THREAT INFORMATION-SHARING AND GDPR: A LAWFUL ACTIVITY THAT PROTECTS PERSONAL DATA

A White Paper from Osborne Clarke on 4th January argues that threat information-sharing and why it is a legitimate interest of financial institutions under GDPR.  It says that the GDPR has stifled the practice of threat information-sharing, in turn increasing the threat of successful attacks.  However, the White paper concludes that threat information-sharing seeks to preserve fundamental goals of GDPR, and is a cornerstone to the Regulation’s principles and purpose: to protect “fundamental rights and freedoms of natural persons and in particular their right to protection of personal data”.  The White Paper says that a proper understanding of what is involved is required, and explains what it is.  It says that threat information-sharing is the exchange of information relating to threats, whether cyber or other, between members of a sharing community for the purpose of enhancing their security posture by leveraging the collective knowledge, experience, and capabilities of the community toward the threat.  Generally, a “threat” is any circumstance with the potential to adversely impact organisational operations (including mission, functions, image, or reputation), assets, individuals, other organisations, or a nation through an information system “via unauthorised access, destruction, disclosure, or modification of information, and/or denial of service”.  Thus threat information-sharing involves the sharing of information to help organisations protect individuals, organisations, nations, and even the public at large against malicious acts resulting in an unauthorised access, disclosure, loss, or alteration of data, including personal data.   It says that a common motto for threat information-sharing is allowing “one organisation’s detection to become another’s prevention”.

http://www.osborneclarke.com/wp-content/uploads/2019/01/Threat-Information-Sharing-and-GDPR_Final_TLP-WHITE.pdf

Author: raytodd2017

Chartered Legal Executive and former senior manager with Isle of Man Customs and Excise, where I was (amongst other things) Sanctions Officer (for UN/EU sanctions), Export Licensing Officer and Manager of the Legal-Library & Collectorate Support Section

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s