Recently I was invited to give a one-hour presentation on Data Protection and Incident Response, looking at how the demands of the two fields align and support each other, and how law and guidance have come to recognise that over the past decade or so. I finished with some thoughts on areas – data collection and information sharing – where there may still need to be some work to get the compatibility of purpose fully recognised; but even here there’s good reason to be optimistic.
If you’d like to know more, look at the incident response tag on this blog, or read my peer-reviewed papers:
- Incident Response: Protecting Individual Rights Under the General Data Protection Regulation
- Processing Data to Protect Data: Resolving the Breach Detection Paradox