Free tools and resources for Data Protection Officers!

Tag Archives for " opinion "

The post GDPR landscape

With the panic over to ‘comply’ with GDPR, it is seen as becoming more of a day to day compliance matter. Of course, this assumes that organisations have the correct processes embedded in their day to day business and their staff are trained on and aware of the implications. However, there are still many questions around what is the correct approach.

Full article: The post GDPR landscape: Our Findings

We Need to Talk About NIST’s New Password Management Recommendations

Recently, the National Institute of Standards and Technology (NIST) reversed its stance on organizational password management requirements. The institute now recommends banishing forced periodic password changes and getting rid of complexity requirements.

Full article: We Need to Talk About NIST’s New Password Management Recommendations

Stop focusing your information security efforts on the wrong things!

There once was a time not all that long ago when security teams could plead ignorant to IT security risks, with minimal possible consequence in terms of any significant damage coming to the company. Those days are long gone. In today’s era of advanced cyberattacks, information security is too important an element of business success to dismiss.

Full article: Stop focusing your information security efforts on the wrong things!

New Spanish Data Protection Law raises concerns over the use of sensitive data by political parties

The new Law on Data Protection and Digital Rights (LOPD), recently enacted in Spain, includes a highly controversial provision allowing political parties and organizations to collect and use personal data revealing political views of individuals.

The controversial article was introduced as a last-minute amendment to the bill, which was voted unanimously on October 18 by the House of Representatives (Congreso de los Diputados). By then, the contentious article had largely gone unnoticed by the public opinion. Shortly after that, however, concerns that political parties might get broad leeway to process sensitive personal data were widely reported in the mainstream media. Nonetheless, the Spanish Senate definitively approved the law on November 21 – including the controversial section. The text is expected to be officially published shortly.

Full article: New Spanish Data Protection Law raises concerns over the use of sensitive data by political parties | Center for Internet and Society

EDPS calls for closer alignment between consumer and data protection rules in the EU

Consumer law and data protection can no longer afford to work in silos. The EU needs a big-picture approach to addressing systemic harms to individuals in digital markets, involving closer cooperation between enforcers in order to avoid legal uncertainty, the European Data Protection Supervisor (EDPS) said, as he published his Opinion on the legislative package A New Deal for Consumers.

Source: EDPS calls for closer alignment between consumer and data protection rules in the EU | European Data Protection Supervisor

A timely raincheck on the GDPR: the law of unintended consequences

As we approach a six-month point since the full implementation date of the GDPR, it is interesting to see evidence of the legislation having much greater consequences and advantages than those for which it was originally intended.

GDPR in its most fundamental form can be seen as a beneficial facility for handling the core issue of risk management between data and people. In this instance, risk is both an opportunity to be exploited as well as a downside to be mitigated. To support this contention, one may cite recent instances of the GDPR having practical impacts way beyond that of its original draftsmen.

Full article: A timely raincheck on the GDPR: the law of unintended consequences

Cathay Pacific case shows data breach reporting challenges

Multinational companies experiencing a major data breach face significant challenges in co-ordinating co-operation with investigating authorities around the world.

The scale of the challenge was highlighted recently when the chief executive of airline Cathay Pacific, Rupert Hogg, revealed that the company had provided details of a data breach the business first disclosed last month to 27 different authorities spanning 15 jurisdictions.

The case is an example of how the discovery of data breaches can trigger a duty to notify those breaches to not only data protection authorities and impacted customers, but financial regulators and financial markets too.

Full article: Cathay Pacific case shows data breach reporting challenges

Massive Data Leaks Keep Happening Because Big Companies Can Afford to Lose Your Data

If you live in the United States, there’s almost a 50 percent chance your personal data was lost in the giant Equifax data breach a year ago of 143 million records. Google, Facebook had recend breaches. Over the last five years alone, major breaches at Anthem, eBay, JPMorgan Chase, Home Depot, Yahoo, Target, Adobe …

Each day there must have been another major data breach that keeps criminal hackers gainfully employed by selling your information. Bad guys keep getting smarter, experts say. Why not corporations? The short answer is, because it’s not worth their trouble.

Full article: Massive Data Leaks Keep Happening Because Big Companies Can Afford to Lose Your Data – Motherboard

CIPL Publishes Legal Note on the ePrivacy Regulation and the EU Charter of Fundamental Rights

On November 12, 2018, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP published a legal note on the ePrivacy Regulation and the EU Charter of Fundamental Rights. The note contributes to an important and recurring legal discussion on the proposed ePrivacy Regulation.

The proposal aims to protect the confidentiality of communications, and in particular addresses the confidentiality of content data and metadata of individuals and legal persons, implementing Article 7 of the EU Fundamental Rights Charter (“right to privacy”). In contrast, the GDPR implements Article 8 of the Charter (“right to data protection”).

Full article: CIPL Publishes Legal Note on the ePrivacy Regulation and the EU Charter of Fundamental Rights

It’s Amateur Hour in the World of Spyware and Victims Will Pay the Price

We’re living in the golden age of spyware and government hacking, with companies rushing to join a blossoming billion dollar market. The weakest among us—activists or journalists—will suffer the consequences if we don’t regulate it appropriately.

Full article: It’s Amateur Hour in the World of Spyware and Victims Will Pay the Price – Motherboard

>