CNIL – causes of reported data breaches (May – October 2018)

The CNIL (the French Data Protection Authority) received 742 notifications of personal data breaches (and see the original report in French) that affected over 33 million individuals located in France or elsewhere. 695 related to confidentiality breaches. The accommodation and food services sector had the highest number of breaches – 185. This is due to a specific case… Read More

My top 3 items from the Information Commissioner’s fireside chat

On Tuesday 17 October I was at IAPP’s ‘fireside chat’ with Elizabeth Denham, the Information Commissioner. The top 3 items for me were: GDPR certification – details to be published in early 2018, the ICO is leading the work on this in WP29. The Commissioner thought it should be based on Accountability and mentioned the approach… Read More

Mirror mirror on the wall, who’s the fairest Application and OS of them all

The Computer Vulnerabilities and Exposures (CVE) website provides yearly summaries of application and operating systems vulnerabilities. Having a vulnerability is not the same as it actually being exploited, but the figures provide a useful, if somewhat crude way, of identifying what needs protecting and how this compares to 2015. For anyone that doesn’t want to read much further the… Read More

Perception vs Reality of cyber crime

Would you consider your house as secure if it had been broken into in the past year, and the police had not caught the gang that was breaking into most of the other houses on your street? Probably not. Compare this to businesses and cyber crime. A recent report indicates there is a disconnect between the reality… Read More

Why the silent treatment will not be an option for your business

If your business stores any personal information – and that includes name, email address, and telephone numbers – you need to be aware of the data protection changes that will be enforced from May 2018 when the General Data Protection Regulation (GDPR) replaces the Data Protection Act. A common question is what about the Brexit… Read More

The SMEs guide to the General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) will replace the Data Protection Act (DPA) in May 2018. The headline-grabbing impact of the GDPR are the fines; up to €20m or 4% of global turnover (whichever is the higher) depending on the scale of the issue you have with personal data. But it also presents OPPORTUNITIES; to improve… Read More

Apple and Differential Privacy – is it different and is it private

Apple has announced that iOS10 will use ‘differential privacy’ to maintain the privacy of the data is collecting. Apple SVP Craig Federighi said that the ‘…great work in iOS 10 would be meaningless if it came at the expense of your privacy’. I will admit that I had not come across Differential Privacy before so… Read More

Why keeping information secure is much more than an IT issue

When I ask business owners what they are doing to keep their business information secure, the vast majority say it is an IT issue and I should talk to their IT team or the company used to maintain their IT systems. But what about dealing with risks from your staff, lack of adequate physical security or keeping… Read More

Can I please have your personal information? OK!

What would you do if someone came up to you, leaned over and whispered in your ear can I please have your personal information? Personally, I would tell them to go away, possibly using words a bit stronger than that, and walk away. But every day people are saying it is OK for someone they… Read More

The outlook is Cloudy with possible spells of data protection issues

This isn’t a blog about the weather, but some people may be in for a stormy time if they use apps or services that don’t have good data protection measures in place. The majority of us now use ‘the Cloud’ to provide services or store data. The main players seem to have good data protection policies… Read More