Penetration Testing with Kali Linux OffSec
|
|
General Data Protection Regulation
(GDPR) 92 is a law adopted by the European Union 93 in 2016 that regulates data privacy and security. It applies to the private sector and most public sector entities that collect and process personal data. It provides individuals with a wide set of rights over their data including the well-known “right to be forgotten” and other rights related to notifications of data breaches and portability of data between providers. GDPR outlines a strict legal baseline for processing personal data. For example, personal data may be processed only if the data subject has given consent, to comply with legal obligations, to perform certain tasks in the public interest, or for other “legitimate interests”. For businesses that process data on a large scale or for whom data processing is a core operation, a data protection officer - who is responsible for overseeing data protection - must be appointed. GDPR also establishes an independent supervisory authority to audit and enforce compliance with these regulations and administer punishment for non-compliance. The fines for violating these regulations are very high: a maximum of 20 million Euros or 4% of revenue (whichever is higher), plus any additional damages that individuals may seek. One unique aspect of GDPR is that it applies to any entity collecting or processing data related to people in the European Union, regardless of that entity’s location . At the time of its adoption, it was considered the most strict data privacy law in the world and has since become a model for a number of laws and regulations enacted around the globe. Key disclosure laws 94 are laws that compel the disclosure of cryptographic keys or passwords under specific conditions. This is typically done as part of a criminal investigation when seeking evidence of a suspected crime. A number of countries have adopted key disclosure laws requiring disclosure under varying conditions. For instance, Part III of the United Kingdom’s Regulation of Investigatory Powers Act 2000 (RIPA) 95 grants authorities the power to force suspects to disclose decryption keys or decrypt data. Failure to comply is punishable by a maximum of two years in prison or five years if a matter of national security or child indecency is involved. CCPA : The California Consumer Privacy Act of 2018 (CCPA) 96 is a Californian law granting residents of the state certain privacy rights concerning personal information held by for-profit businesses. One of these rights is the “right to know”, which requires business to to disclose to consumers, upon request, what personal information has been collected, used, and sold about them, and why. The “right to opt-out” also allows consumers to request that their personal information not be sold, something that must, with few exceptions, be approved. Another right is the “right to delete”, which allows consumers to request that businesses delete collected personal 92 (Proton AG, 2022), https://gdpr.eu/what-is-gdpr/ 93 (EU, 2022), https://eur-lex.europa.eu/legal-content/EN/LSU/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG 94 (Wikipedia, 2022), https://en.wikipedia.org/wiki/Key_disclosure_law 95 (Open Rights, 2021), https://wiki.openrightsgroup.org/wiki/Regulation_of_Investigatory_Powers_Act_2000/Part_III 96 (SoC DoJ, 2022), https://oag.ca.gov/privacy/ccpa Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 52 information. In this case, however, there are a number of exceptions that allow business to decline these requests. 3.5.2 Standards and Frameworks PCI DSS : The Yüklə Dostları ilə paylaş:
|