
I have a few sayings about cybersecurity and data privacy but one of my favorites is “data is the hot potato!” When doing presentations, I love to have the attendees chant over and over in unison, “Data is the hot potato! Data is the hot potato! Data is the hot potato!” This can be fun, right Jamie Sorley (thank you for the coffee mug – I have it on my shelf!), John Sapp (he was in the audience of CISOs in Miami when I first used this), Matt Ross (we used this when presenting together recently), and Dana Gonnerman, Tanner Smith, and Kevin Tuttle (who joined me in this chant recently in Kansas City)!

One reason I do this is to get the attendees to wake up if I’ve bored them to sleep. Another is to get them to loosen up and have a little fun during the presentation. And another is really the main point — to get them to realize that when we are talking about the legal aspects of cybersecurity and data protection — the ball they need to keep their eye on is the data — that’s what really matters.
When legislators, regulators, judges, and plaintiff’s lawyers talk about cybersecurity and data protection, they don’t really care all that much about the security of your network for your network’s sake — they care about the security of the data that is stored within or that transgresses throughout your network — especially when that data is other people’s personal information — that is what they really care about and that is where you need to stay focused.
I was reminded of all of this when I read a recent publication from the IAPP titled Maximize your minimization and other takeaways from the FTC’s Drizly case and the author’s key takeaways from the remedial actions in the proposed decision and order which the author describes as the first time we have seen this kind of granular details of a data minimization program spelled out by the FTC. In this excellent article, the author identified several key takeaways that companies should consider for both cybersecurity protections as well as data minimization principles: READ MORE!
Now, chant in unison after me: “DATA IS THE HOT POTATO!”
March 27, 2018
During a presentation recently, I was trying to make a point about the liability that comes with data and, therefore, the need for us to never forget that in cybersecurity our ultimate goal is protecting systems and data. I used the little line at the end of this quote:
Data equals risk. It is toxic because of the potential liability that goes with it. Data is the hot potato.
Despite how corny it sounds, I had several people approach me later to tell me how much “data is the hot potato” stuck with them (and, it could be because I had them join me in chanting it!). So, why not share it with you? Now join me in chanting,
Data is the hot potato!
Data is the hot potato!
Data is the hot potato!
Data is the hot potato!
1 thought on ““Data is the hot potato!” and data minimization lessons from the FTC’s Drizly case”