I’ve been re-reading the Article 29 Working Party’s report on workplace monitoring. I mean, who’d be rockstar when you can have my life? Anyway, I thought this section merited reproduction in full: 5.8 Processing operations involving disclosure of employee data to third parties It has become increasingly common for companies to transmit their employees’ data … Continue reading Yay! No more “our team” pages
Category: Law
No, you can’t snoop on your staff
I do wish the Europeans would make up their minds. There was an ECJ ruling a couple of years ago that made it clear that you could monitor your employees' private use of the internet while at work. The GDPR also makes it clear that you can process information that the data subject has "manifestly" made … Continue reading No, you can’t snoop on your staff
Yes, data protection matters to you too
It's been a big week for security news. Parliamentary email hacked, UK politician logon credentials circulating for sale, a massive (paper) data breach at the NHS, another massive ransomware outbreak, Boomerang Video fined... Wait, what? Who the hell are Boomerang Video? Boomerang are a small video-game rental operation. Their website was hacked in 2014 and … Continue reading Yes, data protection matters to you too
Hahahahahahahahahahaha
Oh you really couldn’t make it up. Recent terrorist outrages have prompted various European politicians to call, with more or less complete technological illiteracy, for encryption to be weakened so that the security services can spy on us more effectively. I’ve written about this several times, pointing out why this is a criminally stupid suggestion, … Continue reading Hahahahahahahahahahaha
News in brief
UEA accidentally sent a spreadsheet with confidential medical information to 320 undergrads. The sheet wasn’t password protected, or encrypted, because... the confidential medical information was stored in a spreadsheet because… the spreadsheet was accessible to be attached to an email because… Please tell me that the GDPR will prompt UK orgs to spend at least … Continue reading News in brief
At least make a token effort
I was talking to someone about data security yesterday afternoon, and mentioned the Mexican data breach where 93.4m citizen records were left in an unsecured cloud database – and immediately stolen – as an example of the carelessness people seem to experience when taking advantage of cheap web storage and processing. Pretty much while I … Continue reading At least make a token effort
GDPR consent update (not really)
I wrote to the ICO to ask them about this consent theory that's doing the rounds. [TL;DR - you can use Article 6.1(f) of GDPR to let you send postal direct mail and make phone calls to people who haven't consented.] ...and the ICO said: Dear Mr Rapp Thank you for your email of 18 … Continue reading GDPR consent update (not really)
