Cyberattacks continue to escalate in frequency and sophistication, presenting significant risks to the electric power industry and obligations to protect personal information. A data breach that involves personal information may result in considerable legal, financial, and reputational consequences to any organization. The rise of Artificial Intelligence (AI), which lacks effective regulatory or legislative oversight, has amplified cybersecurity and privacy risk.
In the absence of a U.S. statute like the European Union’s General Data Protection Regulation (GDPR), organizations must contend with a patchwork of state consumer privacy laws that may not only differ, but conflict, in terms of data security and data breach notification requirements. This presents challenges for organizations that conduct business in multiple states and leaves legal and cybersecurity professionals seeking resources to aid in these essential functions.
The IAPP (until recently known as the International Association of Privacy Professionals, now known as simply the IAPP), was founded in 2000 “with a mission to define, promote, and improve the professions of privacy, AI governance and digital responsibility globally” (https://iapp.org/about/mission-and-background/). The IAPP recently introduced a Cybersecurity Law Center and an AI Governance Center. These resources offer newsletters, resource articles, white papers, and training. Understanding legislative requirements regarding consumer data privacy can assist cybersecurity professionals in protecting both consumers, the organizations they work for, and by extension bulk power system stakeholders, helping to manage a complex and rapidly changing digital landscape.
These resources can assist cybersecurity and privacy professionals in working together toward the mutual aim of securing data and protecting digital assets and the privacy of customers and employees. Further, working with privacy professionals to understand privacy regulations and legislation can assist cybersecurity professionals in designing systems in compliance with relevant requirements, incorporating the principles of privacy and security by design. As the digital and regulatory landscape continues to evolve, collaboration between cybersecurity and privacy professionals is an important step in protecting the data that is essential to an organization’s technical and business operations.
– Margaret Eastman, MS, CIPP/US, MRO Security Administrator