Verizon releases 2020 'Data Breach Investigation Report'

(May 20, 2020) Verizon released its "Data Breach Investigation Report for 2020," ZDNet reports. The telecommunications company analyzed 157,525 incidents and found 3,950 were confirmed data breaches. Of the reported incidents, 71% involved cloud and on-premise assets, which also accounted for 22% of breaches. One of the few attacks that rose compared to 2019 involved companies leaving private data in unsecured cloud services. Verizon Senior Information Security Data Scientist Gabe Bassett attributed the rise t... Read More

Microsoft partners with Poland on $1B cloud project

(May 7, 2020) Microsoft signed on for a $1 billion cloud project in Poland that includes opening up a data center to facilitate cloud services for businesses and government, Reuters reports. Microsoft is joining with Polish cloud provider Chmura Krajowa on a seven-year partnership that will see the big tech company provide cloud-based technology training. Polish Prime Minister Mateusz Morawiecki said the partnership will help sectors "digitally transform and implement new work standards."Full Story... Read More

How to comply with data localization laws during COVID-19

(May 6, 2020) As health care organizations look to conduct important clinical trials in regions such as the Asia-Pacific for a wide variety of ailments, including COVID-19, they need to make sure that health care data gathered from these trials meet the increasingly stringent privacy standards and regulations put in place by various countries in the region. In this piece for The Privacy Advisor, InCountry Vice President and General Manager of Asia-Pacific John Childs-Eddy explores the challenges health care o... Read More

Sens. seek information on government's inability to process FOIA requests

(May 5, 2020) U.S. Sens. Patrick Leahy, D-Vt., Chuck Grassley, R-Iowa, Dianne Feinstein, D-Calif., and John Cornyn, R-Texas, sent a letter to the Department of Justice's Office of Information Policy seeking information about the federal government's ability to respond to Freedom of Information Act requests during the COVID-19 pandemic. Meanwhile, Australian Secretary of Home Affairs Mike Pezzullo said U.S. authorities would not be able to access the COVIDSafe app's National Data Store via the Clarifying Lawfu... Read More

Research: Websites leaking user emails to third parties

(May 1, 2020) Millions of user emails are being leaked from popular websites, including Quibi, the Washington Post and JetBlue, to third-party advertising and analytics companies, analytics consulting firm Victory Medium founder Zach Edwards writes in a piece for Medium. He says organizations should be aware of this vulnerability and submit deletion requests to the third parties. “Hopefully, organizations will start to take a more proactive approach to trying to stop this type of data supply data breach,” Edw... Read More

Guidance for privacy pros conducting a cloud migration PIA

(Apr 1, 2020) As more and more companies put their data in the cloud, Dataguise Senior Vice President of Enterprise Privacy Solutions Sagi Leizerov, CIPP/US, writes one of the most important privacy impact assessments organizations need to perform "is for the migration of personal information to the cloud environment." In this piece for Privacy Tech, Leizerov offers some guidance for privacy professionals to consider when they conduct their next cloud migration PIA.Full Story... Read More

Guidance for a cloud migration PIA

(Apr 1, 2020) There’s something exciting about migrating data to a new environment. It’s an opportunity to start fresh, like the decluttering and reorganizing we do before we move to a new house. It’s also the time to really think about what personal data we are migrating and how we intend to allow for its processing. Since companies are increasingly making the choice to have their data float above them, one of the most important privacy impact assessments (aka data protection impact assessments under the EU... Read More

How to manage data breaches in the cloud

(Feb 14, 2020) The day-to-day business penetration of cloud services has reached an all-time high and is expected to grow further in 2020. Under the EU General Data Protection Regulation’s accountability principle, data controllers that use cloud service resources must prepare themselves in advance to effectively manage “cross-entity” data-processing activities, the related risks and potential data breaches. In this piece for The Privacy Advisor, Provaris Varga & Partners’ Ádám Liber, CIPP/E, CIPM, FIP, an... Read More

Managing data breaches in the cloud

(Jan 28, 2020) The day-to-day business penetration of cloud services has reached an all-time high and is expected to grow further in 2020. With the adoption of cloud services, the regular data controller and data processor setup is also becoming more obsolete and transforms into a data controller (regular data processor), one or more cloud service provider (sub-processor), or data controller (one or more CSP data processors set up in the EU). This implies the threat landscape and privacy risks data controllers... Read More

Op-ed: Data security in cloud computing calls for shared responsibility

(Jan 24, 2020) In an era of cloud computing, security and data breaches are a top issue, Blazeclan Technologies Co-Founder and CEO Varoon Rajani writes in an op-ed for Entrepreneur India. Ensuring data security and protection in cloud computing extends beyond the service provider alone. It takes a shared responsibility between businesses and a cloud vendor, Rajani notes. “This matrix of responsibility eliminates single points of failure and achieves higher security,” he writes. “Sharing the responsibility of c... Read More