The U.S. National Institute of Standards and Technology (NIST) has published its draft of the NIST Cybersecurity Framework (CSF or Framework) 2.0. According to the official press release, “the Framework has been used widely to reduce cybersecurity risks since its initial publication in 2014. Many organizations have told NIST that CSF 1.1 remains an effective framework for addressing cybersecurity risks. There is also widespread agreement that changes are warranted to address current and future cybersecurity challenges and to make it easier for organizations to use the Framework. NIST is working with the community to ensure that CSF 2.0 is effective for the future while fulfilling the CSF’s original goals and objectives”.

NIST now expects comments to the draft to be submitted before 04 November, 2023, while the final version of the Framework should be published in early 2024.

***

In order to comply with the EU’s Digital Services Act (DSA), TikTok will allow EEA users to turn off personalisation.

According to the TikTok’s official press release, “this means [that] For You and LIVE feeds will instead show popular videos from both the places where [the users] live and around the world, rather than recommending content to them based on their personal interests. Similarly, when using non-personalised search, they will see results made up of popular content from their region and in their preferred language. Their Following and Friends feeds will continue to show creators they follow, but in chronological order rather than based on the viewer’s profile”.

Also, “Accounts for those aged under 16 are set to private by default and their content cannot be recommended in For You feeds. Now, users in Europe aged 13-17 will also no longer see personalised advertising based on their activities on or off TikTok. People already have control over the ads they can see and they can toggle personalised ads on or off in their settings”.

***

The data breaches announced in the UK this week provide stark reminders of the importance of protecting data and data privacy. Breaches have been reported by Norfolk and Suffolk Police force and the Police Service of Northern Ireland. The Information Commissioner’s Office (ICO) has confirmed it is investigating both breaches. NHS Lanarkshire has received a reprimand for using WhatsApp to share patients data in an unauthorised manner.

Freedom of Information has come to the fore with the ICO publishing practice recommendations and enforcement notices on 5 public bodies who did not meet expected standards when responding to Freedom of Information requests. With increased action being taken by the ICO a new manual has been produced to set out the approach the ICO will take action in the future.