Working with personal information there are many things to consider. The security of the assets stored, how it is processed and accessed. All this needs to follow laws set in place. When those laws are exploited, like shown in the conference talk, it becomes difficult to provide the security that is expected. I think the conference talk illustrated very well how an attacker can use laws against us, laws that are meant to protect us.
We live in a connected world where even if someone lives on the other side of the planet, they can easily make contact with companies situated in far away from them. This means that international boundaries becomes very loose, an attacker can be in Africa and with the right information claim to be European. This makes working with security very fussy, how do you know someone is who they claim to be?
With legislators trying to implement laws to protect consumer on the scale that the GDPR does, they can’t be specific, because there are too many countries to work with. And they all have different approaches. As a consumer, I need to trust that the laws in place will be able to protect me appropriately. Working in cyber security having laws with such harsh repercussions, means tension and rushing to try and follow the law can lead to mistakes with big consequences. I think a better relation between the law makers and the providers who have to abide by the law is essential in providing proper security
As a consumer, being aware of your rights is important. However, I think people need to be thought how to better handle their data. Because leaving it all to companies and lawmakers leaves them unaware and even ignorant on how what is happening behind the scenes, what dangers they might be in and how to stay secure.
