Matt Fisher of Carium writes:
Data breaches grab headlines on a daily basis and arise from a number of different scenarios. However, one question that is not necessarily examined closely (at least in news articles), is whether encryption was in place and why the encryption did not prevent the breach. That rhetorical question does not get into the finding in a number of resolutions through the HHS Office for Civil Rights where lack of appropriately or properly implemented encryption was part of the reason for a penalty.
Matt then considers a number of different scenarios involving encryption to make the point that the determination of a breach when encryption is involved may be more complex than initially thought.
Read more on The Pulse.
This article is also helpful on that issue: https://edpb.europa.eu/sites/edpb/files/consultation/edpb_guidelines_202101_databreachnotificationexamples_v1_en.pdf
I usually delete all submitted links but I’m making an exception for that one. Thank you.