Weekly listing of articles, reports and news pieces about cybersecurity, privacy and data protection that caught my eye.
Cybersecurity and data breaches
Telefonica breach leaves data on millions exposed
Identity and payment information – including land line and mobile numbers, national ID numbers, addresses, banks, names and call records – was exposed although there is no evidence that any of the data was used in fraudulently.?If Telefonica’s data had been protected by end-to-end encryption ?there would be no breach to report under GDPR, as stolen encrypted data would be unusable.?Now that GDPR is in effect, the Telefonica customer notifications and follow-up must be done in a compliant and potentially expensive way.
Decade-old Bluetooth flaw lets hackers steal data passing between devices
The attack allows people to perform a man-in-the-middle attack on the connection between vulnerable devices. From there, attackers can view any exchanged data, which might include contacts stored on a device, passwords typed on a keyboard, or sensitive information used by medical, point-of-sale, or automotive equipment. Attackers could also forge keystrokes on a Bluetooth keyboard to open up a command window or malicious website in an outright compromise of the connected phone or computer.
Consents, marketing and data subject rights
How to design GDPR compliant consent
The main purpose of consent is to freely offer individuals genuine choice and put in control on his/her personal data processing. A well designed consent helps for business to build customer trust and also enhances customer awareness and transparency on data processing, further consent greatly improve the reputation of the business. Here are 2 articles to help with designing proper consent:
Making legalese accessible: how to create friendlier terms of service and privacy policies
Consent management platforms are purchased less often than other privacy tools
With the massive new requirements for user consent in the General Data Privacy Regulation (GDPR) you?d think the recently emerged consent management platforms would have landed in every sizable company?s toolbox. However, a new report on the adoption of privacy technologies found that consent management platforms were found to be the least adopted tech among 10 categories of privacy tech.
Data-Driven Marketing After GDPR
It seems like the General Data Protection Regulation (GDPR) leaves marketers with only one choice: Comply with the new law and say goodbye to our beloved user data. It?s time to change our mindset.
Reports and surveys
ePrivacy and data protection
Citi GPS published a report on how prepared consumers, corporates, and regulators are for a tightening of the regulatory landscape. They consider that the potential implications could be from a change in the behavior of consumers and corporates when it comes to personal data.
Baker McKenzie GDPR National Legislation Survey
Now that EU General Data Protection Regulation (GDPR) is officially enforced, any business looking to bring their data protection practices in line with it will need to understand and analyse the local laws supplementing the regulation.
We must not treat data like a natural resource
Lisa Austin – the chair in law and technology at the University of Toronto faculty of law, where she teaches both property law and privacy law – shares her opinion why we should not treat personal data as natural resource like oil.
This position paper observes how different technical and normative conceptions of privacy have evolved in parallel and describes the practical challenges that these divergent approaches pose.