In this episode of the SecurityANGLE, guest host Jo Peterson, member of theCUBE Collective community of independent analysts, is joined by Chuck Brooks, president of Brooks Consulting. In addition to his strategic consulting work, Brooks is also an adjunct professor at Georgetown University, where he teaches courses on risk management, homeland security, and cybersecurity, as well as a certificate course he designed on blockchain technologies for a conversation about cybersecurity regulation in 2024 and what's happening in that realm.
The conversation reflected on the events of 2023 around cybersecurity regulation including:
Legislative developments we expect to see moving forward as it relates to the regulation of privacy and data security
Discussion on whether we expect to see an increase in civil litigation around data privacy
Trends that pertain to government data collection
Comparison of the US's Executive Order on AI versus the EU AI Act, and how they differ
Thoughts on national regulation of data privacy in the US
US cybersecurity disclosure rules for public companies
Washington state's My Health, My Data Act and how this has modified the legal landscape, creating data privacy requirements focuses on personal health data for Washignton-based entities and whether we expect more states to follow suit on this
We also explored data minimization and shared what we believe every CISO needs to know about the obligations comprehensive state privacy laws impose on data controllers, who are entities that determine the means and purposes of processing personal consumer data. These obligations include things like data minimization, setting purpose limitations, requiring the maintenance of privacy policies, the requirement of maintaining reasonable administrative, having technical and physical data security controls in place, and contractually requiring processors of personal data or service providers to provide with the applicable law