The new legislation also makes “data protection by design” a legal requirement, as well as the use of data protection impact assessments.The ICO has promoted privacy by design for years, and there’s plenty of guidance on our website.We are co-ordinating our communications, guidance and incident responses with them, so that we can respond to large-scale data breaches appropriately.For example, the NCSC co-ordinated the national response to the Equifax breach, and the ICO was involved as the regulator.
We fully accept that cyberattacks are a criminal act.
If I seem a little comfortable in this spot, it’s perhaps because only three days ago I was right here welcoming people to our 2018 data protection practitioner conference.
Data security and data privacy have always been linked. All modern data protection principles include an obligation to protect personal data.
Or the opportunist thief who understands the value of the data you hold and knows how to get their hands on it. But today’s conference is called “building the cyber security community”.
Had Talk Talk and Carphone Warehouse implemented rudimentary protections attackers would not have gained access to their systems. So I would like to discuss that, with one caveat: where you say community, I say communities.