The Law Offices of Mary N. Chaney, P.L.L.C.
The Cyber Security Law Firm of Texas

Mary's Blog

The Breach Whisperer

About Mary....

Mary N. Chaney, Esq., CISSP® is a former Special Agent for the FBI where she investigated cybercrime, a seasoned corporate executive that built and operated information security teams and now a cybersecurity attorney.

As a self-described “Breach Whisperer” our firm can train your company to properly prepare for your eventual breach!

The overall goal of our firm is to use our wealth of knowledge and expertise to help support, translate and advise, Boards of Directors, CIO's, CISO's and General Counsel's on how to legally protect their company from cyber related risk.

Blog Entries


 

Is GDPR Understanding A Training/Awareness or Cultural Issue?

Read Article Here

Sometimes I read these statistical articles and the reaffirm my knowledge and experience, unfortunately, the attached is no exception. Training and awareness are still an issue with U.S. based employees. The fact that 84% of employees surveyed in the U.S. have never heard of GDPR, 90% unaware of the California Consumer Protection Act and 97% unaware of the Vermont’s data privacy law, although possibly understandable is of concern. Especially when approximately 65% said they deal with sensitive data daily. This comes as no real surprise as, in my opinion, most US based companies, despite their global nature, don’t really train employees on how to handle sensitive data.

If I think about it, I have had security awareness training, but I really don’t recall any specific privacy awareness training. Training on how to be aware of and handle data that comes into an organization. The fact that most companies are horrible at data classification supports this as well. I think it may be assumed that employees that receive annual cyber security awareness training will get both the cyber security and privacy aspects. But I believe this is just another case of losing site of the data… i.e. the information part of information security.

It is also interesting that in the attached article that 43% of the respondents in the U.S. felt that a technical solution was the answer, while only 4% of respondents in the UK felt technology was the answer. This too points to a cultural distinction as to how to people believe the challenges of cyber security and privacy can be solved. Say it with me…. technology cannot solve security’s problems because technology IS security’s problem!