BSU

Security_Smart_Spring2018_BSU

Issue link: http://bsuit.uberflip.com/i/977253

Contents of this Issue

Navigation

Page 1 of 3

SPRING 2018 SECURITY SMART 2 For more information on staying safe online here at BSU or at home, contact security@bridgew.edu. GDPR Is Coming 5/25. Are You Ready? The European Union's General Data Protection Regulation (GDPR) goes into effect on May 25. Here's what you need to know about it. What is the GDPR? GDPR requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. Noncompliance will be costly: Fines can reach up to €20 million (about $24.6 million) or 4 percent of a company's global annual revenue for the preceding financial year, whichever is greater. "GDPR is about forcing organizations that have the personal data of Europe- ans to treat that data in a reasonable manner and to be good custodians of that data. It's about making sure the way they use that data aligns with the expectations of European citizens," says Crispen Maung, vice president of com- pliance at cloud file sharing service Box. Which companies will be affected? Any organization established in the EU; established outside of the EU, but targeting goods or services at data sub- jects in the EU; and established outside of the EU, but monitoring the behavior of individuals in the EU. "GDPR applies to potentially every company in the world if they gather per- sonal data of EU residents," says Peter Tsai, senior technology analyst with IT professional network Spiceworks. "Any company that does any sort of business in Europe or with European citizens really needs to pay attention to this." What types of data does it protect? ■ Basic identity information such as name, address and ID numbers ■ Web data such as location, IP address, cookie data and RFID tags ■ Health and genetic data ■ Biometric data ■ Racial or ethnic data ■ Political opinions ■ Sexual orientation If my company has to comply with GDPR, how will my work be affected? That depends on your role within your organization. The GDPR defines sev- eral roles that are responsible for ensuring compliance: data controller, data processor and the data protec- tion officer (DPO). The data control- ler defines how personal data is pro- cessed and the purposes for which it is processed. The controller is also responsible for making sure that out- side contractors comply. Data processors may be the in- ternal groups that maintain and process personal data records or any outsourcing firm that performs all or part of those activities. The GDPR holds processors liable for breaches or noncompliance. The GDPR requires the control- ler and the processor to designate a DPO to oversee data security strate- gy and GDPR compliance. Companies are required to have a DPO if they process or store large amounts of EU citizen data, process or store special personal data, regularly monitor data subjects or are a public authority. Some public entities such as law en- forcement may be exempt from the DPO requirement. If you're not sure whether your work intersects with GDPR rules, ask your supervisor or your IT department. Here' s One Security Product You Don't Need Radio Frequency Identification (RFID) is a short-distance electromagnetic method for transmitting small bits of data. It's used for authentication, passports, identifica- tion cards and credit cards, and that latter use in particular has driven a billion-dollar industry offering specially designed RFID- blocking accessories such as wallets, sleeves, and other products. The issue isn't that these products don't work, it's that they're a solution to a prob- lem that doesn't exist. RFID-related crime just doesn't happen. RFID-enabled credit cards, which are especially popular outside of the United States, wirelessly transmit personal infor- mation from a card held a few inches away from a RFID reader to complete a financial transaction. As these credit cards gained popularity, researchers began demonstrat- ing how easy it is to intercept RFID-enabled credit cards. And it's true, some RFID- enabled credit cards can be hacked. The RFID-blocking vendors will try to overwhelm you with technical terms and specifications, including frequencies and an- tenna sizes. In reality, aluminum foil works to block them all. Do the "official" RFID wallets Computer security expert and columnist Roger Grimes says RFID-protecting accessories are security snake oil. and other accessories work? Yes and no. Some have been shown to be less reli- able than aluminum foil. But even if the RFID blocking prod- ucts work, the fact remains that not one crime involving an RFID-enabled device has been reported in the public domain. It's not that it can't be done. But there is a huge gulf in the world of threats and risks between what can be done and what is likely to be done. And so far, based on over a decade of evidence, RFID-related crime appears not only very unlikely, but nonexistent.

Articles in this issue

Links on this page

Archives of this issue

view archives of BSU - Security_Smart_Spring2018_BSU