Terbium Labs recently participated in Dynamic Connections 2019, an annual conference put on by General Dynamics Missions Systems. The conference brought in more than a thousand practitioners from around the world for a week-long event filled with in-depth product training, industry presentations, and expert panel discussions. At Dynamic Connections, we found government and defense organizations focused on the same issues as their counterparts in the broader security industry: privacy, legislation, building resilient solutions to keep end users safe.
Over the course of the week, multiple sessions addressed the ongoing issues of data privacy regulations and security compliance standards, as organizations – particularly those handling sensitive information for government or military operations – find themselves in a maze of existing requirements and a steady barrage of new standards. An afternoon panel focused on domestic and global data protection regulations brought together industry practitioners and legal experts to navigate the proliferation of data privacy legislation. The panel included General Dynamics representatives like Sharon Dunbar, VP and General Manager of Federal Systems and Chuck Brooks, Principle Market Growth Strategist. Industry experts like David Levine, CSO at Ricoh USA Inc., and Peter Rubin, CISO at Tampa General Hospital, also spoke, along with Doug DePeppe of eosedge Legal, an attorney who formerly served as a White House policy advisor.
DePeppe’s message stood out, cutting through the noise of regulation to get to the heart of the issue. “The trend is not compliance,” he said. “The trend is data privacy.” Throughout the session, DePeppe referenced the General Data Privacy Legislation that came into force last year, along with the legislative trends developing in the United States with California’s data privacy law and recent decisions about consumer data protections from Pennsylvania’s Supreme Court, to name a few. He noted that law is a “trailing indicator” and a mechanism to restore imbalance, as is the case with data security where organizations face “catastrophic risk” and few legislative consequences. Misaligned incentives lead organizations to avoid implementing the appropriate security standards to achieve or maintain compliance. “These companies have to have their AAA moment,” DePeppe stressed, “breaking down on the highway before they take action.”
Once companies achieve compliance, they may still fall several steps short of meeting their duty of care. Duty of care is a moving target, and organizations focused on following the bare minimum of compliance standards are likely to face ongoing data security issues, and may face broader data ethics issues as well. Unfortunately, organization can be technically compliant with all rules and regulations and still be wholly negligent with consumer or employee data.
At Terbium Labs, we’re glad to see data security and data privacy at the forefront conversations about exposure, compromise, and risk. Terbium Labs remains committed to privacy first in data security solutions; that’s why we designed Matchlight with privacy in mind, and why we’ve built our organization around ethical, private data solutions that create a more secure world for our clients and their customers.