EU GDPR's focus on privacy could unintentionally, and adversely, rewrite data security

The European Union's sweeping data rule that went into effect last week is focused primarily on privacy -- giving individuals greater control over how their personal information is stored and handled -- but uncertainties about enforcement could have unintended, and potentially adverse, consequences for cybersecurity.

U.S. national security officials have already flagged implementation of the EU General Data Protection Regulation as a major game-changer for data protection, even suggesting it might drive new regulatory security requirements on this side of...