News in brief

UEA accidentally sent a spreadsheet with confidential medical information to 320 undergrads. The sheet wasn’t password protected, or encrypted, because... the confidential medical information was stored in a spreadsheet because… the spreadsheet was accessible to be attached to an email because… Please tell me that the GDPR will prompt UK orgs to spend at least … Continue reading News in brief

At least make a token effort

I was talking to someone about data security yesterday afternoon, and mentioned the Mexican data breach where 93.4m citizen records were left in an unsecured cloud database – and immediately stolen – as an example of the carelessness people seem to experience when taking advantage of cheap web storage and processing. Pretty much while I … Continue reading At least make a token effort

Kafka strikes again: GDPR requires consent, but you can’t ask for it

I’ve let this one fester for a while – partly because I’ve been angry about other things, and partly because you must be bored with my ranting about the GDPR by now. But I really can’t let this one pass. A key principle – perhaps the key principle – of the GDPR is the requirement … Continue reading Kafka strikes again: GDPR requires consent, but you can’t ask for it

What was that about insider risk?

I think I might have mentioned recently that your main cyber risk is your own staff,  and that it's more often carelessness than ill intentions. Apparently I was being clairvoyant again: yesterday Boeing notified the regulator that an employee had accidentally sent out the personal details of 36,000 staff in an email to his wife.  Now Boeing has to pay for … Continue reading What was that about insider risk?