Encrypt data at rest

The Register reports this morning: American health insurer Centene Corp says it has lost 950,000 sensitive customer records stored on six hard drives. The drives hold customers' name and address, date of birth, Social Security numbers, and health information. Encrypted? Obviously not. Excuse? None. https://www.becrypt.com/uk/encryption http://buy.symantec.com/estore/clp/productdetails/pk/drive-encryption http://www.deslock.com/ https://www.checkpoint.com/products/full-disk-encryption/ http://windows.microsoft.com/en-gb/windows-vista/bitlocker-drive-encryption-overview BitLocker is even free. How hard … Continue reading Encrypt data at rest →

Left hand, right hand, other hand – what a mess!

Still chewing through the GDPR, so that’ll have to wait. In the meantime, more evidence that the nicest word we can use to describe the current state of data protection in Europe is…disconnected. First we have the European Commission desperately trying to reach an accommodation with the US on Safe Harbour after the European Court … Continue reading Left hand, right hand, other hand – what a mess! →

Yes, you can snoop on your staff

More Euro weirdness. The European Court of Human Rights (ECHR) has decided that an employer was justified in monitoring an employee’s private Yahoo Messenger chats. That happened in 2007, when Yahoo Messenger was still a thing, but it’s the principle that matters. It may have taken a mere 9 years to grind its way through … Continue reading Yes, you can snoop on your staff →

Someone’s been breached…but I don’t know whom

Just got off the phone from our corporate card provider to reset my card after a fraud block. Their words: “a number of customer card details were copied from where they were used recently and are being used to make fraudulent transactions”. So presumably at least one of the promised Christmas POS malware attacks came … Continue reading Someone’s been breached…but I don’t know whom →