Connect with us

Top Stories

Congratulations – You survived the GDPR email avalanche

Published

on

Congratulations - You survived the GDPR email avalanche

By James E. Lee

Complying with the new rules is so much complicated than that

It seems there has always been a fundamental disconnect between how the United States and the European Union view privacy and data security.  The newly enforceable EU General Data Privacy Regulation (GDPR) and its opt-in email rule is forcing a reckoning that could fundamentally change how data is collected, used, and protected around the globe.

 Fundamentally different approaches

James E. Lee

James E. Lee

In the US, privacy and security are largely treated as two separate issues. While privacy is a right rooted in the First Amendment to the US Constitution, it is subject to change by judicial interpretation or further amendment. The last comprehensive data protection law the US Congress passed was 32 years ago – the Computer Fraud and Abuse Act of 1986. Since then, new legislation has been more indirect – where improved data security was implied, not mandated, or left to the states to address.

In the European Union, privacy is considered a Human Right and data security an integral element of privacy.

Concepts like the “Right to be Forgotten” and “Privacy by Design” are bedrock beliefs in the EU that simply do not exist in the US (and many other parts of the world), creating a near constant conflict between the US government, the US private sector, and EU regulators.

It’s all about the data

US companies make billions of dollars collecting and selling consumer data with few requirements to obtain permission or share what information is collected and stored.On the other hand, EU companies are severely restricted in what information they can collect and how it can be used. The data is still considered to be the consumers’ information.  In the US, the information is owned by the company that collects the data.

When the original EU Privacy Directive adopted in 1995 failed to be the catalyst for companies to protect the privacy and data, the European Parliament adopted the General Data Privacy Regulation (GDPR) – an EU law that is binding on all member states.  (The United Kingdom has already passed legislation that enshrines the GDPR and will survive the so-called Brexit.)

Adopted in 2016, and enforceable as of 25 May 2018, the GDPR is wide ranging law.  Most of the attention and compliance effort, though, has focused on only two areas:  the requirement to give EU residents control over their information; and, the potential for significant fines.

The former resulted in inboxes filled to capacity prior to the deadline with mandatory opt-in emails in the EU or updated privacy policies outside the EU.  The latter has business leaders holding their collective breaths waiting to see who becomes the first organization worthy of fines of up to 20 million EUR or 4% of global sales, whichever is greater (!).

(As an aside, we may find out sooner rather than later. Lawsuits were immediately filed the day the GDPR was enforceable against major tech companies including Google and Facebook alleging their efforts fall short of GDPR compliance.)

Marketing databases have been cleansed and privacy policies have been updated.  The heavy lifting to comply with the GDPR is over, right?  Not by a long-shot.  Arguably, the real work is only starting.

More than just Opt-in

Chapter Four, Article 32 of the GDPR requires organizations subject to the law to take “appropriate technical and organisational measures to ensure a level of security appropriate to the risk. 

The terms being used to describe this requirement are “Privacy by Design” and “Security by Default.”In other words, privacy protection must be considered from the very beginning of the product development cycle and data security must be embedded in every product, process, and service.

Let’s not forget about those big fines for violating the GDPR.  Enforcement actions are based on a company’s failure to comply, not just when a breach occurs as is usually the case in the US.  “Failing to ensure a level of security appropriate to the risk” can take many forms, but we already know of one threat that is particularly problematic for software dependent businesses:  failure to patch known software flaws on a timely basis.

One vulnerability management vendor claims that 86% of high severity flaws go unpatched for 30 days or more in web applications.  Oracle executives, whose company offers the world’s most popular software development language, saytheircustomers lag in patching by months if not years.

That was the state of play in early 2018 when the United Kingdom’s Information Commissioner’s Office (ICO) issued a fine against Carphone Warehouse for a breach, citing a “seriously inadequate” patching program.  The ICO also issued additional guidance:

“Under the General Data Protection Regulation taking effect from May 25 this year, there may be some circumstances where organizations could be held liable for a breach of security that relates to measures, such as patches, that should have been taken previously.”

That’s an enormous task. With an estimated 111 billion new lines of code written each year and the US National Vulnerability Database growing at an average rate of one new software flaw reported every 30 minutes, there simply is not enough time or fingers-on-keyboards to fix known software flaws before hackers can exploit the bugs.  New technologies like real-time patching where software code is fixed on the fly without downtime or expensive, time consuming source code changes are proven to offer better, faster, cheaper protection for organizations of all sizes.

One other area where organizations are likely to struggle is the 72-hour reporting provision in the event of a breach.  While it takes attackers less than a week on average to penetrate organizations and begin to extract consumer data, it takes the targeted company more than six monthsto learnthey’ve been attacked.  It can take another three months to stop the attackand fix the problem according to research from the Ponemon Institute.

Even the most sophisticated organizations with cutting edge protections struggle with rapidly detecting and assessing the depth and breadth of an attack.  The information initially gathered almost always needs to be updated as cybersecurity experts learn more about what happened.Think of all the cybersecurity attacks that turned out to be worse than first reported.

Yet, the GDPR requires company officials to alert regulators within 72 hours of any data breach that could cause harm to a consumer.  Rapidly patching known software flaws can be fixed with new technology.  Rapidly informing government regulators will require significant adjustments to company cultures and behaviors.  Think of the companies that paid hackers rather than fess-up or only reported a breach after many months or years later.  Doing so within hours requires a seismic shift in attitude and approach.

What next?

While companies subject to GDPR work through the rest of the compliance requirements, the ripple effect is in full force.  The New York Department of Financial Services has already adopted the 72-hour reporting rule and annual risk assessments to name two GDPR concepts. California is considering the strictest privacy and data security law in the US, including the potential for payments of $1000 to each consumer impacted by a breach.

Like the laws and regulations that came before them, some organizations will embrace them willingly and some with fight them vigorously. Ultimately, though, regulations can only create an environment for improvement. They do not improve privacy or security.  People and technology do.

James E. Lee is the Executive Vice President of Waratek, a leading application security company.  He is also the former Chair of the US-based Identity Theft Resource Centerand an executive at ChoicePoint, the first US company to issue a nationwide data breach notice in 2005.

Top Stories

Airbus CEO urges trade war ceasefire, easing of COVID travel bans

Published

on

Airbus CEO urges trade war ceasefire, easing of COVID travel bans 1

By Tim Hepher

PARIS (Reuters) – The head of European planemaker Airbus called on Saturday for a “ceasefire” in a transatlantic trade war over aircraft subsidies, saying tit-for-tat tariffs on planes and other goods had aggravated damage from the COVID-19 crisis.

Washington progressively imposed import duties of 15% on Airbus jets from 2019 after a prolonged dispute at the World Trade Organization, and the EU responded with matching tariffs on Boeing jets a year later. Wine, whisky and other goods are also affected.

“This dispute, which is now an old dispute, has put us in a lose-lose situation,” Airbus Chief Executive Guillaume Faury said in a radio interview.

“We have ended up in a situation where wisdom would normally dictate that we have a ceasefire and resolve this conflict,” he told France Inter.

Boeing was not immediately available for comment.

Brazil, which has waged separate battles with Canada over subsidies for smaller regional jets, on Thursday dropped its own complaint against Ottawa and called for a global peace deal between producing nations on support for aerospace.

Faury said the dispute with Boeing was particularly damaging during the COVID-19 pandemic, which has badly hit air travel and led to travel restrictions or border closures. He expressed particular concern about widening bans within Europe.

“We are extremely frustrated by the barriers that restrict personal movement and it is almost impossible today to travel in Europe by plane, even domestically,” he said.

“The priority no. 1 for countries in general is to reopen frontiers and allow people to travel on the basis of tests and then eventually vaccinations.”

The comments come as businesses increase pressure on governments to reopen economies as coronavirus vaccine roll-outs gather pace across Europe.

France has defended recently introduced border restrictions, saying they will help the government avoid a new lockdown and stay in force until at least the end of February.

Germany installed border controls with the Czech Republic and Austria last Sunday, drawing protest from Austria and concerns about supply-chain disruptions.

Berlin calls the move a temporary measure of last resort.

Poland said on Saturday it had not ruled out imposing restrictions at the country’s borders with Slovakia and the Czech Republic due to rising COVID-19 cases.

(Reporting by Tim Hepher; Editing by Kirsten Donovan)

Continue Reading

Top Stories

Why a predictable cold snap crippled the Texas power grid

Published

on

Why a predictable cold snap crippled the Texas power grid 2

By Tim McLaughlin and Stephanie Kelly

(Reuters) – As Texans cranked up their heaters early Monday to combat plunging temperatures, a record surge of electricity demand set off a disastrous chain reaction in the state’s power grid.

Wind turbines in the state’s northern Panhandle locked up. Natural gas plants shut down when frozen pipes and components shut off fuel flow. A South Texas nuclear reactor went dark after a five-foot section of uninsulated pipe seized up. Power outages quickly spread statewide – leaving millions shivering in their homes for days, with deadly consequences.

It could have been far worse: Before dawn on Monday, the state’s grid operator was “seconds and minutes” away from an uncontrolled blackout for its 26 million customers, its CEO has said. Such a collapse occurs when operators lose the ability to manage the crisis through rolling blackouts; in such cases, it can take weeks or months to fully restore power to customers.

Monday was one of the state’s coldest days in more than a century – but the unprecedented power crisis was hardly unpredictable after Texas had experienced a similar, though less severe, disruption during a 2011 cold snap. Still, Texas power producers failed to adequately winter-proof their systems. And the state’s grid operator underestimated its need for reserve power capacity before the crisis, then moved too slowly to tell utilities to institute rolling blackouts to protect against a grid meltdown, energy analysts, traders and economists said.

Early signs of trouble came long before the forced outages. Two days earlier, for example, the grid suddenly lost 539 megawatts (MW) of power, or enough electricity for nearly 108,000 homes, according to operational messages disclosed by the state’s primary grid operator, the Electric Reliability Council of Texas (ERCOT).

The crisis stemmed from a unique confluence of weaknesses in the state’s power system.

Texas is the only state in the continental United States with an independent and isolated grid. That allows the state to avoid federal regulation – but also severely limits its ability to draw emergency power from other grids. ERCOT also operates the only major U.S. grid that does not have a capacity market – a system that provides payments to operators to be on standby to supply power during severe weather events.

After more than 3 million ERCOT customers lost power in a February 2011 freeze, federal regulators recommended that ERCOT prepare for winter with the same urgency as it does the peak summer season. They also said that, while ERCOT’s reserve power capacity looked good on paper, it did not take into account that many generation units could get knocked offline by freezing weather.

“There were prior severe cold weather events in the Southwest in 1983, 1989, 2003, 2006, 2008, and 2010,” Federal Energy Regulatory Commission and North American Electric Reliability Corp staff summarized after investigating the state’s 2011 rolling blackouts. “Extensive generator failures overwhelmed ERCOT’s reserves, which eventually dropped below the level of safe operation.”

ERCOT spokeswoman Leslie Sopko did not comment in detail about the causes of the power crisis but said the grid’s leadership plans to re-evaluate the assumptions that go into its forecasts.

The freeze was easy to see coming, said Jay Apt, co-director of the Carnegie Mellon Electricity Industry Center.

“When I read that this was a black-swan event, I just have to wonder whether the folks who are saying that have been in this business long enough that they forgot everything, or just came into it,” Apt said. “People need to recognize that this sort of weather is pretty common.”

This week’s cold snap left 4.5 million ERCOT customers without power. More than 14.5 million Texans endured a related water-supply crisis as pipes froze and burst. About 65,000 customers remained without power as of Saturday afternoon, even as temperatures started to rise, according to website PowerOutage.US.

State health officials have linked more than two dozen deaths to the power crisis. Some died from hypothermia or possible carbon monoxide poisoning caused by portable generators running in basements and garages without enough ventilation. Officials say they suspect the death count will rise as more bodies are discovered.

THIN POWER RESERVE

In the central Texas city of Austin, the state capital, the minimum February temperature usually falls between 42 and 48 degrees Fahrenheit (5 to 9 degrees Celsius). This past week, temperatures fell as low as 6 degrees Fahrenheit (-14 degrees Celsius).

In November, ERCOT assured that the grid was prepared to handle such a dire scenario.

“We studied a range of potential risks under both normal and extreme conditions, and believe there is sufficient generation to adequately serve our customers,” said ERCOT’s manager of resource adequacy, Pete Warnken, in a report that month.

Warnken could not be reached for comment on Saturday.

Under normal winter conditions, ERCOT forecast it would have about 16,200 MW of power reserves. But under extreme conditions, it predicted a reserve cushion of only about 1,350 MW. That assumed only 23,500 MW of generation outages. During the peak of this week’s crisis, more than 30,000 MW was forced off the grid.

Other U.S. grid operators maintain a capacity market to supply extra power in extreme conditions – paying operators on an ongoing basis, whether they produce power or not. Capacity market auctions determine, three years in advance, the price that power generators receive in exchange for being on emergency standby.

Instead, ERCOT relies on a wholesale electricity market, where free market pricing provides incentives for generators to provide daily power and to make investments to ensure reliability in peak periods, according to economists. The system relied on the theory that power plants should make high profits when energy demand and prices soar – providing them ample money to make investments in, for example, winterization. The Texas legislature restructured the state’s electric market in 1999.

LOOMING CRISIS

Since 2010, ERCOT’s reserve margin – the buffer between generation capacity versus forecasted demand – has dropped to about 10% from about 20%. This has put pressure on generators during demand spikes, making the grid less flexible, according to North American Electric Reliability Corporation (NERC), a nonprofit regulator.

That thin margin for error set off alarms early Monday morning among energy traders and analysts as they watched a sudden drop in the electrical frequency of the Texas grid. One analyst compared it to watching the pulse of a hospital patient drop to life-threatening levels.

Too much of a drop is catastrophic because it would trigger automatic relay switches to disconnect power sources from the grid, setting off uncontrolled blackouts statewide. Dan Jones, an energy analyst at Monterey LLC, watched from his home office in Delaware as the grid’s frequency dropped quickly toward the point that would trigger the automatic shutdowns.

“If you’re not in control, and you are letting the equipment do it, that’s just chaos,” Jones said.

By Sunday afternoon about 3:15 p.m. (CST), ERCOT’s control room signaled it had run out of options to boost electric generation to match the soaring demand. Operators issued a warning that there was “no market solution” for the projected shortage, according to control room messages published by ERCOT on its website.

Adam Sinn, president of Houston-based energy trading firm Aspire Commodities, said ERCOT waited far too long to start telling utilities to cut customers’ power to guard against a grid meltdown. The problems, he said, were readily apparent several days before Monday.

“ERCOT was letting the system get weaker and weaker and weaker,” Sinn said in an interview. “I was thinking: Holy shit, what is this grid operator doing? He has to cut load.”

Sinn said he started texting his friends on Sunday night, warning them to expect widespread outages.

‘SECONDS AND MINUTES’

Early Monday morning, one of the largest sources of electricity in the state – the unit 1 reactor at the South Texas Nuclear Generating Station – stopped producing power after the small section of pipe froze in temperatures that averaged 17 degrees Fahrenheit (9 degrees Celsius). The grid lost access to 1,350 MW of nuclear power – enough to power about 270,000 homes – after automatic sensors detected the frozen pipe and protectively shut down the reactor, said Victor Dricks, a spokesman for the U.S. Nuclear Regulatory Commission.

About 2:30 a.m. (CST), the South Plains Electric Cooperative in Lubbock said it received a phone call from ERCOT to cut power to its customers. Inside the ERCOT control room, staff members scrambled to call utilities and cooperatives statewide to tell them to do the same, according to operational messages disclosed by the grid operator.

Three days later, ERCOT Chief Executive Bill Magness acknowledged that the grid operator had only narrowly avoided the calamity of uncontrolled blackouts.

“If we hadn’t taken action,” he said on Thursday, “it was seconds and minutes (away), given the amount of generation that was coming off the system at the same time that the demand was still going up.”

(Reporting by Tim McLaughlin and Stephanie Kelly; additional reporting by Nichola Groom; editing by Simon Webb and Brian Thevenot)

Continue Reading

Top Stories

UK could declare Brexit ‘water wars’ – The Telegraph

Published

on

UK could declare Brexit 'water wars' - The Telegraph 3

(Reuters) – Britain could restrict imports of European mineral water and several food products under retaliatory measures being considered by ministers over Brussels’ refusal to end its blockade on British shellfish, the Telegraph reported.

Senior government sources pointed to potential restrictions on the importing of mineral water and seed potatoes, the report said.

(Reporting by Maria Ponnezhath in Bengaluru; Editing by Daniel Wallis)

Continue Reading
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Call For Entries

Global Banking and Finance Review Awards Nominations 2021
2021 Awards now open. Click Here to Nominate

Latest Articles

Former Bank of England Governor Carney joins board of digital payments company Stripe 4 Former Bank of England Governor Carney joins board of digital payments company Stripe 5
Finance13 hours ago

Former Bank of England Governor Carney joins board of digital payments company Stripe

By Kanishka Singh (Reuters) – Mark Carney, former head of the UK and Canadian central banks, has joined the board...

Airbus CEO urges trade war ceasefire, easing of COVID travel bans 6 Airbus CEO urges trade war ceasefire, easing of COVID travel bans 7
Top Stories13 hours ago

Airbus CEO urges trade war ceasefire, easing of COVID travel bans

By Tim Hepher PARIS (Reuters) – The head of European planemaker Airbus called on Saturday for a “ceasefire” in a...

Why a predictable cold snap crippled the Texas power grid 8 Why a predictable cold snap crippled the Texas power grid 9
Top Stories13 hours ago

Why a predictable cold snap crippled the Texas power grid

By Tim McLaughlin and Stephanie Kelly (Reuters) – As Texans cranked up their heaters early Monday to combat plunging temperatures,...

UK could declare Brexit 'water wars' - The Telegraph 10 UK could declare Brexit 'water wars' - The Telegraph 11
Top Stories13 hours ago

UK could declare Brexit ‘water wars’ – The Telegraph

(Reuters) – Britain could restrict imports of European mineral water and several food products under retaliatory measures being considered by...

Commerzbank to lose 1.7 million clients by 2024 - Welt am Sonntag 12 Commerzbank to lose 1.7 million clients by 2024 - Welt am Sonntag 13
Banking13 hours ago

Commerzbank to lose 1.7 million clients by 2024 – Welt am Sonntag

FRANKFURT (Reuters) – Commerzbank expects to lose 1.7 million customers by 2024 as part of its current restructuring, resulting in...

Bitcoin and ethereum prices 'seem high,' says Musk 14 Bitcoin and ethereum prices 'seem high,' says Musk 15
Top Stories13 hours ago

Bitcoin and ethereum prices ‘seem high,’ says Musk

(Reuters) – Billionaire CEO Elon Musk said on Saturday the price of bitcoin and ethereum seemed high, at a time...

Sunak to raise business tax to pay for COVID-19 support - The Sunday Times 16 Sunak to raise business tax to pay for COVID-19 support - The Sunday Times 17
Business13 hours ago

Sunak to raise business tax to pay for COVID-19 support – The Sunday Times

(Reuters) – British finance minister Rishi Sunak is set to increase a tax on business to pay for an extension...

FTSE Russell to include 11 stocks from China's STAR Market in global benchmarks 18 FTSE Russell to include 11 stocks from China's STAR Market in global benchmarks 19
Trading1 day ago

FTSE Russell to include 11 stocks from China’s STAR Market in global benchmarks

SHANGHAI (Reuters) – Index provider FTSE Russell will add 11 stocks from China’s STAR Market to its global benchmarks, according...

Foxconn chairman says expects "limited impact" from chip shortage on clients 20 Foxconn chairman says expects "limited impact" from chip shortage on clients 21
Business1 day ago

Foxconn chairman says expects “limited impact” from chip shortage on clients

TAIPEI (Reuters) – The chairman of Apple Inc supplier Foxconn said on Saturday he expects his company and its clients...

Bitcoin, ether hit fresh highs 22 Bitcoin, ether hit fresh highs 23
Top Stories2 days ago

Bitcoin, ether hit fresh highs

SINGAPORE (Reuters) – Bitcoin hit a fresh high in Asian trading on Saturday, extending a two-month rally that saw its...

Newsletters with Secrets & Analysis. Subscribe Now