Sometimes the greatest lessons learnt are taken from the failures of others. This is likely to be the case with the BA GDPR fine, which landed on the BA HQ doormat on the 16th October 2020. After a year of negotiating and legal representations, the ICO in the UK finally issued the much-awaited penalty. At £20m, …
Companies often grapple with security frameworks as if it were a deeply theological question. Maybe you are a US multinational that has inherited NIST based controls but your clients want a certification of compliance which the NIST 800-53 cannot provide. Maybe you are an organisation who’s deeply technical experts reject broad-based controls in favour of …
The Storting, the Norweigan Parliament, was targeted in a cyberattack in September 2020. Emails of MP’s and members of staff were hacked. Measures have been taken, and the incident reported to the police.
Looking online for further information, what stands out is the uniformity of the response.
Norsk Hydro values of care courage and communication guiding company response to cyberattack
How do company values inspire your response? It went pear-shaped. Not sure exactly what happened, but a nasty message on screen, some speculation, and the decision to shut down. It may have had the urgency of “all the garbage mashers on the Detention Level”. Garmin India took the holding line of “maintenance”. It’s okay, this …
On July 19th 2020, Blackbaud Inc released a statement on a security incident that they had experienced. This incident resulted in a data breach of UK data associated with a number of UK Universities and a number of charity organisations. A full list of affected UK legal entities has not been disclosed by Blackbaud Inc. The University …
The Tim Hortons mobile app has caught the eye of the Canadian Privacy regulator. An investigation is to be conducted by the Canadian Privacy Authorities to assess whether consent to allow location monitoring was properly received by their mobile app. On the face of it, small beer (or coffee) and something just for the Canadians …
ISO 27701 has come along to add another management system into the ISO camp. With the creation of a Privacy Management System (PMS), the International Standards Organisation (ISO) is looking to provide a compliance framework for global privacy legislation and regulation. There is a significant cost in evidencing compliance to any regulation, that most organisations …
ISO 27701 does not cover the GDPR out of the box Read More »
In the news this week: Brave submits formal GDPR complaint against Google’s internal data free-for-all. Pharmacy Doorstep Dispensaree is challenging the UK data watchdog’s decision to fine it under the GDPR (EA/2020/0065). CNIL enforcement looms over the adtech sector in France. Will BA and Marriott proposed fines now disappear in part due to COVID-19? How to avoid being phished during COVID-19. Statement …
Privacy Update for the week ending 22nd March 2020 Read More »
In the news this week: The Swedish DPA imposes €7m administrative fine on Google. A further draft of the ePrivacy Regulation has been published. Australia sues Facebook for $529 billion. ICO issues two legal warnings to schools for wrongly disclosing the personal data of children. Scotland creates a Commissioner to oversee the use of biometrics by Police. IAPP cancels UK and Global privacy events. Norwegian …
Privacy Update for the week ending 15th March 2020 Read More »
