BigID_ldbd_ROS_Redefining
OneTrust_Leaderboard_Banner_ROS_728x90_01_19
MediaPro_Ldbd_ROS_iapp-executive-summary-ad-cta-1-728x90-opt
MetaCompliance_Webcon
S17_Banner_300x250-COPY
PrivacyTraining_ad300x250.Promo1-01

(Feb 17, 2017) In this episode of The Privacy Advisor Podcast, Jedidiah Bracy, CIPP, discusses his experience at the RSA Conference in San Francisco, California, this week where he spoke on a panel titled, "Encryption and Back Doors: The Line Between Privacy and National Security." Evident both at RSA and via the IAPP's recently released Privacy Tech Vendor Report, Bracy says, a proliferation of vendors have risen to the challenge of helping companies with the complicated and arduous task of protecting data, and the privacy and security worlds are becoming increasingly intertwined.  Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

Automating risk assessment

(Feb 17, 2017) Rebecca Herold, CIPM, CIPP/US, CIPT, FIP, estimates she has done hundreds of security risk assessments since she took them on as part of her career path. While performing them, even developing her own methodology to help produce them faster, Herold began to notice patterns emerging. Now, she's brought that depth of knowledge to software developer David Greek to create SIMBUS Risk Management, an automation tool for the privacy and security industry. IAPP Staff writer Ryan Chiavetta talked shop with Herold and Greek for Privacy Tech. Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

Arguments begin in Schrems 2.0

(Feb 17, 2017) Justice Caroline Costello, of the High Court of Ireland, has begun hearing arguments regarding Irish Data Protection Commissioner Helen Dixon's request to have the CJEU determine whether standard contractual clauses are legitimate methods for transferring personal data outside the EU, Independent.ie reports. Schrems lawyer Eoin McCullough argued Dixon should suspend transfers immediately, and that the CJEU's involvement is unnecessary, while Facebook lawyer Paul Gallagher agreed the CJEU should not be involved, but rather because Schrems' objections to data transfers are "deeply flawed" and have been overtaken by events surrounding the establishment of Privacy Shield. Read More

Daily Dashboard, Europe Data Protection Digest

WP29 still concerned about Trump immigration order

(Feb 17, 2017) While analysis of U.S. President Donald Trump's executive order on immigration appears to show it does not threaten the underpinnings of the Privacy Shield framework, the Article 29 Working Party would like to be sure, Reuters reports. As part of their February plenary session, the EU DPAs decided to write to U.S. authorities directly to point out concerns and seek clarifications. Reached by Reuters, the U.S. Mission to the EU attempted to quickly allay fears: "The executive order also does not affect Privacy Shield because Privacy Shield protections are not dependent on the Privacy Act." Read More

Daily Dashboard, Europe Data Protection Digest

Study: Anonymous web browsing doesn't mean you stay anonymous

(Feb 17, 2017) A study conducted by Stanford University and Princeton University researchers has found that anonymous browsing data can be frequently tied back to actual identities, The Conversation reports. After having users "donate" their browsing history, researchers attempted to connect the data with their Twitter accounts. "Seventy-two percent of people who we tried to deanonymize were correctly identified as the top candidate in the search results, and 81 percent were among the top 15 candidates," resea... Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

My Friend Cayla doll: Off with her head, German agency advocates

(Feb 17, 2017) Germany's Federal Network Agency has urged parents to destroy popular talking doll, My Friend Cayla, believing its smart capabilities too easily leak personal information, BBC News reports. "Researchers say hackers can use an unsecure Bluetooth device embedded in the toy to listen and talk to the child playing with it" from up to 10m (33 ft.) away, the report states. University of Saarland student Stefan Hessel's legal concerns about such potential monitoring spurred the warnings from the FNA. The doll is not a stranger to controversy, having received complaints from both U.S. and EU consumer groups since software vulnerabilities were discovered in January 2015. Read More

Daily Dashboard, Europe Data Protection Digest

Travelers wonder whether to bring phone to US

(Feb 17, 2017) BBC News examines software engineer Quincy Larson's widely shared blog post advising travelers to leave their mobile devices at home when traveling to the U.S. Larson's argument was sparked by the airport detainment and subsequent demand for the smartphone password of American-born NASA engineer Sidd Bikkannavar's phone. Larson viewed this incident as a "dangerous precedent." In light of his suggestion, BBC News' Rory Cellan-Jones reached out to U.K. and U.S. officials for their take. The U.K. F... Read More

Daily Dashboard, Europe Data Protection Digest

Notes from the IAPP Europe Managing Director, 17 February 2017

(Feb 16, 2017) Greetings from Brussels! The IAPP “2017 Privacy Tech Vendor Report” has already been refreshed with a v. 1.2, which can now be downloaded here. The report as a whole, released initially Jan. 31, has been a while in the making and is the result of increasing demand, as privacy pros look to identify appropriate tech solutions to help them with privacy operations. The technology guide now features more than 50 companies, with more than 3,500 words of analysis and categorization by way of introduct... Read More

Europe Data Protection Digest

HSE 'administrative error' not reported as data protection breach

(Feb 16, 2017) An “administrative error” leading to a false allegation against a Garda whistleblower should have been reported as a data protection breach, The Irish Sun reports. The Health Service Executive stated the error was brought to the attention of its Regional Manager for Data Protection and Consumer Affairs when it was discovered in 2014. The error resulted in false sex-abuse allegations against Sergeant Maurice McCabe. The information was held on file and shared with other agencies, but was not recorded on HSE’s data breach log. Data protection laws state organizations must ensure all personal information they hold in their records are “accurate and, where necessary, kept up to date.” Read More

Europe Data Protection Digest

Sports Direct reports data breach to ICO, but not staff

(Feb 16, 2017) When Sports Direct suffered a data breach last year compromising employees’ unencrypted data, it reported the incident to the U.K. Information Commissioner’s Office, but did not tell its staff, BBC News reports. According to The Register, “an inside source” said the hacker attacked a system the retailer used to operate a staff portal. "Sports Direct workers will be anxious to know what personal details have been hacked in this apparently serious data breach and why they weren't immediately informed about it by their employer,” Unite Assistant General Secretary Steve Turner said. “This is potentially sensitive and personal information such as national insurance numbers and bank details that we're talking about. It's completely unacceptable that the workers affected appear not to have been informed and the data breach swept under the carpet." Read More

Europe Data Protection Digest