For the last five years, Forrester has issued a heat map illustrating the privacy protection guidelines and practices of 54 different countries. It brings to light some overall trends that are emerging on the global scale.

Contradicting Trends

There are two seemingly contradictory trends. While governments increased protection of personally identifiable information (PII) for their citizens in the commercial area, they also made it easier for law enforcement to obtain this same information.

SecurityWeek noted that the European Union’s (EU) General Data Protection Regulation (GDPR) exemplifies this contradiction. These regulations strictly control how enterprises use PII; simultaneously, the EU is introducing new surveillance legislation that will greatly increase the government’s ability to monitor its citizens.

Some of these trends may not be readily apparent to those outside the EU. The Netherlands and Finland, for example, have the most restrictive privacy regulations in place, according to the heat map. Those countries are quick to hold a business accountable for improper PII use within the enterprise, but they are also enacting laws that enable their governments to perform surveillance on citizens.

“The balance between security intelligence and personal privacy continues to pit governments against citizens,” Forrester analyst Chris Sherman wrote in Forbes.

Preliminary Preparations for Privacy Protection

Forrester found that other countries were using the European standard as the model for their own legislation on data privacy. Some countries even established new governmental bodies to enforce privacy, such as Japan with its Privacy Protection Commission.

Additionally, enterprises expect the GDPR to affect business on a global scale. The GDPR will apply to foreign companies that do business in the EU or collect EU residents’ data. That means the EU can penalize foreign firms for noncompliance once the compliance date has passed.

South Korea followed the GPDR spirit in March by imposing stiff penalties on telecommunications companies and online service providers for privacy violations. This shows that foreign companies that do business in the EU are trying to establish conformance with the GPDR — despite not being directly governed by those regulations — so that their business can continue and grow in the new environment.

U.S. companies doing business in the EU will surely be affected as well. Companies will have to rethink and retool their data privacy practices to continue to do business in the EU; that will be true no matter where a company is based.

May 2018 is the deadline for full compliance with GDPR.

More from

Who Carries the Weight of a Cyberattack?

Almost immediately after a company discovers a data breach, the finger-pointing begins. Who is to blame? Most often, it is the chief information security officer (CISO) or chief security officer (CSO) because protecting the network infrastructure is their job. Heck, it is even in their job title: they are the security officer. Security is their responsibility. But is that fair – or even right? After all, the most common sources of data breaches and other cyber incidents are situations caused…

Transitioning to Quantum-Safe Encryption

With their vast increase in computing power, quantum computers promise to revolutionize many fields. Artificial intelligence, medicine and space exploration all benefit from this technological leap — but that power is also a double-edged sword. The risk is that threat actors could abuse quantum computers to break the key cryptographic algorithms we depend upon for the safety of our digital world. This poses a threat to a wide range of critical areas. Fortunately, alternate cryptographic algorithms that are safe against…

Abuse of Privilege Enabled Long-Term DIB Organization Hack

From November 2021 through January 2022, the Cybersecurity and Infrastructure Security Agency (CISA) responded to an advanced cyberattack on a Defense Industrial Base (DIB) organization’s enterprise network. During that time frame, advanced persistent threat (APT) adversaries used an open-source toolkit called Impacket to breach the environment and further penetrate the organization’s network. Even worse, CISA reported that multiple APT groups may have hacked into the organization’s network. Data breaches such as these are almost always the result of compromised endpoints…

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…