Tag: regulation

November 16, 2021

Future-Proofing for a Changing Privacy and Security Landscape

Recorded on November 10, 2021, this video features a conversation between Steven Weber, Faculty Director of the University of California, Berkeley’s Center for Long-Term Cybersecurity, and Kate Charlet, Director for Data Governance at Google, addressing a wide range of questions related to how organizations can “future-proof” themselves in a dynamic security and privacy landscape.

February 17, 2021

Video: Book Talk on Steve Weber’s “Bloc by Bloc”

    Joined by a panel of scholars, CLTC Faculty Director Steve Weber discussed his book, which outlines a framework for how firms should position themselves for the new economic geography. At a time when globalization is taking a step backward, what’s the best way to organize a global enterprise?…

November 2, 2020

What’s at Stake in Digital Fragmentation? Q&A with Zoom’s Josh Kallmer

  As Head of Global Public Policy at Zoom, Josh Kallmer — an expert in international trade with broad experience inside and outside of government — serves as the architect of Zoom’s global public policy and government relations strategy and the company’s chief representative before governments around the world. In…

May 16, 2018

CLTC Research: American Companies Struggle to Meet GDPR’s Data Breach Notification Rules

On May 25, 2018, Europe’s General Data Protection Regulation (GDPR) will come into effect following a two-year implementation period. Among the regulations outlined in the GDPR, the data breach notification requirement is likely to be particularly problematic for American companies. Article 33 of the GDPR sets the deadline for data breach notification at 72 hours, and any delay beyond that must be accompanied by an explanation. Companies that fail to comply with this requirement face potentially massive fines: up to 4% of annual revenues or 20 million Euros. According to research by the UC Berkeley Center for Long-Term Cybersecurity, most companies fall far short of the GDPR’s requirements in their standard notification practice. In only 9.1% of the breach incidents we analyzed did companies comply with the GDPR’s 72-hour requirement. Around two thirds (67.5%) provided notification within deadlines set by state privacy laws, but the leap from 45 days to 72 hours is significant, and the broad application of the GDPR sets a de facto standard for data breach reporting that companies will be hard-pressed to meet.