CyberWire Daily The impact of data privacy on cyber. [CISO Perspectives]
Oct 28, 2025
Kristy Westphal, Global Security Director, dives into the crucial intersection of data privacy and cybersecurity. She emphasizes that privacy shouldn't be an afterthought but a core focus of security efforts. Kristy discusses the complexities of laws like the Cloud Act, encryption's real-world weaknesses, and how small businesses can comply with varying privacy laws. She advocates for solid legal partnerships and threat modeling that aligns with business impact, underscoring the pressing need for heightened privacy measures in today's digital landscape.
AI Snips
Chapters
Transcript
Episode notes
Data Analytics Amplify Post-Breach Harm
- Stolen, non-regulated data can be later analyzed to target victims just like marketing does.
- This delayed-analytics risk creates liability even when sensitive stores were initially protected.
Encryption Is Not A Full Alibi
- Encryption alone is not an absolute legal or technical shield due to tools, vulnerabilities, and legal orders.
- Regulators and courts can and do find ways to access encrypted data despite promises of protection.
Student Recovered Encrypted Partition
- Kristy describes a forensics class where a student recovered an encrypted partition by finding password clues elsewhere.
- The story shows encryption can be bypassed through lateral evidence, not just cryptanalysis.