As many of our readers, who are risk management team members in their organizations, work on their 2012 disaster preparedness plans and risk mitigation strategies relevant to their organizations, information security and privacy will remain high on their lists of considerations.
Recently, an article, written by Richard L. Santalesa, attempted to address these concerns by providing a list of several events predicted to occur in 2012 that will occur across the privacy and data security landscape….
A quick summary of just some of those predicted events are as follows:
There will most likely be a significant revamp of the EU’s Data Protection Regulations – e.g. a potential requirement to designate a privacy officer within an organization, increased enforcement powers and penalties, and perhaps stronger protection for children under 18.
Perhaps the final version of the U.S. HIPAA breach notification rule will make a long awaited appearance, along with guidelines per Stage 2 of the electronic record incentive program within the HITECH Act, in 2012.
In 2012, the FTC will likely its finalized Privacy Report, formally titled “Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers.”
Better development of information security and data protection language in contracting agreements for cloud services will help provide guidance on cloud contracting issues addressing audit assurances, cloud security and accreditation, e-discovery issues, security controls and allocation of liability and responsibility for data security, to name but a few.
Continued data breach activity in 2012 will force many organizations to review their existing insurance policies to see what is and what is not covered in their business interruption insurance policies.
A growing importance in 2012 “of key buzz words that implicate data security and privacy issues, such as are BYOD (“Bring Your Own Device”) and COIT (“Consumerization of Information Technology”).
Click here to view more about the predictions listed above as well as to read the full collection of Christine Marciano’s predictions of data security and privacy related activities to occur in 2012.
If applicable, please pass this information along to your other risk management or information security team members.