3 Interesting Articles

Meta Fined $1.3 Billion for Violating E.U. Data Privacy Rules
NY Times ($): Meta has been hit with a record-setting $1.3 billion fine by Ireland’s Data Protection Commission for violating EU data protection rules, specifically concerning the transfer of Facebook user data from Europe to the United States. This landmark ruling has prompted Meta to appeal, potentially leading to a drawn out legal process. Despite a five-month grace period for compliance and ongoing EU-US negotiations for a new data-sharing pact that could negate much of the ruling, the decision could significantly impact Facebook’s business operations in Europe. The case underscores the increasing governmental scrutiny on cross-border data movement, forcing companies to reconsider their data storage strategies.

Bridgestone CISO: Lessons From Ransomware Attack Include Acting, Not Thinking
Dark Reading: Following a large-scale ransomware attack on Bridgestone Americas in February 2022, CISO Tom Corridon stressed the importance of pre-identifying key decision makers for handling attacks to avoid exacerbating the damage. He urged companies to carry out scenario-based exercises involving key executives, alongside the technical team, to prepare for quick decision-making during an attack. Despite not revealing whether a ransom was paid from their 2022 attack, Corridon highlighted how the crisis heightened awareness and drove security changes within Bridgestone that would usually take years to implement. He advocates for maintaining cybersecurity as a top priority for employees, equating it to physical safety precautions. Corridon also recommends reframing breaches and attacks as criminal acts against the company, rather than mere incidents, to underscore their severity.

Corporate ChatGPT Applications Grow Despite Legal Scrutiny
WSJ ($): German online fashion retailer, Zalando SE, is planning to utilize OpenAI’s ChatGPT as a shopping assistant to analyze customers’ inquiries. But they maintain that customer data will not be used for algorithm training and the data will be deleted after 30 days. OpenAI recently modified ChatGPT, allowing users to opt in if they wish their searches to be used in training, with data also being deleted after a month. As AI technology continues to face mounting scrutiny from regulators in the US and Europe, the Biden administration is contemplating rules to regulate AI tools over concerns of potential misuse. In addition, amid regulatory concerns, companies are advised to draft policies to prevent sensitive data exposure and consider anonymizing data sent to ChatGPT.

2 Stats You Should Know

Over 75% of consumers are concerned about misinformation from AI. (source)

37% of companies are developing an AI strategy, 28% already have a holistic strategy in place, and 25% have a strategy that is focused only on limited or specific use cases. (source)

1 More Thing

Isn’t this just the brutal reality of how security works? (source)