Module 1

Responsibilities and liabilities

This course will not delve deeply into the law, but note that companies and corporations have responsibilities and liabilities for the data they gather. Most have made a commitment, whether legally enforceable or not, to treat data gathered with the utmost care. In addition, laws and regulations govern the way these entities must secure their data and dictate the correct procedure to follow after a breach has occurred.

For example, the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) unifies and simplifies the regulations for data protection within the European Union. The GDPR replaces the current directive in this area, and has as its main objective in giving people control over their personal data. Furthermore, the regulation covers matters such as the export of personal data outside of the EU, sanctions for non-compliant parties, the right to erasure, and data breach reporting procedure. This regulation is in force as of the 25th of May, 2018.

The GDPR provides the first economical grounds for data protection: just as environmental regulations have internalized the cost of environmental damage to production, we may see the same happening with data protection. Insurance companies have also noticed the impending GDPR and have introduced various types of cyber security insurance which would cover some costs caused by a breach (for example a loss of profit).

:
Loading interface...
:
Loading interface...

Login to view the exercise

However, the law is for the law abiding; for a criminal it is just a deterrent. The Internet provides anonymity and distances the attacker from the victim, making it easier to step into the world of crime via the Internet. The commission of crimes via the Internet is commonly known as hacking. (When discussing hacking we do have to mention ethical hacking. An ethical hacker, like his criminal counterpart, is an expert who tries to penetrate a computer system, but the former does it with permission from the system owner in order to reveal security vulnerabilities that malicious actors could potentially exploit.)

You have reached the end of this section! Continue to the next section:

Remember to check your points from the ball on the bottom-right corner of the material!