Technical Requirements of the GDPR

(Jan 19, 2018) The purpose of this white paper from PrivacyCheq is to list in detail all the technological requirements mandated by the new General Data Protection Regulation with regard to providing notice and managing consent.Read Now (PDF 525KB)... Read More

Health orgs paying ransomware despite having backup systems

(Jan 19, 2018) CareersInfoSecurity reports on an Indiana hospital that paid $55,000 to access data during a ransomware attack despite having backup systems available. A spokeswoman for Hancock Health said the organization paid the ransom because it did not want to risk delaying treatment for patients. The spokeswoman said it also would have taken weeks to access and restore the affected data using the backup systems, making it a better financial decision to pay the ransom. "That is why you should have an incid... Read More

Research finds more password security is needed

(Jan 18, 2018) Google Security Engineer Grzegorz Milka recently spoke about research carried out in partnership with the University of California, Berkeley, concerning the process in which accounts become compromised, Gizmodo reports. The research, conducted between March 2016 and March 2017, found 67 million valid Google account credentials on black markets. While Google takes steps to ensure user safety, including two-factor authentication, the company estimates less than 10 percent of it’s users have this e... Read More

Nahra: Key issues for 2018 privacy and security checkup

(Jan 17, 2018) In a newsletter for Wiley Rein LLP, Partner Kirk Nahra, CIPP/US, writes on key items to consider in a company’s privacy and security checkup for 2018. While Nahra lists the upcoming implementation of the EU General Data Protection Regulation as the biggest news of this year, he includes several other aspects to pay attention to when assessing the health of an organization’s privacy and security programs. Nahra writes that the checkup list applies to almost any company on some level, adding, “use... Read More

Updated privacy policy facilitates new hotel security approach

(Jan 16, 2018) Disney World Resorts introduced an updated privacy policy at four Orlando, Florida, hotels in order to inform guests that “for security, safety, maintenance or any other purpose,” hotel staff can enter rooms, CBS News reports. In the fine print of the new “Do Not Disturb” door hangers, Disney World Resorts explains that privacy has a new operational implementation. The updates come as hotels work to develop greater security operations and policies as a response to the deadly Las Vegas shooting i... Read More

ICO on the impact security flaws will have for data controllers

(Jan 11, 2018) In a blogpost for the U.K. Information Commissioner’s Office, Nigel Houlden, head of technology policy, wrote about the impact serious security flaws will have for data controllers. Drawing upon Google’s Project Zero blog post detailing the security flaws posed by Meltdown and Spectre, Houlden said the ICO “strongly recommend[s] that organisations determine which of their systems are vulnerable, and test and apply the patches as a matter of urgency. Failure to patch known vulnerabilities is a fa... Read More

Data governance platform gets $58M in Series D funding

(Jan 9, 2018) TechCrunch reports that Collibra, a company that offers firms insight into data governance, has acquired $58 million in Series D funding, lead by Iconiq Capital and Battery Ventures. This new round follows a Series C round last year in which Collibra received $50 million in funding, bringing the total raised thus far to $133 million. Collibra CEO and Co-founder Felix Van de Maele said, "Most large organizations are in data chaos. ... We help them understand what data they have, where they store ... Read More

Assessing the risks of biometric information processing

(Jan 8, 2018) The collection and use of biometric information is becoming more common, but what is biometric data? What risks are involved in processing it? And what laws govern its collection, use and retention? These are some of the questions answered in the recently recorded IAPP web conference, "Biometric Information Processing: Are the Rewards Worth the Risks?" K&L Gates Partners Julia Jacobson, CIPP/US, CIPM, FIP, and Molly McGinley are joined by Faye Ricci, Limeade vice president, legal, to help br... Read More

Tech companies rush to distribute patches for major chip flaws

(Jan 8, 2018) The Washington Post follows up on last week's news that most of the world's microchips contain significant security flaws that could leave sensitive information vulnerable to attack. The Meltdown and Spectre bugs are the result of microchip design in recent years to make computers faster and more efficient. Security professionals say new patches address the Meltdown flaw for the most part, but a fix for the Spectre flaw, which is also more difficult to exploit, may take years. Johns Hopkins Comp... Read More

Op-Ed: Why organizations must not use PII as a form of access

(Jan 8, 2018) In a piece for TechRepublic, IBM Security's Caleb Barlow explains why organizations must stop using personally identifiable information as a form of access. The sensitive information of billions of people around the world has been hacked in recent years, meaning immutable data — information that people can't change, such as their Social Security number, date of birth, or mother's maiden name — can be exploited by hackers to access another user's account. "We have to stop using things that can't ... Read More