The ICO has fined a pensions advisor £40k for sending nearly 2m spam emails. So far, so nobody-cares-about-PECR[i]. In fact the fine is pretty low for an infringement of this size. Why? Because the Grove Pension Solutions checked their proposed marketing scheme with a “recognised specialist data protection consultancy” and an “independent data protection solicitor” … Continue reading Bought-in lists are dead
This is getting silly. We're all familiar with password complexity rules intended to help us create "strong" passwords that are harder to crack. Those of us who have been paying attention will know that the real outcome of this approach is to create passwords that are surprisingly easy for computers to crack but really hard … Continue reading Oh for Pete’s sake (passwords again)!
Bit of a technical one for the privacy nerds here. There's an interesting update from the ECJ: The Advocate General proposes to rule that under the Data-Protection-Directive the operator of a website who has embedded on its website a third-party plugin (such as the Facebook Like button), which causes the collection and transmission of the user’s … Continue reading Who’s in control? (wonkish)
This is more of a reminder than anything else. I've already blogged about the risks of a hard Brexit from a data protection compliance perspective, and we've featured it in our October newsletter at Securys. But now the ICO has also said similar things, and the government is moving to "full hard-Brexit preparation". So it's … Continue reading Hard Brexit preparation
A number of major breaches have hit the news recently - including the 500-million-data-record Marriott Hotels breach, and the Sotheby's Home Magecart hack. I'll probably go on about over-retention of ID data in another post, but right now I was wondering... Is it attractive for hacked organisations to exaggerate how long a "just-discovered" breach has … Continue reading A quick thought on moral hazard
We were worried this was going to happen. So much so that we flagged it in our October newsletter. This is section 25 of the European Commission's current draft contingency plan for a no-deal Brexit: Personal data25 In the case of a no deal scenario, as of the withdrawal date, the transfer of personal data … Continue reading Well, there you go. We’re inadequate.
I've written about email-based fraud before. I cover it in every talk I give. It's in our 20-minute guide to cyber-security. It's in our October newsletter. It's made the mainstream news. But whether you call it spear-phishing, whaling or "business email compromise" it seems that all the training in the world just can't help some … Continue reading It’s 2018 and there are still morons