In a recent Harvard Business Review article, New Laws on Data Privacy and Security Are Coming. Is Your Company Ready?, author Andrew Burt offers guidance for organizations juggling increasing privacy and security obligations and risks. Burt highlights the increase in legislation organizations should be mindful of?—including, California’s IoT law, Brazil’s data protection law, and India’s data protection law.
He offers several strategies for organizations to manage the current and coming risks and obligations.
- First, he suggests for organizations to evaluate their current level of security and processes for preventing privacy and security vulnerabilities; and the amount of time devoted to testing and maintaining software for risks. Doing so, he offers, will allow organizations to determine the amount of time and effort required to adequately secure systems.
- Second, he suggests for organizations to embed security into software design and deployment life cycle, and be able to demonstrate that “ that security and privacy controls are not simply an afterthought but are a core requirement in and of themselves.”
- Third, Bart suggests that organizations ensure that their privacy and security controls are proportional to “the volume and complexity of the code they seek to protect.”
See the full article here.