A cyber attack can be defined as a malicious, deliberate attempt to target one or multiple computer systems. Individuals behind the offensive action use different ways to steal and destroy data from users’ digital devices.  

As technology advances, the risks of cyber attacks also rise. A report by Cisco suggests that today, attackers can launch a cyber attack without human intervention.

Although there are different types of cyber attacks, some of them are more common than others. 

  1. Denial-of-Service Attack and Distributed Denial-of-Service Attack

A denial-of-service attack, also known as DoS, is a type of cyber attack that attacks a system and overwhelms its resources to prohibit it from responding to service requests. This type of attack is launched from a host system infected by malicious software by an attacker.

Although DoS doesn’t provide direct benefits to attackers, it can be a ferocious weapon for business competitors. Apart from that, some hackers use DoS as the first step in session hijacking.

DoS and Distributed Denial-of-Service Attack (DDoS) have different cyber security attacks, including:

  • TCP SYN flood attack: In this, an attacker uses the buffer space during a session of Transmission Control Protocol (TCP). Here, the attacker uses his device to attack a target device and affect its small in-process queue using connection requests. This leads to the device crash.
  • Teardrop Attack: This type of attack targets Internet Protocol (IP) packets and causes these packets to overlap. The attacked system tries to reconstruct packets but fails and eventually crashes. 
  • Smurf Attack: It involves IP spoofing that saturates a network with unusual traffic. Here, ICMP is used to target an IP address.

2. Man-in-the-middle Attack

Popularly known as MitM attack, it is a type of attack where a hacker attempts to prohibit a line of communication between two connections. Different types of MitM attacks include session hijacking, replay, and IP spoofing.

In session hijacking, the hijacker attacks the line between a client and a network server. Here, the system used in the attack uses the attacked device’s IP address to connect with the server.

IP spoofing is a type of attack where the attacker makes the attacked system feel that it has been communicating with a known system. Here, the hacker sends a packet and the IP address of a known system.

The replay attack occurs when a hacker saves the victim’s messages to send them later.

Although there isn’t fool-proof technology to prevent the MitM attack, encryption and digital certificates are effective tools to protect against the attack.

3. Phishing and Spear Phishing Attacks

It is a type of attack where a hacker sends emails to a victim that seem to be sent from trusted sources. Here, the motive is to convince a hacker to influence the victim to do something.

The phishing and spear phishing attack combines technology and engineering. In addition, there could be a file with an email that can harm a system with malware.

To protect a system against a phishing attack, various methods are used. Not accepting the email, not clicking the provided link, and sandboxing are some of the ways to prevent a phishing attack.

4. Password Attack

As the name suggests, it is one of the cyber security threats where attackers try to obtain the passwords of victims. Using social engineering is one of the common ways to get someone’s password.

Brute-force guessing is a type of password attack where a random approach is followed by trying different passwords and hoping that they might work.

In order to stay protected against the brute-force guessing attack, you can make use of the account lockout policy, which locks an account after a few failed attempts to log in.

5. Cross-site Scripting Attacks

Also known as XSS, the type of attack uses third-party Internet resources to run scripts on a victim’s web browser or an application. In this, the hacker injects the malicious JavaScript into the database of a webpage. When the victim asks for a web page, the page comes with the attacker’s script.

To protect against the threat, you can protect data input by users.

6. Drive-by Attack

These are common computer security threats that attack to spread malware. In this, attackers use a malicious script and add it to the HTTP page of a website. This script adds malware to the system of a user who opens the website. 

An effective way to protect against the threat, you must keep your Internet browser up to date and websites that may contain suspicious code.

7. SQL Injection Attack

It is among the most common cyber attacks these days that attack data-driven sites. In the SQL injection attack, a hacker uses a SQL query to enter a victim’s database. The query is used as a data-plane input. The attack helps a hacker to get access to a victim’s database.

If you want to protect your system against the SQL injection attack, avoid suspicious input and rely on stored procedures.

8. Birthday Attack

The type of attack is one of those common cyber attacks that affect the integrity of software or a message. In this attack, two messages with the same message digest (MD) are identified. After that, the attacker replaces the original message with his message.

9. Eavesdropping Attack

It is one of those network security attacks where the Internet traffic is used to attack a victim’s important information like passwords, credit card numbers, and others.

Eavesdropping attack is of two types: Active eavesdropping and passive eavesdropping; in the former type, an attacker poses as a friendly unit to attack a victim. On the other hand, passive eavesdropping helps steal information by listening to a message on a network.

Detecting the attack is one of the most effective cyber security techniques to protect against the eavesdropping attack.

10. Malware Attack

This type of attack is probably the most common type of cyber attack right now. Here, unwanted software is added to the victim’s software. File infectors, macro viruses, ransomware, worms, Trojans, and boot-record infectors are some of the types of malware attacks.

Conclusion

Some cyber attacks can be prevented using advanced cyber threats and security solutions, while for others, you need to stay cautious. Keep your system protected against potential threats using privacy risk assessment solutions. All the best!

Read More
September 15, 2021 0 Comments

How Secuvy AI Automates Data Discovery for GSuite 

Gmail and GDrive are the paramount emails and cloud-based services worldwide. Secuvy Al proposes peerless support to the sensitive and personal information stored in these two popular services.  

With the help of an agentless connector, users can automate, identify, analyze, and classify their data across GDrive and Gmail around the world. Scan options are particularly for efficient and quick performance. However, you can always restrict the scan options to a few files and folders, allow clustering, and interpret timeouts for an accurate understanding. 

Secuvy consists of a JAR file, assisting all the connections in Unix, Linux, Windows employments, and other OS environments. It can activate and deactivate partial DSAR matches to eradicate simplified scans and all the negatives. 

Significance of GDrive and Gmail

  • Provide Tremendous amount of storage:

Both GDrive and Gmail offer a massive amount of storage. It also provides the ability to backup enormous amounts of material without the risk of corruption.

  • Gmail proposes video support:

Google meet and Duo are the two key components of Gmail that are especially for video conferencing.

  • Easily accessible and convenient interface:

Both Gmail and GDrive are embedded with a built-in search engine that is very convenient to use, and one can access it through a phone.

  • OCR offers intelligent searches:

OCR is included in GDrive that allows it to scan through enormous amounts of data. In addition, image recognition injects photos with intelligence and boosts search results.

  • GDrive allows easy sharing of data:

Anyone with a GDrive account and accessed authorization is capable of sharing huge files through GDrive.

  • Reliable and Well suited email system:

Gmail easily synchronizes with other email systems such as Outlook, and it offers excellent data security and spam filtering capabilities.

Some basic Facts About Google Drive and Gmail

Google Drive is a cloud-based storage platform built by Google and launched on April, 24,2012. It synchronizes and shares data across various devices. Google Drive includes Google Sheets, Google Docs, and Google files, all of which are the key components of the Google Docs Editors office suite. In addition, it authorizes permission to edit presentations, drawings, documents, forms etc. It allows about 15 GB of storage through Google One and is one of the major parts of Google Workspace. 

Gmail is one of the most widely used services offered by Google since 2004. It is a complimentary email service. It allows the users to receive emails upto 50MB and send emails upto 25 MB. Users synchronize Gmail using POP and IMAP protocols. Users have access to Gmail via the web. Gmail has become the first application to adopt programming software that creates asynchronous web applications called Ajax. Gmail is a multipurpose application that allows you to send and receive emails. It scans all the documents and filters the spam automatically. Along with that, Gmail offers an easy search option.

How is Secuvy one of the Best Cloud Platforms for the Next Generation?

  • Secuvy is a new cloud-based platform that automates Data Security, Governance, and Privacy Compliance through an Al driven workforce. It is a new generation storage programme with multiple functionalities. 
  • Secuvy Al is the finest Data Intelligence software designed especially for unstructured data. 
  • It has a convenient and user-friendly interface. It employs every functionality within minutes and some displays with a single click. 
  • The use of automatic categorization removes the need for manual classification. It is a data intelligence with no rules and policies. 
  • This data intelligence operating system offers a tremendous cut back in issues, time and cost of the programme.
  • It allows full visibility into sensitive information from hundreds of sources at a petabyte-scale to meet the security and governance requirements.
  • It automates data maps, discoveries, and privacy regulation workflows such as GDPR, CCPA, PIPEDA, LGPD and other Global Privacy Laws.
  • It customizes the request access of the subject for user validation and efficient working. 
  • Secuvy is a data intelligence platform that discovers sensitive and confidential information through enormous data storage both at rest and in motion.  

In Conclusion:

Gmail and GDrive are some of the essential services developed by Google. Any data intelligence platform that synchronizes with these services results in multiple and efficient functionalities of the system. For example, Gmail is a free emailing service that allows you to send and receive emails upto 25MB and 50MB simultaneously. And Google Drive is a cloud-based storage platform that offers massive storage of 15 GB. At the same time, Secuvy Al is the cloud-based platform of the new generation that offers data intelligence services to automate data security, privacy compliance, and governance.

Read More
September 15, 2021 0 Comments

In the wake of the pandemic, we’ve become more digitally connected, thus more vulnerable. By no stretch of the imagination, data privacy and its impact on consumers are the greatest challenges facing society today. Furthermore, there are issues of security breaches threatening user data. 

Morgan Stanely was recently charged with a $60 million fine by the US Treasury Department for failure to secure customer data after shutting off two data centers. 

The data security enforcements are expected to increase in the US with the passage of CCPA (California Consumer Privacy Act) and much more worldwide. As a result, consumers and enterprises are asking: What do companies know about me? Are they selling my data? How are they using the information? 

The General Data Protection Regulation (GDPR) was introduced back in 2018 to give individuals control over their data. Even though access is not new, access permission is one of the most common requests organizations receive. So, sooner or later, you will have to explore the online privacy laws. 

How is the CCPA good for businesses and users? 

California is a state of affairs for a few reasons. The fifth-largest economy in the country, most businesses in the world have consumers in the state. CCPA requirements compel organizations to tell users what personal data is gathered about them if not sold to third parties. In addition, the California State privacy law extends beyond California. For instance, if a commerce intent entity collects and leverages the personal data of California residents, it is subject to the CCPA data protection act. 

Furthermore, it enforces the choice to opt-out and “right to deletion,” although with a handful of restrictions. 

With various technologies promising a customer 360 panacea regularly hitting the market, California privacy law is making a frictionless entry to California legal books. Too often, however, they have repositioned technologies for the hot CX market and needs of today’s regulatory environment. Staying on the right side of CCPA requires companies to user’s interests beyond business. Here’s how you can adjust to the post CCPA landscape beyond the technology solutions: 

CCPA requirements 

Determine if your company is put through to the CCPA. For example, companies serving California residents have at least $25 million in annual revenue. Companies of any size that have personal data on over 50,000 entities or collect more than 50% of their revenue from selling personal data should adhere to CCPA compliance.  

Legal Obligations 

Companies should work with the general counsel and legal professionals to immediately put a compliance plan and follow CCPA’s recommended requirements and needs. 

Seamless Masterstroke

Learn what works the best for you following the privacy regulations like GDPR, and implement those learnings to streamline California Privacy Rights Act compliance. 

Mitigate risks

Reduce compliance risk and ensure you’re honest about what you do with your customer’s data by revising your online privacy notice. This should reiterate your customer-first approach to business and allow you to maintain more customers in the long run.  

The California privacy law is similar to the General Data Protection Regulation (GDPR) for a more heavy-handed approach throughout the EU. While myriad enterprises in various industries have faced smaller sanctions, GDPR levies fines up to$22.34 million.  

Current and Future Implications of CCPA

Californians are in the driving seat when it comes to data decisions enabling greater transparency into what personal data businesses collect and its use. The CCPA requirements allow users to question the data collection or mode of devices. In addition, if businesses use personal information with commercial intent, they must share which categories they sell and to whom they sell it. 

GDPR CCPA is not a walk in the park. Under GDPR, you must grant their consent before you install cookies on the computer. However, the cookie law applies not only to cookies but to any other type of technology that administers information on a user’s device, i.e., device fingerprinting, unique identifiers, and more. 

In layman’s language, cookies are akin to trackers. Moreover, the Cookie Law covers your website or browser environment and technology apps on smartphones, TVs, and other devices. 

Trust in consent management platforms continues to play an eminent role in every organization’s perception and, more importantly, reduce risk and build trust with customers by keeping identities secure and private. With the US data privacy laws, businesses are responsible for safeguarding personal information when stored. However, while California privacy law says businesses must implement “reasonable security measures” to safeguard data information, there have been severe breaches of user privacy.

The children’s online privacy protection act (COPPA) imposes certain requirements on users of the website or online services directed to children under 13 years of age. In addition, the CCPA delivers an increase in potential penalties that the California Attorney General can assess against the breaches of California state privacy law. 

What happens if you fail to comply with CCPA? 

The CCPA data protection act delivers an increase in potential fines and penalties assessed by the California General against businesses that violate California CCPA. The civil penalties can start from $2500 per California right privacy act breach for unintentional non-compliance. For intentional, non-compliance can levy a penalty of $7500 per violation. 

The CCPA states that if a company can rehabilitate within 30 days of being notified of the offense, they get off with a warning. However, if the company can’t remedy the situation, they are subject to penalties. 

The steps taken by California and other states pursuing their privacy laws have the ultimate goal of providing privacy expectations to all Americans. The demand for regulation of technology companies within the California privacy rights act. 

We enter a new era where we have a greater opportunity to secure our private information, and ultimately our digital identities. It’s requisite for technology users to recognize how this new law will impact you and prepare you for more change. Further, the technologists that design and regulate such applications should advocate for development in data. 

Read More
September 15, 2021 0 Comments

In the United States, 45% of respondents to a user data survey from leading encryption label RSA openly admitted that they had been victims of a data breach. With the increasing frequency of data breaches, consumers are more aware of their data- where it lives or who accesses it. With that said- businesses are looking for new ways to collect, analyze and leverage user data with business intent.

Under 15 U.S. Code 41 et seq, the Federal Trade Commission Act broadly authorizes the U.S. (FTC) Federal Trade Commission to enforce actions to protect users against unfair or deceptive applications. Failure to comply with Data Protection Law may lead to fines, lawsuits or legal liabilities. Following Washington and Nevada, even Virginia passed its Consumer Data Protection Act on March 2, 2021.

Data Protection Law

In 2020 alone, data breaches resulting from inadequate data protection measures exposed the sensitive data of over 150 million U.S. residents. In addition, Amazon’s Alexa listening to conversations and Google accessing healthcare information of millions without knowledge has alarmed the public.

In the absence of a comprehensive blanket solution like GDPR, states are now taking these issues into account. In addition, the framework of federal data privacy law is shaping the nation’s future privacy landscape. While there are no comprehensive regulations that govern data privacy in the United States, there’s a complex patchwork of data security and privacy that address financial, healthcare and telecommunication information. 

How does the FTC adjust to the shifting regulatory landscape? 

The Federal Trade Commission (FTC) is an independent agency of the US government whose primary mission is to enforce civil US antitrust law and promote consumer protection.   While the FTC has no explicit policies to regulate website privacy laws , it uses data privacy compliance and enforcement action to protect consumers. The FTC takes action against organizations breaching the Data privacy policies if: 

  • A user/ organization fails to execute a reasonable data security course of actions
  • A user/organization falls short of adhering  to the self-regulatory principles of an organization’s industry. 
  • A user/organization transfers personal data or security representations to consumers in privacy policies. 
  • A user/organization falls short of providing sufficient security for personal data or company data privacy policy. 
  • A user/organization gives away personal information in a manner not disclosed on the privacy policies.  
  • A user/organization breaches consumer data protection and privacy rights by monitoring, storing or sharing information. 
  • A user/organization engages in malpractices.

Many companies earlier relied on sharing raw consumer information or allowing others to quarry the unprocessed data files. However, the new regulations make it hard to approve, consent or provide disclosure when needed. 

Here is a list of Federal laws that administer the collection of information online: 

  • The Children’s Online Privacy Protection Act (COPPA) administers the collection of information about Minors.
  • The Fair Credit Reporting Act (FCRA) regulates the collection and use of credit information. 
  • The Health Insurance Portability and Accountability Act (HIPAA) examines health information. 
  • The Gramm Leach Bliley Act (GLBA) examines personal data collected by banks and financial institutions. 

Here’s a list of the important privacy legislation in the U.S.: 

Laws that are similar to CCPA include-

  • New York Privacy Act (S5642) 
  • Massachusetts Consumer Privacy Bills (S.120) 

Other privacy laws include: 

  • Vermont Act 171 Data Broker regulation 
  • Virginia’s Consumer Data Protection Act 

The United States has numerous sectoral online privacy laws in different states. In addition, U.S. state attorneys general oversee data privacy laws monitoring the storage of personal data of their residents and Social Security numbers. Some apply to governmental entities, and others apply only to private entities and some to both. 

Over the next decade, Europe’s May 2018 launch of GDPR would create a global ripple effect, creating coherent data privacy regulations. 

The California Consumer Privacy Act (CCPA) & The California Privacy Rights Act (CPRA)

CCPA is the most prominent piece of the U.S. legislative act affecting digital privacy rights. Motivated by GDPR, the act allows residents of California unprecedented transparency and accessibility to data accumulated by businesses. In addition, the law focuses on information that is released or sold to third parties, which distinguishes it from GDPR.

In 2020, this was revived by a new stricter legislative act- The California Privacy Rights Act (CPRA). This act will revise many concepts from CCPA and introduce harsher penalties for data compliance regulations. In the case of a suit filed by consumers from $100-$750 per resident in case of data privacy protection breaches or user information theft if not properly protected. In the case of a suit by the State Attorney General- $2500 per violation and $7,500 per intentional violation of privacy. 

Massachusetts Consumer Privacy Bill (S.120)

This state is stranger to data security and privacy breaches, with almost 2,000,000 residents reporting security infringements. The Massachusetts bill is akin to California’s predecessor; they share the same scope, business demands and other power in the hands of the people. Furthermore, this law prevents an array of online accidents and better protects user privacy. 

Under the Massachusetts Consumer Privacy Bill (S.120), users can take legal action against a company if they violate the safety of their personal information. 

New York Privacy Act (S5642)

The New York Privacy Act shares various similarities with the CCPA, but features make it significantly stricter. For example, this law allows private action against companies that breach the online privacy law. Furthermore, forbidding the sharing of personal information to third parties without a documented consent. 

According to the New York Privacy Act, the victim can seek civil penalties up to $15,000 per Data Protection Law infringement. In addition, any user whose rights have been violated can recover damages or seek compensation of $1000.00. 

Virginia’s Consumer Data Protection Act (CDPA)

Virginia’s Consumer Data Protection Act offers Virginia residents more control over how companies use or sell their information. The CDPA is also referred to as “opt-out law”, which means the under-act consumers take action to object to their data collection. The law allows companies to control the data of at least 100,000 consumers during the calendar year. In addition, it processes the personal data of at least 25,000 consumers from the sale of personal data. 

However, large corporations won’t be subject to this data privacy law if they don’t fall within these categories.

Vermont Act 171 Data broker Regulation

The Vermont Act 171 Data broker regulation rules that gather and consumer data to third parties. The regulation considers data as brokered personal information (BPI) if it’s digitally created and organized to be distributed business. 

This privacy protection act holds businesses that plan to sell Vermont-sourced information to the standard of security. 

There is no question that these data privacy regulations are drastically transitioning the way data-driven businesses operate. However, the barriers are not so tall that you can leap over them. So instead, we recommend that you understand how to tap into tools that support your business goals and consumer demand. 

Read More
September 14, 2021 0 Comments

What is GDPR Compliance? 

Not everyone is aware of GDPR, especially when your organization resides outside the EU. However, GDPR is an essential term as it has ramifications for your agency’s security.  

The EU understood a need to change its previous data protection directive and then came up with the GDPR stands for General Data Protection Regulation. GDPR considers the major data privacy regulation in 20 years. 

With its new regulations, it hopes to give consumers control over their personal information. Consumers are in charge of their data. So they have control over who gathers and uses their data. They may easily block access to the person in charge if they don’t like how their data is utilized.

Breach of personal information is an offence and must be dealt with in the same way. Sorry is no longer a way out. Now people face harsh punishments and penalties for data privacy violations.

Transparency might feel overwhelming, but it is the right road for a better user/customer experience. 

How Will GDPR Ensure a Better Customer Experience?

Even though there have been mixed reviews about GDPR, it is still a boon for every organization. Research shows that US organizations are least trusted when it comes to ensuring their customers’ data privacy. GDPR compliance is an asset to eliminate such a contradictory outlook. 

The Following Points Will Explain the Positive Points of GDPR (Including Non-Compliance Pitfalls and Overall GDPR Requirements).

  1. The GDPR applies to every country’s organization, even those not covered under the EU. 

The GDPR replaced the data protection initiative 1995 in 2016 but was enforced by the EU parliament by May 25, 2016. Therefore, the GDPR applies to organizations in other countries, even if not from the EU. 

Any organization that provides products or services to EU data subjects are liable to GDPR. 

   2. The GDPR compliance governs all the personal information of a customer.

All your data that is collected through any conceivable online platform is governed through GDP. It covers everything from your biometric data to your email address.

The following are the list of personal data that comes under GDP:

  • Identity information is collected by every website, such as address, email address, name etc.
  • Data like IP address, RFID tags, and cookie data.
  • Health data
  • ethnic data
  • Governmental thinking
  • Sexual inclination

GDPR also governs all your social media posts, pictures, tweets

  3. The GDPR provides a total of 8 basic rights to every user 

Every customer has some basic rights towards their data, and every organization is obligated to respect those rights. 

  • The right to access:

Every consumer must have access to their personal information. In addition, they have the right to know how the organization is using their data. Therefore, always provide them with a copy of their data.

  • The right to be informed:

Customer’s consent is a must before gathering and processing their data.

  • The right to data portability:

A commonly used and machine-readable format is used while the users transfer their data from one service provider to another.

  • The right to be forgotten:

All the customers have the right to withdraw their personal information whenever they want.

  • The right to object:

Consumers can object to the processing of their data. And as soon as they raise that red flag, all the procedures must stop.

  • The right to restrict processing:

It is wholly up to the customers if they want to carry forward the processing of their data. And if they want it to stop, it must stop.

  • The right to be notified:

After a breach of any user’s data, they are notified about the same within 72 hours of you being aware of the breach. 

  • The right to rectification:

Customers can update, complete and correct their data anytime they want.

4. A representative in the EU is a must if your organization is outside European Union to process EU residents personal data

The GDPR law suggests that to avoid non-compliance, every organization that does not fall under the European Union must designate a representative in the EU. Therefore, GDPR compliance is essential for easily processing customers’ data and bringing more traffic to your website from the European Union. In this way, your organization will be a part of the EU’s data protection companies.

5. There are major consequences of disregarding the GDPR law.

The GDPR requirement includes transparency for ensuring better customer service, and the data compliance regulation will ensure the same. However, some US organizations find it difficult to match the GDPR requirements. But GDPR law will spare no organization. They will be charged with serious compensation in case of non-compliance with the GDPR. Penalties can be as extreme as 4 percent of comprehensive turnover or 24.4 million dollars, whatever is greater.

6. The organizations are required to switch from “OPT-OUT” to “OPT-IN” mode to collect personal data.

GDPR regulation specifies the importance of asking users’ permission before collecting their personal data instead of assuming users’ consent. And it applies to every small detail of the customer. All the organizations are required to protect all the eight rights of the users. Transparency means asking for consent to collect the user’s data and scratch it as per their request.

7.GDPR compliance requires every organization to define and give access to their data protection policies clearly

The GDPR compliance requirements ensure that no organization tries to be smart by covering their data protection policies with legal terms that are untraceable. All the agencies are obligated to provide access and every detail about their data processing of personal data. You are accountable for your vendor’s privacy policies too. So it would be best if you were informed accordingly.

8.A minimum time limit is set to notify a customer about the breach of their personal data according to GDPR.

One of the most important GDPR key facts is that you must notify the user about the breach of their personal data within 72 hours of being informed about the same. It is one of the major steps taken by GDPR compliance companies. The more organizations are ignorant about GDPR compliance, the higher they will face the consequences. 

9.According to GDPR compliance, you are always answerable to the user about their personal data.

It is the right of every consumer to raise a few questions about their personal data. Organizations are committed to providing the user’s information, such as where the data is collected? How is it used? etc., as per their request. The users have the right to rectify their information whenever they want. Organizations are obligated to completely erase their data if the user has invoked their “right to forget”. This process of erasing the user’s data by the company as per their request is called erasure. 

Several data protection act facts will force every company to be at the top.

  • It formulates an improved data management.
  • It provides an increased marketing ROI.
  • It enhances cybersecurity.
  • It builds a better trust relationship between the company and the user.

    10. A Data Protection Officer is required to govern GDPR compliance  

A Data Protection Officer is responsible for regulating all the GDPR requirements. The major task is to oversee a company’s data protection strategy and monitor data storage and data transfer operations. In addition, it is responsible for educating and training employees on regulatory compliance, implementing policies to ensure GDPR compliance, responding to data subject access requests, and serving as the organization’s point of contact with GDPR Supervisory Authorities.

When is a company obligated to hire a Data Protection Officer?

  • Your company has the responsibility to regulate public property and infrastructure.
  • Your company is conducting a large-scale, systematic user data monitoring project.
  • Your company handles a lot of personal user information.

   11. Your Cloud-Based Storage must obey the General Data Protection Regulation

Many organizations have a misconception that their cloud-based storage is not covered under GDPR compliance.  But it is not true. Like other data storage providers like Microsoft Azure, Google Cloud, or Amazon Web Services, Cloud-Based Storage are compelled to abide by GDPR requirements. A Data Protection Officer is beneficial for this task.

  12. Human Rights is the topmost priority of GDPR compliance

The GDPR requirements are designed to safeguard the personal data of the consumers. They prioritize human rights over user experience. GDPR is a big, broad piece of legislation aimed at protecting consumer’s privacy and giving them control over their data. It is accountable for posing various obstacles to all organizations, particularly those whose systems rely entirely on data processing.

Final Words:

GDPR law states that every consumer has the right to know who collects their personal data. When is it collected? How their data is processed. Transparency is the key to a better user experience. GDPR compliance is required of any organization that deals with residents of the European Union, whether it is a member of the EU or not. The users have the right to rectify and erase their information whenever they want. For GDPR, human rights are always the first priority over user experience. 

Read More
September 14, 2021 0 Comments

COPPA is the abbreviation for Children’s Online Privacy Protection Act. The bill – the U.S. law for protecting children’s online data – came into existence in 1998. It governs the way services and websites handle children’s data. The COPPA rule, which was enacted in 2000, dictates how the act must follow. Online services & websites for children under the age of 13 need parental consent. Before disclosing, collecting, and using user information, parental consent is required. The phrase ‘directed at children’ is crucial. That’s a straightforward way to ask for parental consent from children. 

This bill was passed in the burgeoning days of the Internet to protect kid’s privacy online. It applies to websites geared towards children. The bill leaves the door open for social media organizations to argue with the wrong rules. But, even several social media companies agree that children lie about their age. The contrary beliefs go on and on.  COPPA is decades old but is relevant now after the update in the bill.

Updation in the Bill

Rep. Kathy Castor (D-Fla.) did the honors by introducing the bill on Thursday. There have been amendments in the old law governing children’s privacy online. The renewal of the bill is an effort to build up attention on the issue from kid’s advocates and lawmakers. There are stringent rules around children’s online privacy. For non-compliance, the penalty is around  $42,530 per violation per child, per day. As per the criticisms in recent years, it’s believed that the law hasn’t been enforced to the full extent. The Federal Trade Commission (FTC) keeps an eye on COPPA adherence. Agency must be strict with giant technology organizations violating the law. That’s what many believe! 

The new bill asks the FTC to set a distinct division for youth privacy. With respect to that, the FTC briefed a long investigation. It was an interrogation on Google’s video streaming site YouTube in 2019. The outcome was a $170 million settlement as the response to the allegations. The ones who gathered illegal data had to suffer.

Noteworthy Cases

For instance, penalizing a local bakery a million dollars causes cessation. But, if you fine Google a million dollars with a warning not to misbehave, they can pay it over and over again. They won’t restructure a thing. 

In September 2019, the most newsworthy case came into origin. The FTC along with YouTube profited by gathering children’s personal data settled with Google. There was a charge of $170 million over allegations on them. After the largest settlements in COPPA to date, critics said it was weaksauce. The FTC pulled back the curtains and didn’t go far enough to amend new rules for accountability. The FTC allowed Google to hook off with a petty fine and a set of fresh requirements. These requirements are not enough to make YouTube a healthy and secure place for kids. For the last 22 years, since COPPA became law, the FTC has invited comments thrice on the bill. One time in 2005, then 2008 and the recent in 2010.

After many comments on the bill in 2010, the FTC revised the bill. The revision was to provide parents and children more control over their privacy. The information couldn’t be gathered without consent. It extends to those covered by COPPA, including third parties among varied changes.

COPPA is a well-made law but not understood very well by many people. Linnette Attai spent 12 years in the privacy of NIckelodeon before founding PlayWell. It’s a consultancy agency for student’s and children’s privacy. The issue is whether companies self-identify as a service-geared towards children. It happens usually with non-traditional children’s organizations that work as service providers. They work in the children’s space as startups and struggle from time to time. That’s why they don’t understand the intent of the law. Instead, they put the practices into place for better implementation.

In 2008, Tim Tobin (Hogan Lovells attorney) spoke for SONY BMG. It was the time when FTC investigation was held for COPPA violations.  This case came up with the largest settlement to date at that time i.e. $1 million. He agreed that the terms establishing your website under the COPPA act is vital. Not following the privacy rules becomes the reason for infringement. For this, the FTC outlines all the attributes that qualify a website in its FAQs. The checklist includes subject matter that features –

  • Visual content
  • Presence of child celebs
  • Music and other audio content

According to Tobin, there’s a thin line that must be drawn. For instance – If you’re into animation, you might create unique stuff. You might be unsure whether it’s child-focused or not. Sometimes, it’s difficult to understand where the line has to be drawn. There’s room for interpretation here. 

Websites and services are not recognizing that they’re child-directed. It’s a pitfall in which companies fall quite often. For this, organizations must go for the ‘totality of circumstances’ test. 

COPPA applies when you look, feel, smell and act as if you’ve created a website for kids under the age of 13. To eradicate such consequences, updations in the bill were made. Organizations run into legal trouble. Because they don’t monitor their third-party vendors. It’s known as ‘third-party footprint’. 

Organizations are responsible for their own compliance. Privacy and security with due diligence is the main aim under COPPA. Under COPPA, there’s a standard called ‘actual knowledge’. You need to gain actual knowledge of your website. Find out whether it’s directing towards children or gathering kid’s data. Who is the intended audience? When vendors don’t have the actual knowledge, it becomes a liability. Under COPPA, you must be diligent and put controls in place. Make sure you follow the regulations.

Future of Children’s Online Privacy Protection Act (COPPA)

Looking further, COPPA will amend again. It’s difficult to say when, where and how. As per the recent public comments by the FTC, the current calling is to change the age of the children under COPPA. The change is the need of the hour. The age must change from 13 yrs to 16 yrs. 

EU’s sweeping privacy law treats anyone under the age of 16 as a minor. Many say that it’s the best approach for the U.S as well. It’s the gold seal privacy law. Again, there have to be many changes from an FTC rulemaking perspective. More changes at the margins are required. Federal legislation needs to broaden the age among many other factors. 

The industry has been calling for clear rules on privacy for many years now. It seems that the EU is about to take punitive measures against the U.S. for the failure to establish the rules. Recently, the EU invalidated the privacy shield. It’s the data mechanism for moving data from the EU to the U.S. That’s the second type of agreement invalidated by the EU. With the Democrats taking control, there’s a suspicion of bringing transformation. But, there’s a big undertaking coming for alignment. This is to help everyone to get aligned as per the Act.

The Children’s Online Privacy Protection Act is long overdue for improvisations. It’s important to protect teens from deceptive online ads and digital manipulation. It’s especially for children who spend too much time online. Some social media companies tried their best to get ahead in the line by asking for separate acts. They say that there must be stricter policies and limited online ads. YouTube Kids, Facebook’s Messenger Kids and  Instagram’s products are still controversial.

Organizations are working on making these products and services safe for children. New policies for the main photo-sharing app on Instagram are announced. As per the rule, new accounts of teens under the age of 16 yrs will go into private mode by default. It will limit ad targeting for users under the age group of 18. But, the rules are not enough for a few lawmakers. Because children are still addicted to newer technology. Regulating authorities are also searching for the solution to online addiction among kids. 

The future of COPPA will cover the following questions –

  • How does the development of business models harm children?
  • How does it affect the children’s privacy policy in future?
  • How does it change the way children and parents use online services?
  • How will the Act address parental consent for children?
  • How are third party vendors going to gather information?
  • Whether the modifications made before were amended?
  • What more should the Act include?

Final Words

The right knowledge will save you from the consequences. Knowledge about the law and how to protect your data is important. The ones gathering personal data of children under 13 yrs must be aware. Make sure you create protection around that data. 

Read More
September 3, 2021 0 Comments
Connected circles chart with high speed motion blur

Practical Information related to ROPA – Record of Processing Activities Creation

Read More
August 17, 2021 0 Comments

Secuvy, the leading Data Privacy and Security platform with integrations from over 200 Cloud Applications, Databases and Fileshares has joined the Privacy Stack! Here’s why Data Discovery is becoming fundamental for your Privacy Governance.

Unstructured Data’s Astonishing Growth

Back in 2012, IBM famously stated that 90% of the data in the world at that point had been created in the prior two years. And of course, it didn’t stop there! In May 2021, the World Economic Forum reported: ‘In 2018, the total amount of data created, captured, copied and consumed in the world was 33 zettabytes (ZB) – the equivalent of 33 trillion gigabytes. This grew to 59 ZB in 2020 and is predicted to reach a mind-boggling 175 ZB by 2025.

This astonishing growth of data doesn’t look likely to slow down anytime soon. And as much as 80-90% of it is unstructured data, meaning data not stored in tidy boxes. But, given the sheer scale of data out there, even the 10-20% that’s structured data is still a huge set of data.

Increased DSR Processing Efforts

GDPR massively increased the public’s awareness of their Data Subject Rights, or DSRs, including to know what’s processed about them, obtain a copy, correct it and erase it. Similar laws around the world, including the California Consumer Privacy Act (CCPA), have added to the need for organisations to be able to respond appropriately to DSRs.

Just a few months after GDPR took effect in 2018, Deloittes’ report on GDPR and Financial Services stated that 60% of respondents had seen an increase in DSRs. And DSRs counted for over half of complaints to the UK ICO in 2019/20, with access requests (or DSARs) by far the most common reason at 46% and complaints about the right to prevent processing counting for another 8%.

It’s clear which type of request is received the most. According to the IAPP and FTI Consulting Privacy Governance Report 2020:

  • DSARs, when data subjects ask for access to their data, are received by 71% of organisations,
  • Erasure requests are received by 62%, and
  • the next categories are all grouped down at 26%, with
  • only 12% saying they received none.

As Robert Baugh, Keepabl’s Founder & CEO, states: Secuvy’s Data Discovery is an excellent solution that lets you find an individual’s data in your data lake, and bring it all together to be able to appropriately respond to DSRs. What’s so exciting about Secuvy joining the Privacy Stack is that Vaibhav and team are such experts in their field and share our fanatical focus on the customer, believing that SaaS should be easy to use and customers should be up and running in minutes, not months. We really look forward to working closely together on opportunities to bring real value and stress-relief to our mutual customers.

Vaibhav Mehrotra, Secuvy’s Co-Founder & CEO, notes: We’re focussed on helping our customers solve their Privacy and Security issues, particularly given the exponential rise in the volume of structured and unstructured data that organisations have to crawl through to properly respond to Data Subject Rights in this high-risk environment. So we’re delighted to join the growing Privacy Stack, and we’re looking forward to working closely with Robert and the Keepabl team to solve even more Privacy issues for our mutual customers.

About Secuvy

With ever-expanding data sprawls, Secuvy’s mission is to reduce human efforts, costs and errors for handling sensitive data. The team hails from Salesforce, Zscaler, Qualys, TrustArc, Mcafee, Plume Design and has built large scale Cybersecurity & AI platforms for Global 500 organisations. Having encountered the lack of automated solutions to tackle Privacy problems, the team launched Secuvy so businesses can focus on their core priorities.

About Privacy Stack

As per Robert Baugh, CEO Keepabl, Privacy sector, kickstarted into life by GDPR in 2018, is 30 years behind Security as a practice and industry. Compared to Security, with well-established roles and remits within an organisation and well-established categories of vendors and advisors, organisations are still trying to determine what help and resources they need to build out and maintain their Privacy compliance. Many are still looking for a kettle … that’s a fridge .. that’s a toaster..that’s an oven!

That’s why Robert and team at Keepabl created the Privacy Stack! It’s a really helpful methodology for organisations to identify the services and solutions they need to consider for their Privacy compliance. And it’s a great way for us to identify leading solutions that address compliance in a simple, user-focused way.

Read More
June 29, 2021 0 Comments
Online shopping concept

Privacy and security are quickly becoming top concerns in ecommerce. Its growing popularity has attracted unwanted attention from cybercriminals online. In fact, a study by Trustwave claims that the ecommerce industry is the second most targeted sector by cyberattacks in the past year.

Many malicious third-party organizations are after the myriad of data found in your system. This includes customer personal information, bank and card details, and more, leaving both your consumers and business vulnerable to fraud, scams, hacking, and identity theft. Your best protection from such attacks would be proper knowledge and precaution against the different types of threats in ecommerce.

With that, here are some ways data privacy will reshape ecommerce in the years to come.

1. Increase in privacy regulations

Different parts of the world are starting to take data privacy seriously. The European Union, for one, has introduced the General Data Privacy Regulation (GDPR). Some parts of the U.S. have also adopted their own privacy regulations like the California Consumer Privacy Act (CCPA).

As the trend of security breaches continues to rise, other countries are seeing the need to implement their laws as well. Currently, over 25 states in the U.S. are in the process of refining and executing their own consumer protection standards. In fact, 132 out of the 194 countries have already put in place legislation for the protection of data and privacy.

2. Rise of data portability

Data ownership and control often fall in the hands of businesses. However, more and more consumers are demanding that they, too, should have a say over their own data. As a result, the concept of data portability might soon become a reality in the next few years.

Through data portability, consumers can obtain and reuse their personal data for their own purposes across different services. In short, they have full control over their data. They can decide when, where, and how they will use it. Likewise, it gives them the power to delete and curate the data they give away. This shift in data ownership can change the way ecommerce businesses promote their brand, products, and services to their customers.

3. Demands for data transparency

Instances of ecommerce security breaches can strain the relationship between consumers and businesses. To gain back their trust, businesses must find a way to become more open and transparent about the data they collect and the types of ecommerce security & privacy  they can provide.

The demand for data transparency is rising. Some governments are even pushing for it in their privacy regulations. Consumers want to know what type of information they are sharing, how it is used by brands, and their impact on their privacy. If done correctly, businesses will not only gain their customers’ trust but their loyalty as well.

4. Tightened security in ecommerce platforms

Technological innovations are always around the corner. There is always something new in the ecommerce industry, such as new platforms, channels, and tools. It also means that more ecommerce threats solutions will become accessible for online brands in the coming years. 

Nowadays, there is a steady rise of smarter data protection solutions for ecommerce platforms out there. Privacy Software solutions like Secuvy are powered by artificial intelligence for better data governance, risk assessment, classification, security and reporting.

Aside from solutions, many brands are also innovating their processes to protect their consumers’ privacy. For one, Apple offers an option to hide their consumers’ personal email whenever they create an account in an app or website.    

5. Personalization will find a way

Data collection is essential in creating a personalized experience for your consumers. However, the emerging privacy standards across the world might make it more difficult for ecommerce companies to do so.

Nonetheless, many believe that personalization is here to stay in the coming years. While most regulations make it easier for consumers to opt out of having their data collected, it doesn’t mean that companies can no longer do so. In fact, most markets will focus on improving personalization alongside data security and privacy. They can do this by leveraging the benefits of data analytics software to help better understand consumer behaviors and demands.

Securing the future of ecommerce

The threats to data security and privacy in ecommerce are not going away anytime soon. Your business needs protecting from ecommerce threats. With each new technology and innovation, there are new ways for hackers to take advantage of the loopholes in the digital space. It is high time you start prioritizing data security and privacy for both your consumers and your business.

As business owners, you must be prepared for what the future might bring. New privacy laws are emerging, demanding that you provide better protection for your consumers. While these privacy laws might pose a challenge for your business when it comes to data collection and personalization, it might prove beneficial not only to your customers but to you as well in the future.

Read More
January 4, 2021 0 Comments
Personal data protection concept

Five Privacy trends to watch in 2021

Read More
December 30, 2020 0 Comments