This chapter offers a practitioner-focused guide to data privacy and cybersecurity. The chapter connects global legal requirements to operational controls and ethical stewardship standards. The chapter distills the core obligations of the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA) alongside sector and regional rules that emphasize consent, data minimization, purpose limitation, data-subject rights, vendor oversight, cross-border transfer controls, and timely breach notifications. Building on the Confidentiality–Integrity–Availability (CIA) model, the discussion translates policy into layered measures that can be used to combat data privacy and cybersecurity threats. Additionally, the chapter addresses high-impact threats, including malware, phishing/social engineering, distributed denial-of-service (DDoS), and insider risk, and shows how incident response playbooks, tabletop exercises, and resilient backup/recovery can be used to limit damage. The chapter also advocates for firm-level bias-aware training, pre-mortems, red flag teaming, and incentive alignment to reduce human-errors related to data privacy and cybersecurity. Frameworks such as NIST CSF, ISO 27001, and PCI DSS are presented. Risks associated with open-banking and API data sharing are discussed. Tools like robust authentication, authorization, and audit controls are presented. The chapter concludes with a practical model for embedding privacy-by-design and security-by-default systems into firm strategies and workflows to preserve client trust, ensure compliance, and improve operational resilience.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Data Privacy and Cybersecurity

  • Wookjae Heo,
  • John E. Grable

摘要

This chapter offers a practitioner-focused guide to data privacy and cybersecurity. The chapter connects global legal requirements to operational controls and ethical stewardship standards. The chapter distills the core obligations of the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA) alongside sector and regional rules that emphasize consent, data minimization, purpose limitation, data-subject rights, vendor oversight, cross-border transfer controls, and timely breach notifications. Building on the Confidentiality–Integrity–Availability (CIA) model, the discussion translates policy into layered measures that can be used to combat data privacy and cybersecurity threats. Additionally, the chapter addresses high-impact threats, including malware, phishing/social engineering, distributed denial-of-service (DDoS), and insider risk, and shows how incident response playbooks, tabletop exercises, and resilient backup/recovery can be used to limit damage. The chapter also advocates for firm-level bias-aware training, pre-mortems, red flag teaming, and incentive alignment to reduce human-errors related to data privacy and cybersecurity. Frameworks such as NIST CSF, ISO 27001, and PCI DSS are presented. Risks associated with open-banking and API data sharing are discussed. Tools like robust authentication, authorization, and audit controls are presented. The chapter concludes with a practical model for embedding privacy-by-design and security-by-default systems into firm strategies and workflows to preserve client trust, ensure compliance, and improve operational resilience.