A quick thought on moral hazard

A number of major breaches have hit the news recently - including the 500-million-data-record Marriott Hotels breach, and the Sotheby's Home Magecart hack. I'll probably go on about over-retention of ID data in another post, but right now I was wondering... Is it attractive for hacked organisations to exaggerate how long a "just-discovered" breach has … Continue reading A quick thought on moral hazard →

Well, there you go. We’re inadequate.

We were worried this was going to happen. So much so that we flagged it in our October newsletter. This is section 25 of the European Commission's current draft contingency plan for a no-deal Brexit: Personal data25 In the case of a no deal scenario, as of the withdrawal date, the transfer of personal data … Continue reading Well, there you go. We’re inadequate. →

It’s 2018 and there are still morons

I've written about email-based fraud before. I cover it in every talk I give. It's in our 20-minute guide to cyber-security. It's in our October newsletter. It's made the mainstream news. But whether you call it spear-phishing, whaling or "business email compromise" it seems that all the training in the world just can't help some … Continue reading It’s 2018 and there are still morons →

Advertising cookies and the law

UKDPA 2018 says: 171 Re-identification of de-identified personal data (1) It is an offence for a person knowingly or recklessly to re-identify information that is de-identified personal data without the consent of the controller responsible for de-identifying the personal data. (2) For the purposes of this section and section 172— (a) personal data is “de-identified” … Continue reading Advertising cookies and the law →