This article was sponsored by Comcast and reviewed before publication.
How safe is your data?
For the third year in a row, the Security by the Schuylkill conference aims to inspire, inform and engage security engineers and professionals working to upgrade the data security and privacy sector.
The event kicks off Comcast Labs Connect’s annual conference series, which covers topics and trends across current and future technology. By design, the forum seeks to educate and foster collaboration across the tech community.
At this year’s Security by the Schuylkill in Philadelphia on April 16, come prepared to learn from and share ideas with members of the data security and privacy community, as well as dive into innovative new protections, best practices and topics that are dominating the headlines in an immersive, all-day event.
Taking the stage as keynote speaker will be Christin McMeley, senior VP and chief privacy and legal information security officer at Comcast. McMeley has provided legal counsel and support for all aspects of privacy and information security, including coordination with government affairs and regulatory teams to navigate new state privacy and information security laws and regulations.
We sat down with McMeley to get her perspective on themes that make this event a can’t-miss experience.
What are some of the most critical issues facing data security today?
There are so many, it is sometimes hard to prioritize. We live in an era where businesses and consumers transmit massive amounts of data that fuels the products and services that make our lives easier, but that needs to be secured in order to prevent fraud, identity theft and worse. We also live in an era where our investors and consumers themselves expect businesses to move fast, adapt products quickly and offer more conveniences to consumers.
These two dynamics don’t often complement each other, as we see with the never-ending announcements of privacy and security breaches. This is why it is imperative for businesses to think about how to build privacy and security into the products by doing things like employing secure coding practices, building options for multi-factor authentication, and asking questions about whether the scope of data collected is necessary and whether information can be de-identified or pseudonymized to reduce risk. And testing! Not just when the product is launched, but any time there are updates.
What changes in the data privacy and security landscape are essential for professionals to have awareness of?
I think by now most people are aware of the EU’s comprehensive privacy law, the General Data Privacy Regulation (GDPR), which went into effect almost a year ago, as well as the California Consumer Privacy Act (CCPA) that was signed into law last June and must be operationalized by January 1, 2020.
What people might not be aware of is that more than 100 privacy bills have been introduced in various states this year and we do expect some other states to adopt laws similar to GDPR and CCPA. The federal government is also considering comprehensive privacy legislation.
These laws (and the proposed laws) are not exactly the same, but they do share some common themes. For example, they look at privacy as a fundamental human right and give consumers the right to access the information businesses collect and maintain about them, the right to request deletion of that information, and the right to make choices about how their information is used and disclosed — amongst other things. This requires businesses to have strong data governance programs — they have to know where consumer data is within their systems, be able to access and delete it, and understand the purposes for which it is being used and shared.
Some of these laws will also require privacy impact assessments or privacy risk assessments, where businesses must evaluate how they are using the data, what the potential privacy risks are, and document the controls in place to prevent privacy harms.
How can professionals interested in privacy and information security continue to stay on top of regulatory laws and best practices? What resources are most influential?
If you have legal and government affairs support within your organization, those are your best sources of updates. I rely on our government affairs team to tell me what bills I need to pay attention to, and then I work with our business teams to assess what the operational impacts will be.
If you don’t have those internal resources, industry trade groups are a great resource, along with the International Association of Privacy Professionals, which has a great site and reports on privacy and data security issues worldwide. In the U.S., the National Conference of State Legislators also does a good job of tracking state legislative efforts.
To see how regulators are thinking about security, the Federal Trade Commission and the California Attorney General provide guidance on what they consider to be “reasonable security” practices and also list the enforcement actions they have taken against companies and what the outcome was.
That, folks, is just a taste of the security intelligence you’ll be able to soak up at the event.
Here’s what else you can expect to get out of the conference:
- Gain valuable insights and knowledge on emerging data privacy laws
- Discover new approaches, trends and latest advancements in cybersecurity
- Interact with industry colleagues, educational and thought leaders
6 tips for women business owners attending the WBENC National Conference and Business Fair
Gov. Hogan creates CISO position for State of Maryland
Congressman: ‘No evidence’ that NSA cyberweapon was used in Baltimore
Building a data acquisition system? Don’t make this mistake
6 takeaways on the future of data privacy
NYT: Tool used in cyber attack on City of Baltimore was developed at Maryland-based NSA
Mayor: City of Baltimore will have to rebuild some IT systems to recover from cyber attack
How SmartLogic accelerated these startups’ product growth trajectories
Sign-up for daily news updates from Technical.ly Baltimore