Sometimes the greatest lessons learnt are taken from the failures of others. This is likely to be the case with the BA GDPR fine, which landed on the BA HQ doormat on the 16th October 2020. After a year of negotiating and legal representations, the ICO in the UK finally issued

Companies often grapple with security frameworks as if it were a deeply theological question. Maybe you are a US multinational that has inherited NIST based controls but your clients want a certification of compliance which the NIST 800-53 cannot provide. Maybe you are an organisation who’s deeply technical experts reject

The Storting, the Norweigan Parliament, was targeted in a cyberattack in September 2020. Emails of MP’s and members of staff were hacked. Measures have been taken, and the incident reported to the police. Looking online for further information, what stands out is the uniformity of the response.

hand with blank paper

Norsk Hydro values of care courage and communication guiding company response to cyberattack

How do company values inspire your response? It went pear-shaped. Not sure exactly what happened, but a nasty message on screen, some speculation, and the decision to shut down. It may have had the urgency of “all the garbage mashers on the Detention Level”. Garmin India took the holding line

On July 19th 2020, Blackbaud Inc released a statement on a security incident that they had experienced. This incident resulted in a data breach of UK data associated with a number of UK Universities and a number of charity organisations. A full list of affected UK legal entities has not been disclosed

The Tim Hortons mobile app has caught the eye of the Canadian Privacy regulator. An investigation is to be conducted by the Canadian Privacy Authorities to assess whether consent to allow location monitoring was properly received by their mobile app.  On the face of it, small beer (or coffee) and

ISO 27701 has come along to add another management system into the ISO camp. With the creation of a Privacy Management System (PMS), the International Standards Organisation (ISO) is looking to provide a compliance framework for global privacy legislation and regulation. There is a significant cost in evidencing compliance to

Maximum fine for Cathay Pacific Cathay Pacific got slapped with a £500K fine from the UK ICO for its data breach that was discovered in March 2018.  The ICO in its monetary penalty notice was happy to use the word “negligence” in describing Cathay Pacific’s behaviour that led to the