The Tim Hortons mobile app has caught the eye of the Canadian Privacy regulator. An investigation is to be conducted by the Canadian Privacy Authorities to assess whether consent to allow location monitoring was properly received by their mobile app.  On the face of it, small beer (or coffee) and

ISO 27701 has come along to add another management system into the ISO camp. With the creation of a Privacy Management System (PMS), the International Standards Organisation (ISO) is looking to provide a compliance framework for global privacy legislation and regulation. There is a significant cost in evidencing compliance to

Maximum fine for Cathay Pacific Cathay Pacific got slapped with a £500K fine from the UK ICO for its data breach that was discovered in March 2018.  The ICO in its monetary penalty notice was happy to use the word “negligence” in describing Cathay Pacific’s behaviour that led to the

After giving CMMC v0.4 a bit of a butchering in September of last year, I thought it only fair to revisit the Cybersecurity Maturity Model Certification being proposed by the US DoD, that all third party contractors will have to adhere to from June 2020. I have to say I

In December 2019, ENISA released an online platform to help Data Controllers and processors with the security controls applicable to personal data processing. The platform looks to tie together ISO 27001, ISO 27005, the GDPR requirements and some principles from ISO 27701, to provide a link between high-risk personal data

Travelex vs the ICO

On the 8th January, the ICO in the UK confirmed that it had not received notification of a data breach at Travelex. Travelex seems to be under the misapprehension that because they claim no evidence exists of any data being taken, then a data breach has not yet been confirmed.

The Travelex breach is still ongoing, having started on the 31st December 2019. Travelex has confirmed that it has not informed the ICO of the breach, even though lack of data availability is considered a breach under Article 32 of the GDPR. Aside from the obvious ransomware response issues generated

The maximum fine was dished out this week by the ICO in the UK, to DSG Retail Ltd (aka Dixons Carphone), for a data breach which compromised internal network for 9 months and led to the loss of approximately 5 million credit card records and the personal data of approximately

In June 2018, the EU issued updated guidance on certification and identifying certification criteria for Articles 42 and 43 of the GDPR. We are now 18 months further down the road, but there does not seem to be a light at the end of the tunnel. There was a brief