News in brief

UEA accidentally sent a spreadsheet with confidential medical information to 320 undergrads. The sheet wasn’t password protected, or encrypted, because... the confidential medical information was stored in a spreadsheet because… the spreadsheet was accessible to be attached to an email because… Please tell me that the GDPR will prompt UK orgs to spend at least … Continue reading News in brief

Kafka strikes again: GDPR requires consent, but you can’t ask for it

I’ve let this one fester for a while – partly because I’ve been angry about other things, and partly because you must be bored with my ranting about the GDPR by now. But I really can’t let this one pass. A key principle – perhaps the key principle – of the GDPR is the requirement … Continue reading Kafka strikes again: GDPR requires consent, but you can’t ask for it

Visitors – you just can’t trust them

Keeping your server in your office keeps your data safe, right? Just make sure the firewall is working and you’re golden. Because if it’s inside your physical perimeter, it’s protected, isn’t it? Well… It depends on your visitor policies. Your what? All that boring stuff to do with signing people in, showing them to meeting … Continue reading Visitors – you just can’t trust them

What was that about insider risk?

I think I might have mentioned recently that your main cyber risk is your own staff,  and that it's more often carelessness than ill intentions. Apparently I was being clairvoyant again: yesterday Boeing notified the regulator that an employee had accidentally sent out the personal details of 36,000 staff in an email to his wife.  Now Boeing has to pay for … Continue reading What was that about insider risk?