Frost Brown Todd Podcast

GDPR, the European Union’s effort to protect personal data, has dominated the efforts of businesses to deal with personal data across borders. Less noticed is China’s evolving system of controlling, regulating and protecting the personal information of its people. On May 1, 2018, China issued standards for personal information protection.

In this podcast, the Data Privacy Detective turns a magnifying glass to how businesses located outside the EU can gather and use personal data that originates in the EU without violating the GDPR. Businesses inside the EU are actively working to bring their policies and procedures in line with the GDPR, with the benefit of many years of practice under the 1995 EU Directive that required EU countries to adopt laws based on a common background and similar principles to what becomes a directly binding regulation on May 25, 2018. For businesses beyond EU borders, how do they determine if GDPR’s extraterritorial reach affects them and what should they do about it?

Very private information about us can be extremely useful for medical research and other noble purposes – such as medical data that can be aggregated into a big database to help control and combat disease. But we’re reluctant to share our health and genetic details if we can be identified individually. How can we contribute to the big data need of public health and still preserve our individual privacy? Pseudonymous and anonymous coding is the answer, many say. But wait, does that too have risks? Join a conversation with Ken Morris, a leading entrepreneur, technologist and attorney, to explore this essential question. If you have ideas for more interviews or stories, please email [email protected].

The Data Privacy Detective talks about facial recognition technology, how it affects our privacy and what rights we have to fair use by the government. This episode will acquaint you with FIPPs and a law meant to ensure fair use by government on passports, videotapes and other images of our persona.

This podcast episode explores ransomware from preventive, legal, and communications angles. While there’s no 100% effective vaccination against a ransomware attack, there are steps enterprises and each of us can take to beware, prepare, and take care. Ransomware. It’s the modern equivalent of kidnapping – except people aren’t grabbed and held hostage. Instead, an enterprise has its computer and information system locked by a criminal. Data gets encrypted and unusable until and unless the organization pays a ransom to the thief, who is known only by a digital address and often demands untraceable payment in cryptocurrency. Ransomware is a type of malware – software installed in a system by an outside party for bad purposes. Unlike malware focused on stealing data, ransomware aims to extract a ransom payment in exchange for decrypting and restoring the victim’s data. From a criminal’s perspective, ransomware is a simpler, less expensive way to get money than malware that aims to export (or exfiltrate) and resell data. It can be an “in and out” operation, not requiring search, download, categorization, and reselling of purloined data. Despite this, because data has great value, Blackfog estimates that 70% of ransomware attacks include data exfiltration, so that the attacks not only temporarily freeze data usage but result in a release of personal and business data to third parties as secondary damage. Ransomware theft is rising. Security sector experts report a 7-times increase in ransomware attacks between 2019 and 2020, with the average ransom demand increasing more than 3 times the prior year’s figure. Blackfog predicts cybersecurity theft will approach $6 trillion for 2021. CrowdStrike’s comprehensive summary of 2020 and early 2021 reports a four-fold increase in interactive intrusions in the past two years, with 149 criminal syndicate followed as tracked actors on its list of named adversaries. Ransomware is organized crime on a massive and global scale. For units of government, businesses, and non-profits (like universities and hospitals), ransomware can strike like a rogue wave at sea. But it’s often an attack more like a time bomb, lying in wait until the criminal gang is ready to demand its ransom at a time of its choosing. And when this happens, it can immobilize the organization’s ability to operate. Immediate action is required. How do we get our data back? Do we pay the ransom? If we do, will we get the data back? Even then, how do we know it’s safe? How can we prevent this from happening again? If it does, how do we deal with the immediate issues, recoup the data, and ensure it’s clean and usable? If you have ideas for more interviews or stories, please email [email protected].