Tag Archives for " data "

When Obscurity Is Not a Defense

Many organizations facing a data-security incident struggle to understand how or why their organization was targeted in an attack. Most simply believe they are too small or too obscure to be targeted by malicious cyber actors.

Even larger, well-known businesses are lulled into complacency, mistaking years without a major security incident as evidence that their business is an unlikely target, or believing that a small corner of their business, perhaps the new cloud instance they’re testing, will go unnoticed.

Source: When Obscurity Is Not a Defense

French man who kept porn on work computer loses privacy appeal

A man who kept a stash of pornography on his work computer has failed to convince judges his right to a private life was infringed when his employer opened the personal files containing the material without his knowledge.

Eric Libert was fired by the French national rail operator SNCF in 2008 after his boss discovered the pornographic files and a series of forged certificates. He asked the European court of human rights to rule on his case after he was unsuccessful in the French courts.

Source: French man who kept porn on work computer loses privacy appeal | World news | The Guardian

German court says Facebook’s real name policy is illegal

A German court ruled that Facebook’s real name policy is illegal and that users must be allowed to sign up for the service under pseudonyms to comply with a decade-old privacy law. The ruling, made last month but only now being announced, comes from the Berlin Regional Court and was detailed today by the Federation of German Consumer Organizations (abbreviated from German as VZBV), which filed the lawsuit against Facebook.

Facebook says it will appeal the ruling, but also that it will make changes to comply with European Union privacy laws coming into effect in June, according to Reuters. “We are working hard to ensure that our guidelines are clear and easy to understand, and that the services offered by Facebook are in full accordance with the law,” a Facebook spokesperson said.

Source: German court says Facebook’s real name policy is illegal – The Verge

Data breach GDPR case study

The business has grown substantially over a number of years, and now has a number of different business units providing different services. Some of that growth has been through acquisitions.

There are a number of policies which impact on information security in place across the business. The business takes payment online via credit and debit card, but considers that it has appropriate security measures in place, and is working towards PCI-DSS certification. The growth of the business has resulted in fragmentation of databases across multiple servers, and the business has recently sought to move to a cloud solution. Multiple third parties have access to certain data through APIs.

Source: Global Data Hub

Is a Service Provider’s Privacy Shield Certification Good Enough?

The GDPR imposes two requirements when a company (referred to in the GDPR as a “data controller”) uses a service provider (referred to in the GDPR as a “data processor”).

The first requirement is that if a data controller is based in the EEA and is transferring personal data to a processor that is based outside of the EEA, the parties must take steps to ensure that the jurisdiction in which the data is going affords the data “an adequate level of protection.” When the GDPR refers to an “adequate level of protection” it is not talking about the security of the data. Instead, it is referring to the protections afforded by the laws of the country to which the data will be transferred.

Source: Bryan Cave – GDPR: The Most Frequently Asked Questions: Is a Service Provider’s Privacy Shield Certification Good Enough?

Deep Fakes: A Looming Crisis for National Security, Democracy and Privacy?

Manipulating images, sound, or video to convincingly mislead the public could take so-called “fake news” to a new level.

Recent events amply demonstrate that false claims—even preposterous ones—can be peddled with unprecedented success today thanks to a combination of social media ubiquity and virality, cognitive biases, filter bubbles, and group polarization. The resulting harms are significant for individuals, businesses, and democracy. Belated recognition of the problem has spurred a variety of efforts to address this most recent illustration of truth decay, and at first blush there seems to be reason for optimism. Alas, the problem may soon take a significant turn for the worse thanks to deep fakes.

Source: Deep Fakes: A Looming Crisis for National Security, Democracy and Privacy? – Lawfare

U.S. Customs Wants to Use Your Face As a Boarding Pass

By 2022, the agency plans to use biometrics to identify 97 percent of travelers flying out of the country.

Getting through an airport without a passport or boarding pass may only seem possible in the nostalgic memories of 20th-century travelers, but an initiative at Customs and Border Protection could make that bygone convenience a modern reality.

Source: U.S. Customs Wants to Use Your Face As a Boarding Pass – Nextgov

A third of Brits plan to exercise right to be forgotten

After the General Data Protection Regulation compliance deadline, a third of Britons polled say they plan to exercise their right to be forgotten, but few fully understand the GDPR and how it will affect them.

A survey has found that Britons are concerned about their privacy and data protection, and many would like to exercise the rights granted by the EU’s General Data Protection Regulation (GDPR).

Source: A third of Brits plan to exercise right to be forgotten

UK’s councils unprepared for cyber-attacks, report says

More than 25% of UK councils have had their computer systems breached in the past five years, campaigners say.

A report by privacy group Big Brother Watch based on freedom of information requests found 114 councils experienced at least one incident between 2013 and 2017. The group said it was “shocked” that staff often lacked cyber-training.

Source: Councils ‘unprepared’ for cyber-attacks, report says – BBC News

Data protection impact assessments and data protection by default and by design

In 2016, the Westin Research Center published a series of articles identifying our analysis of the top 10 operational impacts of the European Union’s General Data Protection Regulation. Now, with the May 25, 2018, GDPR implementation deadline looming, the IAPP is releasing a companion series discussing the common practical organizational responses that our members report they are undertaking in anticipation of GDPR implementation.

This fourth installment in the 10-part series addresses privacy risk analysis, including, importantly, formalized risk management processes such as data protection impact assessments (known as DPIAs), as well as the newly legislated principles of data protection by default and by design.

Source: Top 10 Operational Responses to the GDPR – Part 4: Data protection impact assessments and data protection by default and by design

1 2 3 67
>