UKDPA 2018 says: 171 Re-identification of de-identified personal data (1) It is an offence for a person knowingly or recklessly to re-identify information that is de-identified personal data without the consent of the controller responsible for de-identifying the personal data. (2) For the purposes of this section and section 172— (a) personal data is “de-identified” … Continue reading Advertising cookies and the law
Here's why: https://www.bloomberg.com/news/articles/2018-08-30/google-and-mastercard-cut-a-secret-ad-deal-to-track-retail-sales Short version - if you buy something in a US store with your Mastercard, they tell Google about it. Google then reconciles your purchase with your advertising exposure while logged in with a Google account, and sends a report to advertisers to show how on-line ads drive offline sales. This is, of course, … Continue reading Why do we need data protection laws?
If I get one more email telling me that “GDPR means we have to ask you to opt-in” I think I’m going to go postal. Let’s do this slowly, and this time with feeling. Marketing (and fundraising) emails are covered by the Privacy and Electronic Communications Regulation 2003. That’s right, a 15-year-old piece of legislation. … Continue reading GDPR: you’re all getting it wrong
Hoo boy. Here we go again. More silly codenames, more incomprehensible tech gobbledegook, more security flaws, more worry. What does it all mean? I’m not going to give a detailed technical explanation. The best one is here. The very very short version is that processor speeds have run ahead of memory speeds for some time, … Continue reading Meltdown, Spectre and other James Bond movie titles
I wrote a blog entry five years ago, explaining why using security questions for password resets was a bad idea. (Why “improved” on-line security could compromise your bank account). It's still true, and we're still getting it wrong. Last week saw an American fined about £200k and sent to prison for nine months for hacking … Continue reading It’s 2018 and we still can’t get basic things right
I wasn't going to blog about Carphone Warehouse being fined £400k by the ICO for a breach, because boring-boring-you've-done-this-before, but then I couldn't help myself. Carphone's offence? A data breach. Resulting from poor maintenance of cyber security on an internet-facing webserver. You remember TalkTalk? They were fined £400,000 just over a year ago. For a … Continue reading What does it take?
The Equifax mega-breach has now led to two UK regulators investigating the same cock-up. The ICO obviously jumped in straight away, as you'd expect, but now the FCA has turned up to the party, bottle of cheap Bulgarian red from the corner shop in sweaty hand, hoping there's still some cake left. This will be fun. … Continue reading You’re in trouble no-o-o-w…