What’s happened? Schrems strikes again. We’re all going to have to find new ways to protect transfers of data to the US – or stop doing it. The ECJ today invalidated the Privacy Shield framework that was cobbled together in 2015 after the ECJ struck down Safe Habour in response to the original lawsuit Max … Continue reading Privacy Shield is dead. Now what?
Stop the world, I want to get off! Well, they’ve stopped the world, but we want to stay on. However hard we’re trying to keep up with business as usual, it’s inevitable that the pace is going to slow once the initial burst of adaptation has passed. Use this opportunity to take stock Not only … Continue reading Fellow privacy professionals – your country needs you!
Society has always had its share of bad apples. Even now, in the midst of an unprecedented crisis all some people can see is the opportunity to take advantage of others. There’s been a huge uptick in all kinds of fraud, usually targeting people’s understandable anxieties about the virus or their own financial situation. Here’s what you … Continue reading One man’s crisis is another man’s opportunity.
Please, if you're working with personal data as part of the Covid19 response, whether as an employer, a healthcare professional, a privacy specialist or a data scientist, try to think about the possible long term harm you could be causing as you try for short-term good.
I've been on a blogging hiatus - mostly because the news always seems to be much the same. Don't worry, though, it's getting interesting again and I have things to say, so watch this space for some proper blogging soon. In the meantime: Please, even if you don't actually sell ads, stop colluding with the … Continue reading Quick Friday grumble
Anyone who cares about privacy has been waiting for the signal to start taking the new Data Protection Act seriously. Frankly, after the big rush to get "GDPR-ready" by May of last year, most organisations seem to have returned privacy to the too-hard pile. Very few have done anything to embed privacy as a living … Continue reading It’s time to get ethical
This is getting silly. We're all familiar with password complexity rules intended to help us create "strong" passwords that are harder to crack. Those of us who have been paying attention will know that the real outcome of this approach is to create passwords that are surprisingly easy for computers to crack but really hard … Continue reading Oh for Pete’s sake (passwords again)!
A number of major breaches have hit the news recently - including the 500-million-data-record Marriott Hotels breach, and the Sotheby's Home Magecart hack. I'll probably go on about over-retention of ID data in another post, but right now I was wondering... Is it attractive for hacked organisations to exaggerate how long a "just-discovered" breach has … Continue reading A quick thought on moral hazard
I've written about email-based fraud before. I cover it in every talk I give. It's in our 20-minute guide to cyber-security. It's in our October newsletter. It's made the mainstream news. But whether you call it spear-phishing, whaling or "business email compromise" it seems that all the training in the world just can't help some … Continue reading It’s 2018 and there are still morons
That's how much companies in the UK have been fined over the past 12 months for data breaches and contraventions of data protection law. Sounds like a lot - or maybe it doesn't, given how frequently data breaches are in the news. There's a reason for that. Of the £21.5m, 76% is one fine. Not … Continue reading £21,474,000.00
A bigger picture 