Big fines aren’t the big deal

Uber decided to double-down in its race to the moral bottom. Not content with spying on customers, misleading regulators, employing sex-pests and generally having a toxic corporate culture, the taxi-subsidy service tried to conceal a hack that breached the personal details of more than 57m people, including drivers as well as riders. Much is being … Continue reading Big fines aren’t the big deal

You’re in trouble no-o-o-w…

The Equifax mega-breach has now led to two UK regulators investigating the same cock-up. The ICO obviously jumped in straight away, as you'd expect, but now the FCA has turned up to the party, bottle of cheap Bulgarian red from the corner shop in sweaty hand, hoping there's still some cake left. This will be fun. … Continue reading You’re in trouble no-o-o-w…

Yes, data protection matters to you too

It's been a big week for security news. Parliamentary email hacked, UK politician logon credentials circulating for sale, a massive (paper) data breach at the NHS, another massive ransomware outbreak, Boomerang Video fined... Wait, what? Who the hell are Boomerang Video? Boomerang are a small video-game rental operation. Their website was hacked in 2014 and … Continue reading Yes, data protection matters to you too

At least make a token effort

I was talking to someone about data security yesterday afternoon, and mentioned the Mexican data breach where 93.4m citizen records were left in an unsecured cloud database – and immediately stolen – as an example of the carelessness people seem to experience when taking advantage of cheap web storage and processing. Pretty much while I … Continue reading At least make a token effort

Kafka strikes again: GDPR requires consent, but you can’t ask for it

UPDATED 22nd of May 2018 This post has been getting a lot of traffic recently. I wrote it more than a year ago. Since then I've been working almost exclusively on GDPR implementation for clients and my understanding of the regulation has deepened. I'm going to leave the post as it was originally written below, but … Continue reading Kafka strikes again: GDPR requires consent, but you can’t ask for it

Privacy Shield – (some of) what you need to know

What is it? Despite the name, it’s not a feminine hygiene product. It’s the long-awaited replacement for Safe Harbour, the data protection scheme allowing data on EU citizens to be exported to the US for processing. You can read more on this blog about why Safe Harbour needed replacing. When does it take effect? It … Continue reading Privacy Shield – (some of) what you need to know