Cybersecurity experts have noted the design weaknesses of various data protection laws at the international, state, and industry levels, which sometimes have inconsistencies with each other, SecurityWeek reports.
"Many of the U.S. local laws are contradictory and that is no surprise since governments are trying to address two seemingly irreconcilable objectives: protecting security and privacy while trying to enable access for law enforcement, espionage, and surveillance. These two divergent goals often result in data protection laws that are fundamentally flawed," said JupiterOne Chief Information Security Officer Sounil Yu.
Varying regulations should prompt a focused security strategy for organizations, according to Digital Shadows CISO Rick Holland.
"CISOs must have their Governance, Risk, Compliance (GRC), and Privacy teams engage with peers, regulators, and outside counsel to stay up to date," Holland said, adding that GRC software could allow consolidated monitoring of compliance and regulatory requirements, which could then enable improved control implementation.