EBF publishes proposals on Cyber incident reporting

In order to ensure that financial institutions are able to quickly and effectively report cyber incidents without at the same time sacrificing a proper incident management and recovery process, The European Banking Federation (EBF) published its proposals on cyber incident reporting.

In particular EBF makes the following proposals for supervisors and regulators:

  • Establish a central reporting and coordination hub in each Member State;
  • Harmonise reporting thresholds and create a common taxonomy for cyber security incidents;
  • Foster public-private real-time collaboration between regulators, supervisors, law enforcement, financial institutions and other cross-sectoral infrastructure actors;
  • Further involve national CERTs in information sharing;
  • Introduce a regular bi-directional information flow between regulators/ supervisors and the industry.

Full report: EBF position on Cyber incident reporting

Consumers balance data privacy against personalisation

Consumers are willing to share their personal data in exchange for personalisation, depending on whether the service meets their expectations, according to Deloitte’s eighth annual Media Consumer Survey. And consumers want the ability to have their data removed, but the choice to do this is impacted by loss of personalisation, according to the survey.

The report found a desire for ownership and control of personal data, with 62 per cent of respondents believing they should have the right to ask a company to delete their data, and 65 per cent indicating interest in editing what’s collected. However, of the 62 per cent believing they should be able to request their data be deleted, only 31 per cent would do so if it meant losing features like personalised recommendations.

Source: Survey: Consumers balance data privacy against personalisation – CMO Australia

Ireland publishes note on data breach trends

Ireland’s Data Protection Commission has published information note on data breach trends from the first year of the General Data Protection Regulation (GDPR).

The total number of breach notifications received by the DPC during that time amounted to 5,818. Of all breach notifications received by the DPC, approximately 4% have been classified a ‘non-breaches’ and did not meet the definition of a personal data breach.

a total of 13% failed to satisfy the requirement of notification to the DPC ‘without undue delay’ (normally within 72 hours), as required under the provisions of GDPR.

Source: Data Breach Trends from the First Year of the GDPR

EU contracts with Microsoft raising ‘serious’ data concerns

Europe’s chief data protection watchdog has raised concerns over contractual arrangements between Microsoft and the European Union institutions which are making use of its software products and services.

The European Data Protection Supervisor (EDPS) opened an enquiry into the contractual arrangements between EU institutions and the tech giant this April, following changes to rules governing EU outsourcing.

Though the investigation is still ongoing, preliminary results reveal serious concerns over the compliance of the relevant contractual terms with data protection rules and the role of Microsoft as a processor for EU institutions using its products and services.

Source: EU contracts with Microsoft raising ‘serious’ data concerns, says watchdog | TechCrunch

Security researchers expose new Alexa and Google Home vulnerability

Security researchers with SRLabs have disclosed a new vulnerability affecting both Google and Amazon smart speakers that could allow hackers to eavesdrop on or even phish unsuspecting users.

By uploading a malicious piece of software disguised as an innocuous Alexa Skill or Google Action, the researchers showed how you can get the smart speakers to silently record users, or even ask them for the password to their Google account. There’s no evidence that this vulnerability has been exploited in the real world, however, and SRLabs disclosed their findings to both Amazon and Google before making them public.

Source: Security researchers expose new Alexa and Google Home vulnerability – The Verge

Italy hit by a wave of musical ransomware attacks

The musical ransomware, FTCode, plays German rock music whilst encrypting victims’ files.

Researchers at AppRiver discovered FTCode within malicious email campaigns targeting Italian Officer 365 customers. Victims receive emails containing malicious content posing as invoices, documents scans and resumes.

Source: #Privacy: Italy hit by a wave of musical ransomware attacks

Only 25% of companies disclose data breaches despite GDPR

A high number of businesses in Europe are choosing to not disclose cyber-security breaches to the public, despite the risk of heavy GDPR fines, a new study reports.

Researchers discovered that 75% of cyber-attacks are not published, with many companies indicating that they turn a blind eye to their legal obligations.

According to the research, less than a fifth (19%) of corporations gave official notification of hacks they suffered over the last five years, despite 66% of firms surveyed saying they were aware of their legal obligations under new EU data laws in terms of reporting to their local Data Protection Authority.

Source: #Privacy: 25% of companies disclose data breaches despite in GDPR era

Ireland is top country for privacy protection

Ireland ranked first out of 47 countries ranked for privacy protection, according to a study by Comparitech, a website that researches and compares tech services with a score of 3.2.

Ireland is followed by Portugal, Norway, France and Denmark, all of which scored 3.1. Thailand and Malaysia posted scores of 2.6 out of 5, trailed only by India (2.4), Russia (2.1) and China (1.8) leaving those countries at bottom 5.

The study took into account a number of categories, ranging from use of biometrics and CCTV to data-sharing and retention laws.

Source: Thailand in bottom tier for privacy protection

Is Ireland breaching EU rules by underfunding data regulator?

Ireland provided the Data Protection Commission with significantly less funding than it needs at a time when it is struggling to cope with the extra work it got landed with following the introduction of GDPR last year.

Not only does this put the Government potentially at risk by leaving the commission without proper resources, but it also could be against the law. Data protection consultant Daragh O’Brien of Irish company Castlebridge Associates certainly thinks so. He has filed a complaint to the European Commission, suggesting the State has probably breached its obligations under GDPR, the Law Enforcement Directive and the EU Charter of Fundamental Rights.

Source: Is Ireland breaching EU rules by underfunding data regulator?

Potential Brexit deal reached; data transfers remain, for now

More than three years after the U.K. voted in a referendum to leave the EU, a proposed Brexit deal is on the table just weeks ahead of an Oct. 31 deadline.

European Commission President Jean-Claude Juncker confirmed a deal had been reached. U.K. Parliament will vote on it this Saturday, Oct. 19.

The draft text of the deal released Thursday includes a section near the top on data protection, stating, “In view of the importance of data flows and exchanges across the future relationship, the Parties are committed to ensuring a high level of personal data protection to facilitate such flows between them.”

Source: Potential Brexit deal reached; data transfers remain, for now

1 2 3 412