In this week’s news: Apple ‘sorry’ that workers listened to Siri voice recordings, 300 contractor jobs go. To protect customers, Japan to introduce tougher rules for tech giants. Bulgarian DPA issues a fine of €2.6 million will be imposed by the Bulgarian DPA (in Bulgarian) on the National Revenue Agency (NRA) for the leakage of personal data of nearly 5 million …
This is Part 3 of a series on Understanding ISO 27001. The other parts can be found here. Risk Management is a delicate topic as it tends to draw the perfectionists out of the woodwork. Clause 6 of ISO 27001 wants you to implement a risk assessment process and a risk treatment process. I don’t …
Understanding ISO 27001 – Part 3 – Risk Treatment Read More »
This post will pick up from clause 5. All the other parts of this series can be found here. Clause 5 is titled Leadership. This is a bit of a red herring. It really should have been called Governance. What clause 5 is trying to ensure, is that senior management within the scope of the …
The ISO 27001 Standard is written using a standardised ISO glossary of terms. These apply across the whole breadth of ISO Standards, so if you are implementing multiple standards, you can quickly understand what is required and get on with it. Unfortunately, if this is your first exposure to ISO standard speak, it is a …
The European Central Bank (ECB) has closed its Banks’ Integrated Reporting Dictionary (BIRD) website due to a data breach. UK Government sends confidential email about government no-deal preparations to wrong Sharma – Labour backbencher Virendra Sharma instead of International Development Secretary, Alok Sharma Irish Data Protection Commissioner published a damming report on Public Services Card – Irish PM concedes change will be …
Part 5 of the series picks up from A.10 Cryptography. Click here to see the other posts in this series. Cryptographic Controls The ISO 27701 Standard points out that some jurisdictions require encryption to be used on some forms of PII data. It then provided additional guidance that data subjects should be informed when encryption …
Implementing ISO 27701 – Part 5 – Cryptographic Controls Read More »
As per a previous post, it looks like ransomware is now the easiest way of making money on the Internet, for anyone that thinks they can get away with breaking the law. I’m going to take a different view of this news, and concentrate on why this makes sense as a method of extracting money …
In this week’s news: A piece from Forbes close to my heart as many of you may know. – Sorry, erm, you hopefully just have to read these things for yourself. Marriott puts aside $126m (£104m) in its accounts to cover its £99m intended ICO fine in case its appeal fails. UK ICO recruiting for a Data Ethics Advisor amongst …
Part 4 of a series on implementing ISO 27701 as a way to gain Privacy Certification. Click here for the rest of the series. Human Resource Security The ISO 27701 standard chooses not to add any additional guidance to this set of clauses with the exception of training and awareness. This seems to be an …
Part 3 of the series looks at the applicable controls in ISO 27002 and the impact of Privacy on them. Click here to see the rest of the series. Policies The additional implementation guidance within ISO 27701 on this is slightly confused. In ISO 27002 under A.5.1.1, it is a very clear requirement that you …
