On July 19th 2020, Blackbaud Inc released a statement on a security incident that they had experienced. This incident resulted in a data breach of UK data associated with a number of UK Universities and a number of charity organisations. A full list of affected UK legal entities has not been disclosed by Blackbaud Inc. The University
The Tim Hortons mobile app has caught the eye of the Canadian Privacy regulator. An investigation is to be conducted by the Canadian Privacy Authorities to assess whether consent to allow location monitoring was properly received by their mobile app.  On the face of it, small beer (or coffee) and something just for the Canadians
ISO 27701 has come along to add another management system into the ISO camp. With the creation of a Privacy Management System (PMS), the International Standards Organisation (ISO) is looking to provide a compliance framework for global privacy legislation and regulation. There is a significant cost in evidencing compliance to any regulation, that most organisations
Maximum fine for Cathay Pacific Cathay Pacific got slapped with a £500K fine from the UK ICO for its data breach that was discovered in March 2018.  The ICO in its monetary penalty notice was happy to use the word “negligence” in describing Cathay Pacific’s behaviour that led to the incident. Cathay Pacific originally called
After giving CMMC v0.4 a bit of a butchering in September of last year, I thought it only fair to revisit the Cybersecurity Maturity Model Certification being proposed by the US DoD, that all third party contractors will have to adhere to from June 2020. I have to say I am pleasantly surprised with the
In December 2019, ENISA released an online platform to help Data Controllers and processors with the security controls applicable to personal data processing. The platform looks to tie together ISO 27001, ISO 27005, the GDPR requirements and some principles from ISO 27701, to provide a link between high-risk personal data processing and the security controls
On the 8th January, the ICO in the UK confirmed that it had not received notification of a data breach at Travelex. Travelex seems to be under the misapprehension that because they claim no evidence exists of any data being taken, then a data breach has not yet been confirmed. Unfortunately, the GDPR is quite
The Travelex breach is still ongoing, having started on the 31st December 2019. Travelex has confirmed that it has not informed the ICO of the breach, even though lack of data availability is considered a breach under Article 32 of the GDPR. Aside from the obvious ransomware response issues generated here, there are a few
The maximum fine was dished out this week by the ICO in the UK, to DSG Retail Ltd (aka Dixons Carphone), for a data breach which compromised internal network for 9 months and led to the loss of approximately 5 million credit card records and the personal data of approximately 14 million individuals. The numbers