UEA accidentally sent a spreadsheet with confidential medical information to 320 undergrads. The sheet wasn’t password protected, or encrypted, because... the confidential medical information was stored in a spreadsheet because… the spreadsheet was accessible to be attached to an email because… Please tell me that the GDPR will prompt UK orgs to spend at least … Continue reading News in brief
I was talking to someone about data security yesterday afternoon, and mentioned the Mexican data breach where 93.4m citizen records were left in an unsecured cloud database – and immediately stolen – as an example of the carelessness people seem to experience when taking advantage of cheap web storage and processing. Pretty much while I … Continue reading At least make a token effort
Being involved in cyber-security can be quite depressing. So much of the time we see things that make life better for many people being spoiled by a few bad hats. I can't help feeling this is getting worse, and that our digital future will be more paranoid, more cautious, less global and considerably less convenient … Continue reading Have we passed peak convenience?
I wrote to the ICO to ask them about this consent theory that's doing the rounds. [TL;DR - you can use Article 6.1(f) of GDPR to let you send postal direct mail and make phone calls to people who haven't consented.] ...and the ICO said: Dear Mr Rapp Thank you for your email of 18 … Continue reading GDPR consent update (not really)
Everybody’s panicking about the GDPR. Rightly. And the main thing in the GDPR that’s causing the panic is the requirement for consent. The GDPR is really clear that consent must be explicit and unambiguous – you can’t rely on the consumer having read an obscure privacy section of your website, or ask them to give … Continue reading Back to the future
I will say this only once. Just because WannaCrypt turned out not to be the end of the world, and Microsoft unexpectedly released patches for unsupported operating systems, and Trump dropped the ball again, and there’s an election in the UK, and you’re bored with cynical marketing emails from IT companies, so you’ve moved on…it … Continue reading Now pay attention
I was having a chat with a journalist over the weekend, talking about what the future looks like for cyber-security risk in the UK. Here’s a transcript: J: Where does it all go from here? BR: Lots of hot air from politicians. Nothing done for months. A massive deal for ATOS or someone to refresh … Continue reading #WannaCrypt #NHSCyberAttacks : what comes next?