The Security Implications of Data Subject Rights
This addresses security vulnerabilities for organizations implementing data protection laws, but it is incremental as it focuses on an existing issue without proposing new solutions.
The article examines how fulfilling data subject rights under regulations can inadvertently expose technical infrastructure and organizational processes, highlighting the need to address these security risks in rights fulfillment.
Data protection regulations give individuals rights to obtain the information that entities have on them. However, providing such information can also reveal aspects of the underlying technical infrastructure and organisational processes. This article explores the security implications this raises, and highlights the need to consider such in rights fulfillment processes. To appear in IEEE Security & Privacy