Information security and privacy have many intersections, consider ransomware, because if a ransomware attack is made and it succeeds, you are dealing with a data breach. In October 2024, the AP published a news release that there are more ransomware attacks than previously known. This is worrisome because it means hackers are ahead of the curve with technology to get into an organization's system. By complying with the AVG and looking at your information security, you are making it harder for hackers to get into your organization's system.
AI is evolving rapidly, and there too you have privacy and information security concerns. Research by the AP into 9 popular chatbot apps shows that most chatbot apps for virtual friendship and therapy for mental problems provide unreliable information and are sometimes even harmful. The chatbots contain addictive elements, impersonate real people and can even pose a danger to vulnerable users in a crisis situation. From an information security perspective, you look at availability, integrity and confidentiality. In this case study, you can conclude that the chatbot apps researched are not always trustworthy. From a privacy perspective, it is also important to share little or no personal data through such a chatbot. For example, in a podcast with Daphne Deckers that after chatting with ChatGTP for a while, she said that ChatGTP started to recognize her as well. This is recognizable when you look at the results from the AP's survey.
The AVG contains detailed rules for companies and organizations on the collection, storage and management of personal data. Those rules apply to all companies and organizations that process personal data of individuals in the EU, regardless of whether those companies are based in the EU, or outside it.
ISO 27001 is an international standard for information security and not required by law, but it can help you demonstrate that you have your information security in order. The standard describes how you can deal with securing information in a process-oriented way, with the aim of ensuring the confidentiality, availability and integrity of information within your organization.
Both ISO 27001 and the AVG focus on protecting data. The ISO 27001 standard focuses on protecting data in the broadest sense, and the AVG looks only at personal data. Implementing an ISMS (information security management system) according to the ISO 27001 will help you in part with AVG compliance: it will help identify and manage personal data, including where and how long it is stored and who has access to it.
ISO 27001 was revised in 2022, and privacy and cybersecurity play a larger role in the revised standard. In the years since, the standard has received a number of smaller updates, so there are now three different versions in circulation: ISO/IEC 27001:2022, ISO/IEC 27001:2023 and ISO/IEC 27001:2024.
Do you work at a healthcare facility or do you work a lot with healthcare facilities? Then it is interesting to look at NEN 7510. As a healthcare institution, you want to handle your clients' or patients' data well. For example, by controlling who logs in to the electronic patient record and when, and who has access to it at all. With your inclusion in the NEN 7510 register, it is clear to everyone that you handle this information security professionally.
