Press "Enter" to skip to content

Broadband, disclosures, and the third anniversary of GDPR

In the US, Sen Ron Wyden is calling for Treasury to expand the investment from the American Rescue Plan to focus on communities without access to 100 Mbps upload and downlod, beyond the definition of “unserved” or “underserved” communities.     The call is to expand the definition from 25Mbps down and 3Mpbs up to 100Mbps up and down. 

In Europe, with the third anniversary of privacy law GDPR today, there are some studies on the impact.    The fear of group legal settlements following a serious data breach haunts 90% of security leaders, while 85% are more concerned about the threat of regulatory fines, according to an Egress  report.  It’s a real threat –  47% – of consumers said they would consider joining a class action lawsuit against an organization that leaked their personal data, and 67% were aware of their rights to take legal action under GDPR.   Egress found that 91% of security leaders said they were turning to specialist insurance providers to cover them against cyber incidents and data breaches, or had already upgraded existing policies since GDPR came in.

This is supported by some data from Splunk, indicating 84% of global organizations have suffered a serious security incident over the past two years, and 78% are concerned about more sophisticated supply chain attacks coming in the future.  

The Australian government is also considering mandatory reporting for cybercrime incidents.    This per the Home Affairs head, who indicated this is considered “an extension of the cyber security strategy” released last year.  

Why do we care?

Europe is important to watch as governments there are leading the way on privacy related legislation.    To get a sense of what things may look like in the future, look to Europe.     As I’ve spoken a lot about accountability and incentives lately, when there are guard rails that keep organizations within the bounds, those leaders take the guidance a lot more seriously.

Insurance alone isn’t the answer – but when you couple that with the personal and corporate responsibility imposed by a law like GDPR… from my vantage point, we’re at least seeing somewhat different outcomes.      

Change the incentives, change the outcomes.   But to do that… IT services companies need to ask harder questions about the incentives of those they work with.