
ISO 27001 certification does not fully satisfy India's Digital Personal Data Protection (DPDP) Act 2023 obligations. Seven key compliance gaps are identified: consent management (ISO 27001 has no consent framework), individual privacy rights and notices, purpose limitation beyond data classification, regulator-specific breach notification timelines, cross-border data transfer restrictions, accountability structures for Data Fiduciaries vs. processors, and time-bound data erasure tied to purpose fulfillment. Organizations must layer dedicated privacy governance on top of their ISO 27001 ISMS to meet DPDP requirements and avoid penalties up to Rs 250 crore.
Nguồn: https://securityboulevard.com/2026/07/dpdp-compliance-gaps-iso-27001-doesnt-cover. 8sync News chỉ tóm tắt và dẫn link; bản quyền nội dung thuộc tác giả và nguồn gốc.
Tòa án Tối cao Mỹ hủy phán quyết Trump v. Slaughter, khiến FTC mất quyền độc lập, phá vỡ nền tảng pháp lý của EU-US Data Privacy Framework. Nhóm vận động quyền riêng tư noyb kêu gọi Ủy ban châu Âu hủy quyết định phù hợp và ngừng sử dụng dịch vụ đám mây Mỹ, trong khi các doanh nghiệp sử dụng SCCs/BCRs cũng bị ảnh hưởng do đánh giá tác động dựa trên cơ quan hành pháp Mỹ. noyb dự định kiện lên Tòa án Công lý EU (CJEU) trong 2-3 năm tới.
Lập trình viên nên đọc bài này vì quyết định của Tòa án Tối cao Mỹ phá hủy cơ sở pháp lý của Chương trình Bảo vệ Thông tin EU-Mỹ, ảnh hưởng trực tiếp đến các quy trình bảo mật dữ liệu trong các ứng dụng cloud và hệ thống chuyển dữ liệu quốc tế của các công ty.
Công cụ phân tích web miễn phí và mã nguồn mở Offen Fair Web Analytics cho phép người dùng tự lưu trữ, bảo vệ quyền riêng tư dữ liệu theo GDPR, đồng thời cung cấp quyền kiểm soát hoàn toàn đối với dữ liệu thu thập.
Là người phát triển muốn bảo vệ quyền riêng tư của người dùng và tuân thủ luật GDPR trong ứng dụng web của mình, Offen Fair Web Analytics là giải pháp mở nguồn, tự chủ, và minh bạch để tối ưu hóa phân tích dữ liệu mà không vi phạm quy định.
Twenty months into the EU's deregulation campaign, neither industry nor digital-rights groups are satisfied with the results. Businesses say the 'simplification' drive is too slow and complicated, while privacy advocates warn the Digital Omnibus weakens hard-won protections like GDPR and the AI Act. The AI Omnibus, approved in June, delays high-risk AI obligations, creates new grounds for training AI on personal data, and drops an AI-literacy requirement — changes industry lobbied for but critics call a rollback. Some firms now want a multi-year regulatory freeze rather than continued churn, and others argue energy costs were the real problem all along. The underlying tension between competitiveness and rights protection remains unresolved.
Post-quantum cryptography (PQC) is now an urgent concern as adversaries use 'Harvest Now, Decrypt Later' (HNDL) attacks to collect encrypted data today for future decryption. NIST finalized its first three PQC standards in August 2024, with a US government deadline of 2030 for federal agencies. Most cloud environments have cryptographic blind spots with quantum-vulnerable RSA and ECC algorithms embedded across workloads, services, and third-party dependencies. Orca Security has launched a PQC compliance framework that provides agentless, continuous visibility into where vulnerable algorithms exist across cloud environments, maps findings to NIST PQC standards, and organizes them by urgency to help teams build a migration roadmap.
Troy Hunt discusses the futility of data removal services that claim to scrub personal information from data brokers after a breach. He argues that once data is leaked, it cannot truly be removed, and criticizes marketing efforts by data removal companies that seek product placement on breach-related content without understanding this reality.
A survey by Wire of IT professionals in the UK, France, and Germany reveals a significant gap between confidence and reality in collaboration security. While 84% feel confident in their collaboration environments, only 29% say their tools are fully suitable for sensitive communications, 61% report stale file access permissions, and 34% struggle to track who has access to sensitive files. Key issues include widespread shadow IT use (consumer apps like WhatsApp for official work), lack of governance for external collaboration, and fragmented tool stacks that make granular access control difficult. Wire assesses most organizations as mid-maturity, with policy foundations in place but lacking closed-loop control between policy, workflow, and demonstrable enforcement.
Meta CTO Andrew Bosworth has explained that the company's controversial Model Capability Initiative — a program that logged keystrokes and mouse movements of US employees to train AI models — was paused after a researcher internally moved sensitive employee data to an unauthorized location. Bosworth clarified there was no external breach, but the data landed somewhere it shouldn't have within Meta's systems. The program, which faced fierce internal backlash including a 1,600-employee petition and GDPR concerns in Europe, also hit a scientific snag: it was collecting too much redundant data rather than the varied data AI models actually need. Meta subsequently expanded opt-out options, softening its original no-opt-out policy. The investigation is ongoing and the future of the program remains uncertain.
Fintech security teams face compounding cloud risks from misconfigurations, lateral movement, compliance obligations (PCI-DSS, SOC 2, DORA), and third-party supply chain exposure. The post covers each risk category and maps it to platform capabilities: agentless SideScanning™ for workload-level visibility without agent overhead, automated compliance mapping across 180+ frameworks, DSPM for detecting exposed credentials and PII inside workloads, and attack path visualization for lateral movement. A comparison table contrasts agent-based vs. agentless deployment, and the post concludes by positioning Orca Security's CNAPP as a consolidated solution for all these risk categories.