Privacy, Regulations, and Cybersecurity

Protect business value, stay compliant with global regulations, and meet stakeholder demands with this privacy how-to

Privacy, Regulations, and Cybersecurity: The Essential Business Guide is your guide to understanding what “privacy” really means in a corporate environment: how privacy is different from cybersecurity, why privacy is essential for your business, and how to build privacy protections into your overall cybersecurity plan.

First, author Chris Moschovitis walks you through our evolving definitions of privacy, from the ancient world all the way to the General Law on Data Protection (GDPR). He then explains—in friendly, accessible language—how to orient your preexisting cybersecurity program toward privacy, and how to make sure your systems are compliant with current regulations.

This book—a sequel to Moschovitis’ well-received Cybersecurity Program Development for Business—explains which regulations apply in which regions, how they relate to the end goal of privacy, and how to build privacy into both new and existing cybersecurity programs. Keeping up with swiftly changing technology and business landscapes is no easy task. Moschovitis provides down-to-earth, actionable advice on how to avoid dangerous privacy leaks and protect your valuable data assets.

• Learn how to design your cybersecurity program with privacy in mind
• Apply lessons from the GDPR and other landmark laws
• Remain compliant and even get ahead of the curve, as privacy grows from a buzzword to a business must
• Learn how to protect what’s of value to your company and your stakeholders, regardless of business size or industry
• Understand privacy regulations from a business standpoint, including which regulations apply and what they require
• Think through what privacy protections will mean in the post-COVID environment

Whether you’re new to cybersecurity or already have the fundamentals, this book will help you design and build a privacy-centric, regulation-compliant cybersecurity program.

Foreword vii

Preface ix

About the Author xiii

Acknowledgments xv

Part One—Privacy 1

Chapter 1 Understanding Privacy 3

Chapter 2 A (Very) Brief History of Privacy 9

Chapter 3 The Legal Case for Privacy (the Finer Print) 21

Part Two—Regulations 45

Chapter 4 Introduction to Regulations 47

Chapter 5 North American Regulations 57

Chapter 6 European Regulations 89

Chapter 7 Asia-Pacific Regulations 119

Chapter 8 African Regulations 145

Chapter 9 South American Regulations 161

Part Three—Privacy and Cybersecurity 171

Chapter 10 Introduction to Cybersecurity 173

Chapter 11 A Cybersecurity Primer 181

Chapter 12 Privacy-Centric Cybersecurity Program Overview 205

Chapter 13 Privacy by Design Overview 221

Chapter 14 Cover Your Assets! 235

Chapter 15 Threat Assessment 261

Chapter 16 Vulnerabilities 275

Chapter 17 Environments 287

Chapter 18 Controls 301

Chapter 19 Incident Response 321

Chapter 20 Welcome to the Future! Now, Go Home! 341

Bibliography 359

Index 377

CHRIS MOSCHOVITIS, CSXF, CISM, CGEIT, CDPSE, is the founder and CEO of tmg-emedia, an award-winning, technology consultancy established in 1989 in New York, serving clients worldwide. He is a prolific author and speaker sought-after for his ability to explain complex IT and cybersecurity topics in plain, actionable language. He is a member of IAPP, ISACA, and ISSA, as well as a member of the SUNY College at Brockport Foundation Board and One In Tech, an ISACA foundation promoting gender parity, equal access, and education in technology and cybersecurity. He can be reached at Chris.Moschovitis@tmgr.com.

Privacy. It's the inescapable issue as accelerating digital trends transform the world. Privacy and cybersecurity are related but not identical. Both are subject to regulations and compliance requirements involving much more than legal or IT to-do lists. Untangling these critical concepts—and the practical actions that must follow—is a daunting task. Privacy, Regulations, and Cybersecurity: The Essential Business Guide makes it possible to understand what all the privacy talk really means and what to do about it.

This book introduces readers to the concept of privacy, both from a commonsense perspective and from a legal perspective. Doing business today means data proliferates far and wide, faster than we can keep up with. Technology and business landscapes change so rapidly we might not know who has (or needs) access to what. Privacy leaks can lead to perilous situations; further, international regulations now recognize our customers and stakeholders have a fundamental right to privacy. As author Chris Moschovitis demonstrates, our cybersecurity programs need to be oriented toward privacy and regulation.

Moschovitis also shows us how to accomplish that intimidating goal in practical terms. This book—a sequel to his bestselling Cybersecurity Program Development for Business—covers which regulations apply in which regions, how they relate to the end goal of privacy, and how to build privacy into both new and existing cybersecurity programs. Readers learn how to apply lessons from Europe's General Data Protection Regulation (GDPR) and other landmark laws to remain compliant and even get ahead of the privacy curve.

Privacy and cybersecurity are about protecting what's of value to our companies and our stakeholders. It's time for businesses of all sizes and in all industries to look privacy in the face. Privacy, Regulations, and Cybersecurity is the perfect place to start.

PRAISE FOR PRIVACY, REGULATIONS, AND CYBERSECURITY

"Data is the new electricity, and every company will need it more and more to illuminate and run itself. However, in order to harness its power without getting electrocuted, every professional needs to be aware of the challenges of privacy, cybersecurity, and regulations. This book ensures your company harnesses the light and does not blow a fuse."
—Rishad Tobaccowala, author, Restoring the Soul of Business: Staying Human in the Age of Data

"In this turbulent world forever impacted by the 2020 perfect ESG+T (environment, society, governance, and technology) risk storm, Chris has delivered an incredibly readable, jampacked tour de force. This book is an eminently practical, positive and even humorous guide to all things privacy and cybersecurity that will ground you in all the essentials you need to know to survive and thrive today and tomorrow!"
—Andrea Bonime-Blanc, JD, PhD, Board Director, Global Strategist, and author;

CEO, GEC Risk Advisory

"The more we connect the world, the more we are enmeshed in it. How can companies and other organizations take advantage of the opportunities connection creates, without exploiting or invading what should be none of their business? How can regulators see and draw the line? What can individuals do to be both open and closed? Chris Moschovitis explores these topics with great technical expertise and a strong moral sensibility. This book is, as the subtitle says, an essential business guide."
—Thomas A. Stewart, Executive Director, National Center for the Middle Market

"Privacy and cybersecurity are 'religions' for most of us involved in their practice, and as Chris Moschovitis tell us, 'a religion must have a god.' His book takes us on a journey from the God of Silence to Samuel Warren and Louis Brandeis through to the Privacy-By-Design godlike character of Dr. Ann Cavoukian and is a must-read for anyone concerned with the proliferation of data and its use, the convergence of cybersecurity and privacy, and the need for privacy-centric security programs. It will help you to change your sliver of the world!"
—Jo Stewart-Rattray, Chief Security Officer, SilverChain

Visit: Cybersecurity-for-Business.com for more tools and information!