A quick thought on moral hazard

A number of major breaches have hit the news recently - including the 500-million-data-record Marriott Hotels breach, and the Sotheby's Home Magecart hack. I'll probably go on about over-retention of ID data in another post, but right now I was wondering... Is it attractive for hacked organisations to exaggerate how long a "just-discovered" breach has … Continue reading A quick thought on moral hazard

Advertising cookies and the law

UKDPA 2018 says: 171 Re-identification of de-identified personal data (1) It is an offence for a person knowingly or recklessly to re-identify information that is de-identified personal data without the consent of the controller responsible for de-identifying the personal data. (2) For the purposes of this section and section 172— (a) personal data is “de-identified” … Continue reading Advertising cookies and the law