German ministers call for stronger data protection measures after health care breach

(Sep 19, 2019) After the medical data of 13,000 German patients was discovered on an unprotected server, ministers have called for legal requirements for stronger security protocols, DW reports. The data included patients’ names and, in some cases, photos. "We don't want this data to end up with an employer, an insurance company, a bank. It makes it more likely you'll be rejected for a job or a credit," Federal Commissioner for Data Protection Ulrich Kelber said. German Health Minister Jens Spahn said any Germ... Read More

Inside the Privacy Shield annual review: Increasing common ground

(Sep 16, 2019) Dozens of senior U.S. and EU government officials gathered at the National Press Club in Washington last week for the Privacy Shield annual review. They were joined by officials from data protection authorities in Austria, Bulgaria, France, Germany and Hungary to discuss whether the three-year-old framework is functioning as intended. I had the opportunity to catch up with Privacy Shield Director Alex Greenstein shortly after the review concluded Friday evening to get his take on how it all wen... Read More

Report: Data trusts bring privacy, governance dilemmas

(Sep 13, 2019) The Financial Times reports the use of data trusts for storing and sharing anonymized data is raising privacy and governance concerns. The trusts help obtain value from anonymized data while steering clear of privacy regulations. However, regulations like the EU General Data Protection Regulation test the trusts, as the law calls for user consent and data subjects' rights to delete data upon their request. The U.K.'s Open Data Institute began a pilot study for the trusts earlier this year, looki... Read More

AWS says Capital One vulnerability 'not specific to the cloud'

(Jul 31, 2019) The Washington Post continues coverage of one of the largest data breaches of a financial institution in history after it was discovered earlier this week that a former Amazon Web Services employee exploited a misconfigured firewall in Capital One's cloud-hosted network. The breach, which affected more than 100 million customers, highlights some of the potential risks financial institutions face as they migrate data to the cloud. According to the report, AWS said it did store the data that was s... Read More

Hacker accesses info of 106M credit card customers, applicants

(Jul 30, 2019) A former Amazon Web Services employee was arrested after it was discovered she accessed the personal information of approximately 106 million Capital One credit card customers and applicants. The incident may be one of the largest thefts of personal data from a bank, The New York Times reports. The majority of data compromised in the incident involved data submitted by anyone who applied for a credit card between 2005 and 2019 and included dates of birth, addresses and self-reported income, as w... Read More

Report: Cyberinsurance premiums reached $2B in 2018

(Jul 29, 2019) A study from Moody’s Investors Service found cyberinsurance premiums grew to $2 billion in 2018 and have seen a cumulative annual growth rate of 26% since 2015, the South China Morning Post reports. Moody’s found global insurance companies have financially benefited from the increased demands for cyberinsurance. “The proliferation of new rules around the globe boosts demand for cyber insurance, but also raises questions and highlights uncertainty around the scope of insurance coverage,” Moody’s ... Read More

In FTC vs. Facebook, the final result is a stalemate

(Jul 25, 2019) So who won the bout between Facebook and the U.S. Federal Trade Commission? Everyone and no one. One the one hand, both sides can claim victory. The FTC imposed its largest privacy fine ever, 200 times over, came up with new stringent compliance obligations, and did so while avoiding long, costly and, most importantly, risky litigation. Facebook shielded its senior executives from liability, obtained immunity from years’ worth of questionable practices, and did so without changing its underlyin... Read More

Thinking through ACL-aware data processing

(Jul 17, 2019) Large cloud computing services are generally run for multiple users. In a few cases, all the data processed by that service is public. In virtually all cases, users have an expectation that some of the information about them is kept private. Even if the data store itself is public, logs about access to that data are generally not. Keeping each person’s information separate is most simple in the primary data stores, where each object can easily have its own access control list. Once we step into... Read More

Tech talk: Exploring ACL-aware data processing

(Jul 17, 2019) Large cloud computing services are generally run for multiple users. In a few cases, all the data processed by that service is public. In virtually all cases, users have an expectation that some of the information about them is kept private. Even if the data store itself is public, logs about access to that data are generally not. Keeping each person’s information separate is most simple in the primary data stores, where each object can easily have its own access control list. However, most clou... Read More