Continue reading »
Continue reading »
While some tend to portray new European Union (EU) General Data Protection Regulation (“GDPR”) as menacing Apocalypse coming from nowhere, fact is that GDPR is an “upgrade” of existing EU data protection laws. EU Data Protection Directive (Directive 95/46/EC) was adopted already in 1995. In some countries – like Germany and Sweden – data protection laws were introduced even much earlier – in 1970s and 1980s.
GDPR keeps the basic principles of Data Protection Directive and ads new “layer” to it, aiming to unify data protection in all EU countries and bring more rights and control over data use back to individuals. In fact, GDPR incorporates guidance of data protection authorities and best practice in data protection. There almost nothing in GDPR that wouldn’t already exist somewhere. For example, data protection by design and by default principle originated back in 1980s, data protection officers already are mandatory requirement in Germany, and breach notification exist in communication sector for years.
Continue reading »
Report by the Joint Research Centre (JRC) on safety, security, privacy and societal questions emerging from the rise of the Internet of Toys – “Internet Connected Toys that constitute, along with the wave of other domestic connected objects, the Internet of Things”.
Report from Citi GPS: Global Perspectives & Solutions on how consumers are tracked, and how the data that is collected and analyzed, and how consumers feel about that.
Whitepaper on data breaches with proposals how to decrease response time. It includes seven security operations capabilities you need, a handy checklist to evaluate your security operations capabilities, and best practices for efficient security response.
paper on mobile-risk scoring and how to do that in practice. It was carried out by IAPP and Kryptowire and is based on input of 400 privacy professionals.
UN Special Rapporteur on the Right to Privacy, Joseph Cannataci, presented his report on governmental surveillance and access to personal data from a national and international perspective.
A brief guide on United Nations stand on privacy. Guide is prepared by Privacy International.
Survey on data security and incident response trends, and how to minimise data breach risks.
Annual report of the Data Protection Commissioner of Ireland for yer 2016.
Discussion paper on Certifications, seals and marks under the GDPR prepared by Centre for Information Policy Leadership. It looks at regulation provided in GDPR and benefits of such mechanisms.
Ireland’s Data Protection Commissioner is stepping up its examination of the Yahoo Inc. data breach and is awaiting information from Yahoo regarding allegations on scanning of users’ emails for US government.
In September Yahoo confessed that in 2014 hackers had stolen the data of 500 million users. But just month later Yahoo was accused in using software checking millions of emails for specific information related to national security.
UK’s National Audit Office (NAO) has found that government has breached personal data security nearly 9,000 times in a year. Most of breaches – about 6,000 – are on HMRC.
NAO found that 17 largest departments recorded 8,995 data breaches in years 2014-2015, but reported to the Information Commissioner (ICO) only 14 incidents. Although not all incidents shall be reported to ICO, NAO observed that lack of detail in the self-reporting data means it is not possible to determine how significant any of unreported breaches was.
Spotify is making some users reset their passwords and the reason is – other websites keep getting hacked. There have been numerous huge data breaches affecting tens of millions of users.
Situation is even worse because of the fact that many people re-use their passwords across many services. So breach of one service where password was re-used compromises other sites and services as login details obtained on one service can be used to gain illicit access to accounts on other services and websites.
Therefore Spotify is forcing users whose details were exposed in some of these previous breaches to change their passwords.