look for vulnerabilities. [26:03] Transparency can be maintained without compromising security and can be used in a way to assure the public that an organization is keeping serious security techniques in mind when handling the public's data. James tells how to share that message with the public. [27:08] When James opens software, he reads the Third Party Agreements. He knows most people don't. Government agencies include a plain language version of the agreement. Some private companies are doing the same to help people understand how their data is being used. [28:40] Quick Break for RIMS Plugs! The first of hopefully many RIMS Texas Regional Conferences will be held in San Antonio from August 4th through August 6th, 2025. [28:58] This groundbreaking event is set to unite the Texas RIMS Chapters and welcome risk management professionals from around the world! Also known as the Risk Management Roundup in San Antonio, you can join as a speaker! [29:11] The Conference planning committee is interested in submissions that explore technology and cyber risk, workforce protection and advancement, energy and sustainability, extreme weather, construction, restaurant, retail, hospitality, and other trending now sessions. [29:28] The deadline to submit your proposal is Monday, February 24th. The link to the event and the submission process is in this episode's show notes. Go check it out! [29:39] The Spencer Educational Foundation's goal to help build a talent pipeline of risk management and insurance professionals is achieved in part by its collaboration with risk management and insurance educators across the U.S. and Canada. [29:58] Since 2010, Spencer has awarded over $3.3 million in general grants to support over 130 student-centered experiential learning initiatives at universities and RMI non-profits. Spencer's 2026 application process will open on May 1st, 2025, and close on July 30th, 2025. [30:20] General grant awardees are typically notified at the end of October. Learn more about Spencer's general grants through the Programs tab at SpencerEd.org. [30:30] Let's Return to the Conclusion of My Interview with the Chief Privacy Officer of CISA, James Burd! [31:00] A lot of ERM frameworks exist because they were required by regulation or law. [31:10] Privacy professionals are starting to see the same risks that risk management and compliance professionals have been dealing with for decades. The big tools that privacy professionals use are called Data Privacy Impact Assessments (DPIA). [31:29] DPIAs vary, depending on the regulatory framework or law. DPIAs do two things: they identify what data assets you have and they examine the risks that are associated with the handling of those data assets and what mitigations must be in place to buy down those risks. [31:48] That assessment can populate half of an ERM framework's register. Getting involved with your privacy program manager as they do these DPIAs may first cause the privacy program manager to resist your risk assessment, but a risk in one space is a risk in another space. [32:21] The DPIA is a valuable source of information for a risk manager. You can see the risks earlier. You can identify with the privacy program manager what some of the major risks might become. That means both realized and unrealized risks, which are equally important. [33:06] A privacy program manager will be preoccupied with a lot of the perceived risks. A risk manager wants to know which risks are more likely and identify them early. [33:40] A likelihood assessment will help the privacy officer identify how many “calories” to spend on this risk. The risk manager and privacy manager have a mutually beneficial relationship. They help each other. [34:17] CISA provides cybersecurity education, news on vulnerabilities and cyber threats, threat intelligence, and service to critical infrastructure providers once there is an incident of some sort. The CISA website shows cyber threat indicators of what a compromise might look like. [35:40] CISA has found novel patterns on networks that make it hard to tell that your network has been compromised. CISA calls those things “Left of Doom.” On the “RIght of Doom,” CISA prioritizes the incidents that it responds to. [36:02] CISA focuses primarily on critical infrastructure. If you have a situation CISA cannot respond to, they will assist you by a local field office to find the people to help you, whether it's law enforcement, local cyber security service providers, or a local Emergency Response Team. [37:03] Companies are involved in the California wildfires. Could an incident like that distract them that they might become susceptible to data breaches? James notes that you can't address every problem at the same time. Prioritize, rack, and stack. [37:17] Incidents are going to happen. CISA asks agencies and companies to take the time and spend the resources to knock out all the low-hanging fruit. The great majority of incidents CISA sees are bad actors exploiting very simple, easy-to-fix vulnerabilities. [37:55] It might be companies not using encrypted traffic, or only using a password to secure access to a server. The fix is relatively low cost or low impact. It takes time to figure out how to do the fix, but you'll be grateful that you took the time and spent the money to implement it. [38:24] The cost of a greater fix from the breach of a simple vulnerability will be far greater than the resources you'd spend to address it in the first place. Establishing that floor will help you focus on other “fires” that pop up while assuring you won't get “popped” for a silly reason. [38:49] If somebody's going to get you, make sure they've tried their hardest to get you. [38:58] It's Data Privacy Day today, as this episode is released! It's the start of Data Privacy Week! The theme is Take Control of Your Data! [39:22] Robust privacy governance tips: Figure out where your data asset inventory is for your organization. Keep track of it and keep track of the risk associated with each data asset, Each data asset may have a different set of risks. [39:47] Every organization should maintain a comprehensive inventory of data assets, detailing what data is collected, where it is stored, who has access to it, and how it's used. [39:56] The risk professional probably isn't the one who takes the inventory, but they should have access to it and they should be evaluating that inventory. [40:06] The risk professional can help the privacy manager by helping them establish clear policies and procedures for handling data, access control, and breach response, based on real risk. A privacy officer sometimes has difficulty identifying a real risk over a perceived risk. [40:23] By focusing on real risks, you avoid the problem where privacy officers spend too much energy coming up with solutions for the most unlikely scenarios, leaving organizations unprepared for what's likely to happen. [40:42] Special thanks again to James Burd of CISA for joining us here on RIMScast! There are lots of links about Data Privacy Day and Data Privacy Week in this episode's show notes. [40:54] Also see links to RIMS Risk Management magazine coverage of data privacy through the years and links to some RIMScast episodes that touch upon the topic. Be sure to tune into last week's episode with Tod Eberle of the Shadowserver Foundation on cyber risk trends of 2025! [41:18] More RIMS Plugs! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. [41:47] RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [42:05] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [42:23] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [42:39] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [42:53] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [43:00] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe! Mentioned in this Episode: RIMS Risk Management magazine RISKWORLD 2025 — May 4-7. | Register today! RIMS Legislative Summit — March 19‒20, 2025 Cyber Infrastructure Security Agency National Cybersecurity Alliance | Data Privacy Week 2025 Nominations for the Donald M. Stuart Award Spencer Educational Foundation — General Grants 2026 — Application Dates RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Texas Regional Conference 2025 | Submit an Educational Session by Feb. 24. RIMS Webinars: RIMS.org/Webinars “4 Themes Shaping the Future of GRC in 2025” | Sponsored by Resolver | Feb. 6, 2025 “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025” | Sponsored by Hub International | Feb. 20, 2025 Upcoming RIMS-CRMP Prep Virtual Workshops: “Stay Competitive with the RIMS-CRMP” | Presented by the RIMS Greater Bluegrass Chapter February 19‒20, 2025 | Instructor: Chris Mandel Full RIMS-CRMP Prep Course Schedule Upcoming Virtual Workshops: “Claims Management” | February 11‒12, 2025 | Instructor: Chris Hansen “Fundamentals of Insurance” | Feb. 19‒20, 2025 | Instructor: Gail Kiyomura “Applying and Integrating ERM” | Feb. 26‒27, 2025 | Instructor: Elise Farnham “Managing Data for ERM” | March 12, 2025 | Instructor: Pat Saporito See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops Upcoming RIMS-CRMP Prep Virtual Workshops: “Stay Competitive with the RIMS-CRMP | Presented by the RIMS Greater Bluegrass Chapter” February 19‒20, 2025 | Instructor: Chris Mandel Full RIMS-CRMP Prep Course Schedule Full RIMS-CRMP Prep Course Schedule Related RIMScast Episodes: “Cyberrisk Trends in 2025 with Shadowserver Alliance Director Tod Eberle” “Kicking off 2025 with RIMS CEO Gary LaBranche” “Year In Risk 2024 with Morgan O'Rourke and Hilary Tuttle” “AI and Regulatory Risk Trends with Caroline Shleifer” “Cybersecurity Awareness and Risk Frameworks with Daniel Eliot of NIST” (2024) “Cybersecurity and Insurance Outlook 2023 with Josephine Wolff” Sponsored RIMScast Episodes: “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL's New Approach to Casualty Insurance”| Sponsored by AXA XL “Weathering Today's Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer “Alliant's P&C Outlook For 2024” | Sponsored by Alliant “Why Subrogation is the New Arbitration” | Sponsored by Fleet Response “Cyclone Season: Proactive Preparation for Loss Minimization” | Sponsored by Prudent Insurance Brokers Ltd. “Subrogation and the Competitive Advantage” | Sponsored by Fleet Response RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring RIMS Vice President Manny Padilla! RIMS Events, Education, and Services: RIMS Risk Maturity Model® Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information. Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts. Have a question or suggestion? Email: Content@rims.org. Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn. About our guest: James Burd, Chief Privacy Officer, Cyber Infrastructure Security Agency (CISA) Production and engineering provided by Podfly.
¿Qué diferencia hay entre protección de datos personales y privacidad? ¿Deberíamos más bien sustituir este último concepto por el derecho a la intimidad en España? Hemos conseguido aclarar estas dudas en el día internacional de la protección de datos personales (28 de enero), también conocido como “Data Privacy Day” en Estados Unidos o Australia. Borja Adsuara es Doctor en Filosofía del Derecho, Profesor de Derecho Digital en la Universidad Complutense y en varios Másters, Consultor Experto en Derecho, Estrategia y Comunicación Digital. También es colaborador en varios medios de comunicación y divulgador en redes sociales. Ha participado en toda la legislación digital en España desde 1992 (LORTAD), es Premio de la Agencia Española de Protección de Datos (2019) a las Buenas Prácticas y es Ponente de la Carta Española de Derechos Digitales (2021). Referencias: Borja Adsuara en Bluesky Borja Adsuara en LinkedIn Masters of Privacy: Data Protection vs. Privacy and Data Privacy: a January 28th conundrum Consejo de Europa: Día Internacional de la Protección de Datos Gobierno de los EE.UU: Data Privacy Day
This special episode of Legally Bond is a part of Bond's 2025 Countdown to Data Privacy Day. Bond's cybersecurity and data privacy practice group co-chair, Jessica Copeland, speaks with Christine Wiktor, Area Vice President for Gallagher. Christine discusses how cyber insurance is crucial for organizations in today's digital landscape and provides best practices for responding to cyber incidents and engaging with insurance carriers.
Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society. In this episode, Justin interviews Shadowserver Foundation Alliance Director Tod Eberle about cybersecurity. Tod tells how his background as a prosecutor led to his interest in cybersecurity, how he encountered the non-profit Shadowserver Foundation, and how he left the public sector to work with them. He explains how Shadowserver provides actionable data to alert network owners and law enforcement of network vulnerabilities that need to be mitigated. He discusses trends in malware attacks, especially in ransomware. He shares his thoughts on ransomware threats of 2025 and the years to come. He provides tips on preparing your network against ransomware. Listen to how you can harden your organization's network against malware attacks. Key Takeaways: [:01] About RIMS and RIMScast. [:14] Public registration is open for RISKWORLD 2025! RIMS wants you to Engage Today and Embrace Tomorrow in Chicago from May 4th through May 7th. Register at RIMS.org/RISKWORLD and the link in this episode's show notes. [:33] About this episode. We will discuss cybersecurity with Tod Eberle, the Alliance Director of the Shadowserver Foundation. [:55] RIMS-CRMP Workshops! On February 19th and 20th, there will be a two-day virtual workshop for the RIMS-CRMP led by former RIMS President Chris Mandel and presented by the RIMS Greater Bluegrass Chapter, the 2024 RIMS Chapter of the Year. [1:18] The next RIMS-CRMP-FED exam course will be held from February 4th through the 6th, 2025. Links to these courses can be found through the Certification page of RIMS.org and this episode's show notes. [1:34] Virtual Workshops! Chris Hansen will return on February 11th and 12th to lead the two-day course “Claims Management”. Gail Kiyomura of The Art of Risk Consulting will host the “Fundamentals of Insurance” virtual workshop on February 19th and 20th, 2025. [1:58] On February 26th and 27th, Elise Farnham of Illumine Consulting will lead “Applying and Integrating ERM”. “Managing Data for ERM” will be hosted by Pat Saporito. That course starts on March 12th, 2025. [2:20] A link to the full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode's show notes. [2:31] The RIMS Legislative Summit 2025 is back! It will be held on March 19th and 20th in Washington, D.C. Join RIMS for two days of Congressional meetings, networking, and advocating on behalf of the risk management community. [2:49] This event is open for RIMS members only so if you're not a member, join now! Visit RIMS.org/advocacy for registration details. [3:02] Interview! Our guest Tod Eberle is the Alliance Director of the Shadowserver Foundation, a non-profit security organization working altruistically behind the scenes to make the internet more secure for everyone. [3:15] Tod Eberle is with us to discuss the cybersecurity trends on his risk radar and the threats he wants risk professionals to be aware of as 2025 kicks into high gear. Shadowserver Alliance Director, Tod Eberle, welcome to RIMScast! [3:41] Justin saw that Shadowserver Foundation was promoted by the National Cybersecurity Alliance and he thought it would be great to have a follow-up on his appearance there. [3:54] Tod says the National Cybersecurity Alliance is a great organization. After working together with them for a year, they invited Tod to do a webinar. It was a great experience. [4:28] Tod's background is as a career prosecutor, starting as a county prosecutor in Western Pennsylvania in 1997. In 2004, Tod became a Federal Prosecutor in Pittsburgh for the U.S. Department of Justice. [5:00] In 2014, He transitioned over to the National Security and Cybercrime section in Pittsburgh. Pittsburgh was at the forefront of cyber investigations by both the U.S. Attorney's Office and the FBI. Tod wanted to be a part of that. [5:34] The Pittsburgh office has run investigations and issued indictments against Chinese Military Intelligence officers and Russian GRU officers for hacking. In 2014, Pittsburgh had the first criminal indictment of nation-state threat actors. [6:00] In that case, Chinese Military Intelligence PLA officers hacked into Pittsburgh companies Westinghouse, ALCOA, U.S. Steel, and United Steel Workers. Some forward-thinking folks at the FBI and the U.S. Attorney's Office, particularly U.S. Attorney David Hickton, focused on cyber. [6:29] That continued over the years until the present. [6:46] To begin an investigation, the FBI and U.S. Attorney's Office in Pittsburgh, need to have some aspect of an organization's criminal activity touch that district, the Western District of Pennsylvania. A national ransomware case with one victim in Pittsburgh can be investigated. [7:16] In the investigation of Russian GRU actors responsible for the destructive NotPetya malware attack, a district hospital's network was attacked and destroyed. They expanded the investigation and charging documents to include other attacks around the country. [7:58] In 2015 Tod was a prosecutor working with the FBI on an investigation. He was at Europol at the Hague in the Netherlands, a center that brings together investigators and prosecutors from different countries who investigate the same threat group through Europol and Eurojust. [8:33] Tod met the Shadowserver Foundation non-profit group at the Hague in 2015. They were helping, through free technical support to the takedown operation, to dismantle the infrastructure of a crime group, using sinkholing and other security measures. [9:08] Tod Joined the Shadowserver Foundation in January of 2023. He is the Shadowserver Alliance Director. As a small non-profit, everyone wears many hats. The Shadowserver Foundation is a 501(c)(3) in the U.S. and a separate non-profit legal entity in the Netherlands. [9:47] The Shadowserver Foundation started about 2004. It celebrated its 20th anniversary in 2024. It began as a loose group of volunteers made up of cybersecurity researchers and technical experts who came together to help network owners and law enforcement. [10:15] Over the years they became more structured and became a non-profit organization. It's an unusual non-profit organization working 100% in operations. It works in three core areas. First, it's the world's largest provider of free, actionable cyber threat intelligence. [10:45] Second, the Shadowserver Foundation does cybersecurity capacity-building around the world. Third, it also provides free support to law enforcement investigations and disruption operations with technical support and expertise. Those three things are its core mission. [11:07] Justin notes commonalities between RIMS cyber risk reporting and the Shadowserver Foundation's work. Shadowserver collects a vast amount of threat data daily. What are the patterns it sees for 2025? [11:29] Shadowserver Foundation can help organizations mitigate risks. It collects cyber threat data at its data center in California through internet-wide scanning, honeypot sensors, sinkholing operations, and collecting and analyzing malware samples. [11:57] Every day for free the Shadowserver Foundation takes that data and provides it to over 9,000 organizations around the world and to 201 National C-CERTs that cover about 176 countries. [12:13] These reports identify exposed, misconfigured, vulnerable, compromised instances or devices on networks that need patching. [12:25] The organizations that get Shadowserver's data can be anything from banks to hospitals, universities, K-12 school districts, ISPs, local, state, and federal governments, small, medium, and large businesses, Fortune 500s, and NGOs; just about anyone can sign up. [12:46] The idea behind this is that cyber security should be available to everyone, regardless of the ability to pay. Organizations can sign up at the Shadowserver Foundation website, and provide their contact information and network information with IP ranges and ASNs. [13:12] The Shadowserver Foundation does its due diligence and if everything checks out, it automates those reports to go out to the organization daily. About 9,000 organizations sign up directly to receive daily reports. [13:22] The Shadowserver Foundation also sends out data for entire countries to the national C-CERT designated to handle that in those countries. In the U.S., CISA gets hundreds of millions of events from them every day for all the U.S. It is the same around the world. [13:52] Tod says that some things never change. Networks are breached primarily through phishing attacks, malicious links or attachments, and social engineering. [14:09] One trend is a focus on vulnerabilities. Criminals exploit vulnerabilities in the network that aren't timely patched and before they are patched. Shadowserver gives organizations an external snapshot view of their networks just as criminals are scanning for themselves. [14:52] Cybercriminal groups increasingly leverage zero-day vulnerabilities to breach a network. A zero-day vulnerability is a flaw in software or hardware that's unknown to the vendor and has no patch. The vendor has had zero days to fix the vulnerability after it has been discovered. [15:16] That was the case with the Clop ransomware gang. In 2024, they started exploiting zero-day vulnerabilities in Fortra's GoAnywhere software. That continued in May, with them exploiting Progress Software's MOVEit file transfer application. [15:38] Very recently, in December, the Clop Ransomware group claimed responsibility for using a zero-day vulnerability in Clio's file transfer platform that breached victims' networks. [15:49] Cyber criminals extort victims and steal data with ransomware attacks. Risk managers in cybersecurity need to stay on top of critical vulnerabilities that often go unpatched. Those are often the easiest gateway into a network. [16:26] Plug Time! RIMS Webinars! Resolver will be joining us on February 6th to discuss “4 Themes Shaping the Future of GRC in 2025”. [16:38] HUB International continues its Ready for Tomorrow Series with RIMS. On February 20th, they will host “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025”. [16:54] More webinars will be announced soon and added to the RIMS.org/webinars page. Go there to register. Registration is complimentary for RIMS members. [17:06] Nominations are also open for the Donald M. Stuart Award which recognizes excellence in risk management in Canada. Links are in this episode's show notes. [17:17] The Spencer Educational Foundation's goal to help build a talent pipeline of risk management and insurance professionals is achieved in part by its collaboration with risk management and insurance educators across the U.S. and Canada. [17:35] Since 2010, Spencer has awarded over $3.3 million in general grants to support over 130 student-centered experiential learning initiatives at universities and RMI non-profits. Spencer's 2026 application process will open on May 1st, 2025, and close on July 30th, 2025. [17:58] General grant awardees are typically notified at the end of October. Learn more about Spencer's general grants through the Programs tab at SpencerEd.org. [18:08] Let's Return to the Conclusion of My Interview with Tod Eberle of Shadowserver! [18:49] Justin notes that In December of 2024, China attackers breached the Committee on Foreign Investment in the U.S. That is the government office that assesses foreign investments for national security risks. [18:58] China also targeted the Treasury's Sanctions Office after it sanctioned a Chinese company for its alleged role in cyberattacks. [19:14] Tod thinks we should acknowledge that this is nothing new and nothing we should be surprised about. It's been going on for many years and it's going to continue. Justin was in the Federal government in 2013 and 2014. [19:32] In 2015, it was announced that the U.S. Office of Personnel Management had been breached. Personal sensitive data for 42 million people were stolen. [19:44] In May 2014, five Chinese military officers were indicted for computer hacking and economic espionage against companies based in Pittsburgh. This is nothing out of the ordinary. Unfortunately, indictments don't seem to have a deterrent effect. [20:21] Countries can deny the charges of hacking even with strong evidence of their involvement. [20:37] There are different types of hacking, with different types of motivation. There is traditional espionage against U.S. government agencies. There is theft of intellectual property with nation-states trying to gain a commercial advantage in business. [21:23] There are destructive hacks by nation-state actors, like the NotPetya attack, or attacks on the Ukrainian power grid and banking systems in 2015 and 2016. [21:36] The Volt Typhoon threat actor group and its access to the U.S. critical infrastructure is one of the greatest national security concerns because of its potential to disrupt everything from water to power, to food, to transportation. [22:10] The ripple effect that can come from those disruptions would be enormous. The Colonial Pipeline ransomware attack of a few years ago affected fuel supplies, commerce, and the prices of goods. [22:31] Nation-state hacking is no longer just a concern for government agencies and companies that do business internationally, but it's now a concern for all of society. There's the potential to affect the daily lives of innocent civilians through attacks on critical infrastructure. [23:16] Tod mentions another 2014 indictment out of Pittsburgh, on the GameOver Zeus Botnet takedown. Part of that was a crypto locker ransomware disruption. This was in the infancy of ransomware, for $300 ransoms. Now ransom demands are in the tens of millions of dollars. [23:53] We have seen a huge evolution in ransomware. It's not going away. One thing we're seeing is bypassing data encryption and focusing on data theft. It's easier and less time-consuming for the threat actors because they don't have to map out the network. [24:41] If a victim company had good backups and easy restoration, that was an issue ransomware actors had to deal with, so why would the threat actors bother with that? They just focus on easy data theft and extortion of ransom for the data. [25:04] Tod thinks we will continue to see extortion. Ransomware continues to be the greatest concern for companies. The use of AI has been increasing both for defenders and attackers. [25:14] A new ransomware group, FunkSec, is claiming large numbers of victims of extortion, encryption, and data theft. They seem to have ransom demands of less than $10,000. They have sold stolen data. Researchers think this is a less experienced group using AI to write code. [27:22] Shadowserver's very talented team collects the data. It's free. They want to get it into the hands of those who can use it. The reports identify things that are seen to be misconfigured or unnecessarily exposed to the internet. Sometimes they can show if something is compromised. [28:12] Shadowserver designates the events by severity level so the end user can prioritize their patching and address first the ones that are most critical and severe. The reports act both as an early warning system and a victim notification system if a device is seen to be compromised. [28:59] The network owner needs to remediate that and patch it before further exploitation like a ransomware attack can occur. [29:07] Shadowserver has two ways to detect that a device is compromised. The first is if they have indicators that tell them a device on the network is compromised. The second is with their support for law enforcement, law enforcement may share sensitive data with Shadowserve. [29:32] When law enforcement does a takedown and they get victim identification data like IP addresses, they must do victim notification. Law enforcement isn't scaled to do victim notification for hundreds of thousands of users. Shadowserver helps them with notifications. [30:48] Shadowserver is very careful to share data responsibly. Company A will get the data they have for Company A and it won't be shared with Company B and vice versa. Shadowserver views the data as belonging to that network owner. [31:08] If a company authorizes Shadowserver and wants them to share their data with a third party, Shadowserver will happily do it. There are several companies with MSSPs to manage their security. If the company asks, Shadowserver will send the data to their MSSP. [31:43] As a small, non-profit organization, not everyone has heard of the Shadowserver Foundation. They want people to know they have this data and they want to share it. It could be relevant for cyber insurance companies' due diligence, with the insurance applicant's consent. [32:20] It's important because those reports can show whether a network has remained healthy and secure over time. Tod would love to see Shadowserver be able to help more in the risk mitigation areas. [32:56] Special thanks again to Shadowserver Foundation's Tod Eberle for joining us here on RIMScast! Check out this episode's show notes for links to the Shadowserver reports we mentioned. [33:07] Be sure to tune in next week for Data Privacy Day! We've got a special episode with James Burd, Chief Privacy Officer of the Cybersecurity and Infrastructure Security Agency (CISA). That's going to be a good one! [33:22] More RIMS Plugs! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. [33:50] RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [34:07] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [34:25] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [34:41] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [34:55] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [35:03] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe! Mentioned in this Episode: RIMS Risk Management magazine RISKWORLD 2025 — May 4‒7 | Register today! RIMS Legislative Summit — March 19‒20, 2025 Nominations for the Donald M. Stuart Award Spencer Educational Foundation — General Grants 2026 — Application Dates RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy Shadowserver Foundation National Cybersecurity Alliance RIMS Webinars: RIMS.org/Webinars “4 Themes Shaping the Future of GRC in 2025” | Sponsored by Resolver | Feb. 6, 2025 “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025” | Sponsored by Hub International | Feb. 20, 2025 Upcoming Virtual Workshops: “Claims Management” | February 11‒12, 2025 | Instructor: Chris Hansen “Fundamentals of Insurance” | Feb. 19‒20, 2025 “Applying and Integrating ERM” | Feb. 26‒27 “Managing Data for ERM” | March 12, 2025 See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops Upcoming RIMS-CRMP Prep Virtual Workshops: “Stay Competitive with the RIMS-CRMP | Presented by the RIMS Greater Bluegrass Chapter” February 19‒20, 2025 | Instructor: Chris Mandel Full RIMS-CRMP Prep Course Schedule Full RIMS-CRMP Prep Course Schedule Related RIMScast Episodes: “Kicking off 2025 with RIMS CEO Gary LaBranche” “Year In Risk 2024 with Morgan O'Rourke and Hilary Tuttle” “AI and Regulatory Risk Trends with Caroline Shleifer” “Cybersecurity Awareness and Risk Frameworks with Daniel Eliot of NIST” (2024) Sponsored RIMScast Episodes: “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL's New Approach to Casualty Insurance” | Sponsored by AXA XL “Weathering Today's Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail' | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer “Alliant's P&C Outlook For 2024” | Sponsored by Alliant “Why Subrogation is the New Arbitration” | Sponsored by Fleet Response “Cyclone Season: Proactive Preparation for Loss Minimization” | Sponsored by Prudent Insurance Brokers Ltd. “Subrogation and the Competitive Advantage” | Sponsored by Fleet Response RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring RIMS Vice President Manny Padilla! RIMS Events, Education, and Services: RIMS Risk Maturity Model® Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information. Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts. Have a question or suggestion? Email: Content@rims.org. Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn. About our guest: Tod Eberle, Shadowserver Foundation Production and engineering provided by Podfly.
My guest this week is Jay Averitt, Senior Privacy Product Manager and Privacy Engineer at Microsoft, where he transitioned his career from Technology Attorney to Privacy Counsel, and most recently to Privacy Engineer.In this episode, we hear from Jay about: his professional path from a degree in Management Information Systems to Privacy Engineer; how Twitter and Microsoft navigated a privacy setup, and how to determine privacy program maturity; multiple of his Privacy Engineering community projects; and tips on how to spread privacy awareness and stay active within the industry. Topics Covered:Jay's unique professional journey from Attorney to Privacy EngineerJay's big mindset shift from serving as Privacy Counsel to Privacy Engineer, from a day-to-day and internal perspectiveWhy constant learning is essential in the field of privacy engineering, requiring us to keep up with ever-changing laws, standards, and technologiesJay's comparison of what it's like to work for Twitter vs. Microsoft when it comes to how each company focuses on privacy and data protection Two ways to determine Privacy Program Maturity, according to JayHow engineering-focused organizations can unify around a corporate privacy strategy and how privacy pros can connect to people beyond their siloed teamsWhy building and maintaining relationships is the key for privacy engineers to be seen as enablers instead of blockers A detailed look at the 'Technical Privacy Review' processA peak into Privacy Quest's gamified privacy engineering platform and the events that Jay & Debra are leading as part of its DPD'24 Festival Village month-long puzzles and eventsDebra's & Jay's experiences at the USENIX PEPR'23; why it provided so much value for them both; and, why you should consider attending PEPR'24 Ways to utilize online Slack communities, LinkedIn, and other tools to stay active in the privacy engineering worldResources Mentioned:Review talks from the University of Illinois 'Privacy Everywhere Conference 2024'Join the Privacy Quest Village's 'Data Privacy Day'24 Festival' (through Feb 18th)Submit a Proposal / Register for the USENIX PEPR ‘24 ConferenceGuest Info:Connect with Jay on LinkedIn Privado.ai Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.Shifting Privacy Left Media Where privacy engineers gather, share, & learnTRU Staffing Partners Top privacy talent - when you need it, where you need it.Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.Copyright © 2022 - 2024 Principled LLC. All rights reserved.
Data Privacy is not a tough nut to crack if done with proper guidance and the right support! Let us help you choose the right learning path for you to break into the world of #DataPrivacy & Security with confidence. Schedule a Free Career Guidance write into us at sales@infosectrain.com with your requirements #PrivacyAware #DataPrivacyWeek
This #DataPrivacyDay, take a step in the right direction and join the league of information security champions with GDPR certification. Schedule a Free Career Guidance write into us at sales@infosectrain.com with your requirements #PrivacyAware #dataprivacyweek
In occasione del Data Privacy Day del 27 gennaio, abbiamo fatto un bilancio per il 2022 e il punto sulle sfide che ci attendono per il 2023. PANETTA scommette su Intelligenza artificiale e data economy.Ce ne parla Vincenzo Tiani, partner dalla sede di Bruxelles.
It has been almost three years since Rebecca has done a show answering listener questions; it is time she did another one! In this episode she answers a wide range of questions. Some of the questions include: • Why are location trackers (Apple Airtag, Tile, etc.) bad from a privacy perspective? They aren't even sending any personal information; just location. Should they be outlawed if they are actually bad? Listen in to hear not only her answer, but how she explains what engineers need to consider in the design of these, and other types of, IoT products. • How do you think the Dobbs decision was leaked last year from the US Supreme Court? Rebecca provides some insightful theories that have not yet been discussed anywhere else! • Some spam blockers, like AOL spam blocker, are not effective against email addresses. How can more email spam be blocked? Rebecca provides some good advice in response. • How can spoofed emails be prevented? Everyone needs to hear Rebecca's answer to this. • Should spoofed emails be reported? To where? Rebecca provides answers that all listeners, anywhere in the world, can use. Listen in to hear the answers to these, and more, questions. #Privacy #PrivacyManagement #RiskManagement #CyberSecurity #DataSecurity #Cybercrime #PersonalData #Awareness #Education #Spam #Spoofing #Dobbs #DobbsLeak #Government Security #IoT #IoTSecurity #IoTPrivacy #LocationTrackers #IoTAssaults #IoTCrime
It has been almost three years since Rebecca has done a show answering listener questions; it is time she did another one! In this episode she answers a wide range of questions. Some of the questions include: • Why are location trackers (Apple Airtag, Tile, etc.) bad from a privacy perspective? They aren't even sending any personal information; just location. Should they be outlawed if they are actually bad? Listen in to hear not only her answer, but how she explains what engineers need to consider in the design of these, and other types of, IoT products. • How do you think the Dobbs decision was leaked last year from the US Supreme Court? Rebecca provides some insightful theories that have not yet been discussed anywhere else! • Some spam blockers, like AOL spam blocker, are not effective against email addresses. How can more email spam be blocked? Rebecca provides some good advice in response. • How can spoofed emails be prevented? Everyone needs to hear Rebecca's answer to this. • Should spoofed emails be reported? To where? Rebecca provides answers that all listeners, anywhere in the world, can use. Listen in to hear the answers to these, and more, questions. #Privacy #PrivacyManagement #RiskManagement #CyberSecurity #DataSecurity #Cybercrime #PersonalData #Awareness #Education #Spam #Spoofing #Dobbs #DobbsLeak #Government Security #IoT #IoTSecurity #IoTPrivacy #LocationTrackers #IoTAssaults #IoTCrime
Jan. 28 was Data Privacy Day - a day to better understand the importance of keeping your personal information private. To celebrate the day and its importance, the province's privacy commissioner, Michael Harvey, released a new video - aptly called "Know Your Privacy Rights."
#InternationalDataPrivacyDay #DataPrivacyDay2023 #DataPrivacyDay Data Privacy Day: जानिए 10 आसान तरीके जिससे आप कर सकते हैं अपने डाटा को सुरक्षित https://youtu.be/RqAHYfVCR14
A big week of updates from Apple. Episode 313 of The Checklist by SecureMac looks at: - Features and fixes in the various OS updates - Security Keys 102 - Data Privacy Day initiatives from Apple Check out our show notes: SecureMac.com/Checklist And get in touch with us: Checklist@Securemac.com
In this special World Data Privacy Day episode of Legally Bond, Kim talks with Bond cybersecurity and data privacy attorney Mario Ayoub about the Epic Games settlement.For the full article discussed in this episode, click here.
Friday Jan 27th - Provincial Information And Privacy Commissioner Michael Harvey - Data Privacy Day by VOCM
2023 MacBook Pro review: More of the same, in a good way. M2 Mac Mini review: Whatever you want it to be. Apple resurrects full-size HomePod with updated acoustics. Cat activates Homepod music playback. Apple postpones AR/VR glasses, plans cheaper mixed-reality headset. How Apple's upcoming mixed-reality headset will work. iOS 16.3 fixes multiple security vulnerabilities. About security keys for Apple ID. Apple builds on privacy commitment by unveiling new education and awareness efforts on Data Privacy Day. Apple enlists 'Ted Lasso' star power and Today at Apple sessions for 'Data Privacy Day'. How Apple has so far avoided layoffs: Lean hiring, no free lunches. iOS 16.3 code reveals Apple continues to work on classical music app. Apple releases HomePod 16.3 software with humidity and temperature sensing, find my improvements, audio tuning, and more. AI and the Big Five. The Lisa: Apple's most influential failure. Picks of the Week Jason's Pick: Ivory Andy's Pick: Iconfactory - Tot/Tot Pocket Alex's Pick: Affinity Bundle Hosts: Leo Laporte, Alex Lindsay, Andy Ihnatko, and Jason Snell Download or subscribe to this show at https://twit.tv/shows/macbreak-weekly. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsor: Melissa.com/twit
2023 MacBook Pro review: More of the same, in a good way. M2 Mac Mini review: Whatever you want it to be. Apple resurrects full-size HomePod with updated acoustics. Cat activates Homepod music playback. Apple postpones AR/VR glasses, plans cheaper mixed-reality headset. How Apple's upcoming mixed-reality headset will work. iOS 16.3 fixes multiple security vulnerabilities. About security keys for Apple ID. Apple builds on privacy commitment by unveiling new education and awareness efforts on Data Privacy Day. Apple enlists 'Ted Lasso' star power and Today at Apple sessions for 'Data Privacy Day'. How Apple has so far avoided layoffs: Lean hiring, no free lunches. iOS 16.3 code reveals Apple continues to work on classical music app. Apple releases HomePod 16.3 software with humidity and temperature sensing, find my improvements, audio tuning, and more. AI and the Big Five. The Lisa: Apple's most influential failure. Picks of the Week Jason's Pick: Ivory Andy's Pick: Iconfactory - Tot/Tot Pocket Alex's Pick: Affinity Bundle Hosts: Leo Laporte, Alex Lindsay, Andy Ihnatko, and Jason Snell Download or subscribe to this show at https://twit.tv/shows/macbreak-weekly. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsor: Melissa.com/twit
In this episode of Privacy Files, Rich and Sarah celebrate Data Privacy Week. Running January 22-28, 2023, this annual event, sponsored by the National Cybersecurity Alliance, is designed to raise awareness about online privacy. The mission is two-fold: help individuals understand that they have the power to manage their data and educate organizations on why it's important to respect their users' data. We kicked off the episode by covering the recent T-Mobile data breach where a hacker compromised the data of 37 million customers. This is the eighth time T-Mobile has been hacked since 2018. Data Privacy Week commemorates the January 28, 1981 signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. Last year, the National Cybersecurity Alliance extended Data Privacy Day into Data Privacy Week. We cover how every online activity leaves a data trail linking back to you and your personally identifiable information. Then we give you a series of simple solutions to better protect your data. Both Rich and Sarah tell some personal stories that underscore the prevalence of data collection in our everyday lives. Then we wrap up the episode by talking about how MySudo, the world's only all-in-one privacy app, can help individuals live more privately, and how organizations can leverage privacy to acquire more customers and make them loyal. Links Referenced: https://staysafeonline.org/programs/data-privacy-week/ OUR SPONSORS: Anonyome Labs - Makers of MySudo and Sudo Platform. Take back control of your personal data. www.anonyome.com MySudo - The world's only all-in-one privacy app. Communicate and transact securely and privately. Talk, text, email, browse, shop and pay, all from one app. Stay private. www.mysudo.com Sudo Platform - The cloud-based platform companies turn to for seamlessly integrating privacy solutions into their software. Easy-to-use SDKs and APIs for building out your own branded customer apps like password managers, virtual cards, private browsing, identity wallets (decentralized identity), and secure, encrypted communications (e.g., encrypted voice, video, email and messaging). www.sudoplatform.com
This Data Privacy Day, we have a message from Axel Voss. For business owners on Data Privacy Day. Go ahead with your idea. Concentrate on it, and make it as secure as possible from the starting point. It's privacy by design, avoiding a delay in your processes by waiting for the consent of the data protection authority. Concentrate on your product and keep in mind that it is as secure as possible, as privacy protected as possible. By doing so, you will be on the right track from the beginning. For Professionals / Practitioners in data protection. Enable it, then you can move forward with your ideas of achieving the best possible outcome. You need to have service orientated mindset when implementing data protection. As a legislator, I am not trying to reduce your potential. We should be there in aiding businesses and professional practitioners in creating and providing the relevant framework. And, please make sure that you are not overstepping the rights of others. But it's all a matter of mindset and using the potential of what is already there to be more successful as a result. This is a trailer from the full episode of The FIT4PRIVACY Podcast. If you like this, you would enjoy the full episode. If this is your first time, the FIT4PRIVACY Podcast is a privacy podcast for those who care about privacy. In this podcast, you listen to and learn from industry influencers who share their ideas. The episodes are released as audio every Wednesday and video every Thursday. If you subscribe to our podcast, you will be notified about the new episodes. And, if you have not done it, write a review and share this with someone who will benefit from this. RESOURCES Websites: www.fit4privacy.com, www.punitbhatia.com Take advantage of our Free GDPR training: https://www.fit4privacy.com/course/free CONNECT Instagram https://www.instagram.com/punit.world/ Facebook https://www.facebook.com/PunitBhatiaSpeaker/ LinkedIn https://www.linkedin.com/showcase/fit4privacy-podcast --- Send in a voice message: https://anchor.fm/fit4privacy/message
2023 MacBook Pro review: More of the same, in a good way. M2 Mac Mini review: Whatever you want it to be. Apple resurrects full-size HomePod with updated acoustics. Cat activates Homepod music playback. Apple postpones AR/VR glasses, plans cheaper mixed-reality headset. How Apple's upcoming mixed-reality headset will work. iOS 16.3 fixes multiple security vulnerabilities. About security keys for Apple ID. Apple builds on privacy commitment by unveiling new education and awareness efforts on Data Privacy Day. Apple enlists 'Ted Lasso' star power and Today at Apple sessions for 'Data Privacy Day'. How Apple has so far avoided layoffs: Lean hiring, no free lunches. iOS 16.3 code reveals Apple continues to work on classical music app. Apple releases HomePod 16.3 software with humidity and temperature sensing, find my improvements, audio tuning, and more. AI and the Big Five. The Lisa: Apple's most influential failure. Picks of the Week Jason's Pick: Ivory Andy's Pick: Iconfactory - Tot/Tot Pocket Alex's Pick: Affinity Bundle Hosts: Leo Laporte, Alex Lindsay, Andy Ihnatko, and Jason Snell Download or subscribe to this show at https://twit.tv/shows/macbreak-weekly. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsor: Melissa.com/twit
2023 MacBook Pro review: More of the same, in a good way. M2 Mac Mini review: Whatever you want it to be. Apple resurrects full-size HomePod with updated acoustics. Cat activates Homepod music playback. Apple postpones AR/VR glasses, plans cheaper mixed-reality headset. How Apple's upcoming mixed-reality headset will work. iOS 16.3 fixes multiple security vulnerabilities. About security keys for Apple ID. Apple builds on privacy commitment by unveiling new education and awareness efforts on Data Privacy Day. Apple enlists 'Ted Lasso' star power and Today at Apple sessions for 'Data Privacy Day'. How Apple has so far avoided layoffs: Lean hiring, no free lunches. iOS 16.3 code reveals Apple continues to work on classical music app. Apple releases HomePod 16.3 software with humidity and temperature sensing, find my improvements, audio tuning, and more. AI and the Big Five. The Lisa: Apple's most influential failure. Picks of the Week Jason's Pick: Ivory Andy's Pick: Iconfactory - Tot/Tot Pocket Alex's Pick: Affinity Bundle Hosts: Leo Laporte, Alex Lindsay, Andy Ihnatko, and Jason Snell Download or subscribe to this show at https://twit.tv/shows/macbreak-weekly. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsor: Melissa.com/twit
2023 MacBook Pro review: More of the same, in a good way. M2 Mac Mini review: Whatever you want it to be. Apple resurrects full-size HomePod with updated acoustics. Cat activates Homepod music playback. Apple postpones AR/VR glasses, plans cheaper mixed-reality headset. How Apple's upcoming mixed-reality headset will work. iOS 16.3 fixes multiple security vulnerabilities. About security keys for Apple ID. Apple builds on privacy commitment by unveiling new education and awareness efforts on Data Privacy Day. Apple enlists 'Ted Lasso' star power and Today at Apple sessions for 'Data Privacy Day'. How Apple has so far avoided layoffs: Lean hiring, no free lunches. iOS 16.3 code reveals Apple continues to work on classical music app. Apple releases HomePod 16.3 software with humidity and temperature sensing, find my improvements, audio tuning, and more. AI and the Big Five. The Lisa: Apple's most influential failure. Picks of the Week Jason's Pick: Ivory Andy's Pick: Iconfactory - Tot/Tot Pocket Alex's Pick: Affinity Bundle Hosts: Leo Laporte, Alex Lindsay, Andy Ihnatko, and Jason Snell Download or subscribe to this show at https://twit.tv/shows/macbreak-weekly. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsor: Melissa.com/twit
In this episode of the DLC Blend, we continue with the month's theme of Innovative Designer. Discussion topics include designing lessons with increased student voice and choice, Get Organized Month and how to use the design process to achieve goals, Data Privacy Day, and ways to clean up your digital footprint.
In this episode of Legally Bond, Kim speaks with Bond cybersecurity and data privacy attorney Shannon Knapp. Shannon discusses what to expect during Bond's fourth annual countdown to World Data Privacy Day.
As part of my daily routine, I scan dozens of blogs, visit a handful of Facebook groups, and skim through Twitter. The goal: find the most helpful resources, tools, and articles that I can share with my teacher friends (that's you!). These are my favorite links for January 2023. ----------------------------- Thanks for tuning into the Chromebook Classroom Podcast! If you enjoyed today's episode, I would appreciate your honest rating and review! You can connect with me, John Sowash, on Facebook, Twitter, or Instagram. I would love to hear your thoughts on the show!
Got a Minute? Website owner checkout today's episode of The Guy R Cook Report podcast - the Google Doc for this episode is @ 20220718 Replay 20220207 Browsercast Vivaldi and Startpage CEOs join forces on Data Privacy Day ----more---- Support this podcast Subscribe where you listen to podcasts I help goal oriented business owners that run established companies to leverage the power of the internet Contact Guy R Cook @ https://guyrcook.com The Website Design Questionnaire https://guycook.wordpress.com/start-with-a-plan/ In the meantime, go ahead follow me on Twitter: @guyrcookreport Click to Tweet Be a patron of The Guy R Cook Report. Your help is appreciated. https://guyrcook.com https://theguyrcookreport.com/#theguyrcookreport Follow The Guy R Cook Report on Podbean iPhone and Android App | Podbean https://bit.ly/3m6TJDV Thanks for listening, viewing or reading the show notes for this episode. Vlog files for 2022 are at 2022 video episodes of The Guy R Cook ReportHave a great new year, and hopefully your efforts to Entertain, Educate, Convince or Inspire are in play vDomainHosting, Inc 3110 S Neel Place Kennewick, WA 509-200-1429
Jan 31, 2022 See acast.com/privacy for privacy and opt-out information.
History of Data Privacy Day, FAQs, how to celebrate Data Privacy Day, five ways to protect your data privacy, and three ways data privacy day is important.Mick Smith, Consultant M: (619) 227.3118 E: mick.smith@wsiworld.com Commercials Voice Talent:https://www.spreaker.com/user/7768747/track-1-commercials Narratives Voice Talent:https://www.spreaker.com/user/7768747/track-2-narrativesDo you want a free competitive analysis? Let me know at:https://hubs.ly/Q0139TgJ0Website:https://www.wsiworld.com/mick-smithLinkedIn:https://www.linkedin.com/company/wsi-smith-consulting/Make an appointment:https://app.hubspot.com/meetings/mick-smithBe sure to subscribe, like, & review The Doctor of Digital™ Podcast:https://www.spreaker.com/show/g-mick-smith-phds-tracksSign up for the Doctor Up A Podcast course:https://doctor-up-a-podcast.thinkific.com/
news birthdays/events what large purchase are you going to make this year? superbowl saturday??? news funny reasons people broke up game: slogan game YUP that exists website news would you agree to surgery performed by a robot? (not robot assisted) game: pyramid when did you finally feel "on top" of your finances? news most important things you learned from your grandparents do you have nicknames for your co-workers goodbye/fun facts....Data Privacy Day...reminds us to review how our data is used. take stock and evaluate our personal cybersecurity. Thanks to the internet, massive amounts of personal data can be easily distributed. On any new device, set your privacy settings immediately. Check your bank and credit card statements regularly. Stop taking online quizzes that ask random questions about your childhood, children, tattoos, marriages, pets, and favorite foods.
In this special World Data Privacy Day episode of Legally Bond, Kim talks with Bond cybersecurity and data privacy attorney Amber Lawyer about security and privacy risk management in vendor contracts.
Data Privacy Day - January 28, 2022 Browsing Safely - TOR, Brave Browser with TOR, Ublock Origin, Privacy Badger Using a VPN to secure traffic on public networks - iVPN, Proton VPN are wha tI use Password Manager - Yes, I will continue talking about them - I use Bitwarden Encrypted Communications - Signal, Threema, Session, Matrix Cloud Server - Nextcloud Server - Let's talk about this - Simple Login / MySudo - email aliases, phone number and text Email - ProtonMail / Tutanota Notes - Standard Notes - Skiff.org Use two factor authentication - Authy - Bitwarden - Yubikey Way You Can Support The Podcast - Direct Donations and tips on our support page https://www.closedntwrk.com/support/ Follow Me On Twitter - https://twitter.com/closedntwrk Download a Podcast 2.0 app. We recommend Breez or Fountain. You can load them up with Bitcoin / Sats and stream sats to the podcast. https://podcastindex.org/apps - NEWPODCASTAPPS.COM Leave a review for the podcast, you can do this by visiting https://www.closedntwrk.com/reviews/ Reviews are greatly appreciated and of course share the podcast with friends or family A Bug in iOS 15 Is Leaking User Browsing Activity in Real Time https://arstechnica.com/information-technology/2022/01/safari-and-ios-bug-reveals-your-browsing-activity-and-id-in-real-time/ Pegasus attacks in El Salvador: spyware used to target journalists and activists https://www.accessnow.org/pegasus-el-salvador-spyware-targets-journalists/
Kate and Brian take issue with some of the assumptions in the Video Advertising Bureau's investigation into Nielsen's audience undercounting, discuss Google's Topics proposal, and Brian talks to Joseph Turow, the Robert Lewis Shayon Professor of Media Systems & Industries at the Annenberg School for Communication about the state of data privacy. Links to news, reports, and research cited in this episode: https://www.nexttv.com/news/nielsen-out-of-home-error-was-a-big-deal-vab-says https://blog.google/products/chrome/get-know-new-topics-api-privacy-sandbox/ https://www.asc.upenn.edu/people/faculty/joseph-turow-phd
Friday Jan 28th - World Data Privacy Day With Privacy Commissioner Michael Harvey by VOCM
(Starts at 1:00 mark) "Shift Recovery" support group in Grand Falls-Windsor offers help to people with addictions, (11:00) "One Thousand Words" photography project gives survivors of sexual violence a safe space to share their stories, (17:38) researchers of family history may get help from old vital statistics records recently digitized by The Rooms in St. John's, and (24:17) Newfoundland and Labrador's Information and Privacy Commissioner talks about Data Privacy Day - and why we all need to help protect ourselves.
CyberHub Podcast Data Privacy Matters Jan 28th, 2022 Hey Security Gang, Lets talk Privacy on International Data Privacy Day with special guest Lecio DePaula from KnowBe4. Tune in as we discuss the latest trends in Privacy and highlights how Privacy and Security intersect. CyberHub Podcast is supported by these great partners please make sure to check them out: KnowBe4: https://info.knowbe4.com/phishing-security-test-cyberhub **** Find James Azar Host of CyberHub Podcast, CISO Talk, Goodbye Privacy, Tech Town Square, Other Side of Cyber James on Linkedin: https://www.linkedin.com/in/james-azar-a1655316/ James on Parler: @realjamesazar Telegram: CyberHub Podcast ****** Sign up for our newsletter with the best of CyberHub Podcast delivered to your inbox once a month: http://bit.ly/cyberhubengage-newsletter ****** Website: https://www.cyberhubpodcast.com Youtube: https://www.youtube.com/c/TheCyberHubPodcast Rumble: https://rumble.com/c/c-1353861 Facebook: https://www.facebook.com/CyberHubpodcast/ Linkedin: https://www.linkedin.com/company/cyberhubpodcast/ Twitter: https://twitter.com/cyberhubpodcast Instagram: https://www.instagram.com/cyberhubpodcast Listen here: https://linktr.ee/cyberhubpodcast The Hub of the Infosec Community. Our mission is to provide substantive and quality content that's more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure. #Privacy #cybersecurity #dataprivacy
On 28 January 1981, the Council of Europe opened up the Convention 108, the world's first globally binding instrument on the protection of personal data. Since 2007, the privacy community celebrates International Data Protection Day (Data Privacy Day). For #SeriousPrivacy, it is our season launch. K Royal and Paul Breitbarth talk about many of the recent developments in data protection and we play a new game: Privia Pursuit. Let us know if you think it has potential. Join them for a broad discussion that involves TrustArc's Webinar on India, Saudi Arabia data protection legislation, China's PIPL, Quebec Bill 64 ( Serious Privacy episode with Constantine Karbaliotis and Jennifer Stoddart), US state laws (please see TrustArc's paper on US State legislation), and Google analytics (see Dutch DPA's Google Analytics guidance (in Dutch), Austria DPA's Google Analytics decision, EDPS Google Analytics decision, Guernsey DPA, and Danish DPA). We also touch on the Dutch class action that was thrown out, and the cyber attack on the ICRC.It's not all work - we also include the Mauritshuis museum in The Hague, Disney's Encanto, and Paul's paper on a Risk-based Approach to International Data Transfers in the European Data Protection Law Review.Please follow us on your favorite podcast app - we love ratings and comments. We're also on Twitter (@podcastprivacy, @trustarc, @euroPaulB, @heartofprivacy), and on LinkedIn for Serious Privacy.
WIOD National Correspondent Rory O'Neill *Follow him on Twitter: @RadioRory. Today is “Data Privacy Day.”
This is Today features the stories that make this day unique. It's Friday, January 28, 2022, and here is what we talk about today:National Big Wig DayNational Have Fun At Work DayNational Kazoo DayData Privacy DayNational Blueberry Pancake DaySpace Shuttle Challenger 10Show LinksUSA - National Kazoo Day - January 28Free Online Jigsaw Puzzles21 Fun Office Pranks in 2022 That Won't Get You FiredPodcast of the day: The Nomads of FantasyHelp to support this podcast and get Patreon only perks:Become a Patron for as low as $3 a month!Additional X Audio Podcasts:Subscribe to Learning MoreSubscribe to DIY For Business Get bonus content on Patreon See acast.com/privacy for privacy and opt-out information.
Bill Kicked Off Your Weekend With Cavs VS Pistons On Sunday - Preview From Cavs Jim Chones - AFC-NFC Championship Games - Scooter'$ Football Picks 1-28-22 - Cleveland.com Terry Pluto Talked Cavs & NFL - Weekend Movie Previiew From Kevin Carr-Fat Guys At The Movies & ABC News Jason Nathanson - ABC News Crime-Terror Analyst Brad Garrett Talked "Ghost Guns" - Friday is “Data Privacy Day.” Is your personal information private or public?-NBC News Radio Rory O'Neill - Much of the Northeast will be buried under a “bomb cyclone” this weekend. What is a “bomb cyclone” and why should you be interested even if you live in places that never get snow? NBC News Radio Michael Bower
In this episode of the FIT4PRIVACY Podcast, we celebrate International Data Protection Day. We all know that Jan 28 is the Data Protection Day and on this occasion, Punit shares the Top 10 fines in the EU GDPR regime and what we can learn from these. KEY CONVERSATION POINTS 02:44 - 10. Notebooksbilliger.de — €10.4 million ($12.5 million) 05:27 - 9. Vodafone Italia — €12.3 million ($14.5 million) 08:41 - 8. Wind — €17 million ($20 million) 11:01 - 7. Marriott – €20.4 million ($23.8 million) 13:33 - 6. British Airways – €22 million ($26 million) 17:40 - 5. TIM – €27.8 million ($31.5 million) 20:14 - 4. H&M — €35 million ($41 million) 22:06 - 3. Google – €50 million ($56.6 million) 23:56 - 2. WhatsApp — €225 million ($255 million) 26:10 - 1. Amazon — €746 million ($877 million) ABOUT THE HOST Punit Bhatia is one of the leading privacy experts who works independently and has worked with professionals in over 30 countries. Punit works with business and privacy leaders to create an organization culture with high privacy awareness and compliance as a business priority. Selectively, Punit is open to mentor and coach privacy professionals. Punit is the author of books “Be Ready for GDPR” which was rated as the best GDPR Book, “AI & Privacy – How To Find Balance”, “Intro To GDPR”, and “Be an Effective DPO”. Punit is a global speaker who has spoken at over 30 global events. Punit is the creator and host of the FIT4PRIVACY Podcast. This podcast has been featured amongst top GDPR and privacy podcasts. As a person, Punit is an avid thinker and believes in thinking, believing, and acting in line with one's value to have joy in life. He has developed the philosophy named ‘ABC for joy of life' which passionately shares. Punit is based out of Belgium, the heart of Europe. RESOURCES Websites: www.fit4privacy.com, www.punitbhatia.com CONNECT Instagram https://www.instagram.com/punit.world/ Facebook https://www.facebook.com/PunitBhatiaSpeaker/ LinkedIn https://www.linkedin.com/in/punitbhatia/ Podcast http://hyperurl.co/fit4privacy YouTube http://youtube.com/fit4privacy Email hello@fit4privacy.com --- Send in a voice message: https://anchor.fm/fit4privacy/message
Data Democratization - Frontline stories about data and privacy
To celebrate Data Privacy Day 2022, we talked to the godfather of GDPR, Paul Nemitz, about how bigtech threatens democracy, the role law can play in protecting people and societies from adverse effects of technology and why it's time to regulate AI. Tune in to learn more about the upcoming European AI act and find out what role synthetic data is likely to play in this regulated future!
In this episode of Legally Bond, Kim speaks with Bond cybersecurity and data privacy attorney Jessica Copeland. Jessica discusses what to expect during Bond's third annual countdown to World Data Privacy Day.
Understanding how our data is used on Data Privacy Day, Google has kicked off an information war about the News Media Bargaining Code - but they've also presented a solution, Tesla has unveiled the latest version of the Model S electric car, we review the Samsung Galaxy S21 Ultra smartphone, Norton releases new internet security for gamers, Ring launches its smallest and cheapest video doorbell and we'll answer your tech questions in the Tech Guide Help Desk. Learn more about your ad choices. Visit megaphone.fm/adchoices
Each week we take a look at the most recent and interesting events and trends related to data security and privacy. This week is a replay from our webinar on Data Privacy Day, hosted by our partner the National Cybersecurity Alliance, where we revealed our new 2020 Data Breach Report including the top trends in cyberattacks. Download a copy of the ITRC's 2020 Data Breach Report here: notified.idtheftcenter.org/s/ Follow on LinkedIn: www.linkedin.com/company/idtheftcenter/ Follow on Twitter: twitter.com/IDTheftCenter
2018 privacy hero of the year, Tara Taubman-Bassirian, discusses the EU GDPR, the increasing need for protecting privacy in the increasingly technology-rich environment, and some activities for Data Privacy Day on January 28, 2019. What are the benefits of GDPR? Where can it be improved upon? What do companies struggle with most for GDPR compliance? What is a “hot potato” GDPR issue? How are binding corporate rules (BCRs) used for non-adequate countries? How has Brexit impacted GDPR compliance? Why does privacy matter? What are the current largest threats to privacy? What are some activities for Data Privacy Day? Hear Tara discuss these topics, and more, with Rebecca.
George Rettas talks about Cyber Security at the Super Bowl, gives some data security pointers in recognition of Data Privacy Day in America, and then is joined by special guest Dr. Rebecca Wynn where they discuss Woman in Cyber Security and the successes, failures, and challenges around efforts to secure confidential data across organizations in all the critical infrastructures. Dr. Wynn was named the 2017 Cyber Security Professional of the Year sponsored by the Cyber Security Excellence Awards, and she was also awarded SC Magazine's Chief Privacy Officer of the Year Award in 2017. Dr. Wynn is an inspiration to thousands of women in Cyber Security and the broader technology space and has been published dozens of times on various different topics in the Cyber Security field.