According to a global survey companies are not ready for the GDPR

12. October 2016

Dell just published the results of a global survey about the GDPR perceptions and readiness. Among other findings, the main result is the lack of awareness of the requirements, the preparation and the impact:

  • More than 60 % answered that they are aware that something is going on with the GDPR. However, they said that they do not know what exactly is happening.
  • Just 4 % outside of Europe commented that they are very knowledgeable about the details of the GDPR. Nevertheless, only 6 % of those in Europe answered that they are very familiar with the requirements.
  • On top of this, less than 1 of 3 companies feel that they are prepared for the GDPR.
  • Furthermore, about 70 % said that their company is definitely not, or do not know if their company is, prepared for the GDPR today. However, only 3 % of them have a plan in order to get ready.
  • Fewer than 50 % commented that they feel confident to be ready in time when the GDPR comes into effect in 2018. Nevertheless,  just 9 % expect to be fully prepared.

 

Data breach might cost Yahoo $1billion

11. October 2016

The New York Post published that Verizon, which is about to purchase Yahoo for $4.8 billion, is now asking Yahoo for a $1 billion discount.

This is due to the fact that Yahoo announced only two weeks ago that it had been hacked two years ago and that at this time usernames and passwords for 500 million accounts were stolen. Furthermore, it was revealed that Yahoo had been ordered by a secret Foreign Intelligence Surveillance Court to investigate emails for terrorist signatures under the Foreign Intelligence Surveillance Act, but not under section 702.

According to the New York Post, a source said that AOL CEO, Tim Armstrong, “is getting cold feet” due to the “lack of disclosure” and therefore he is asking “Can we get out of this or can we reduce the price?”

 

Category: Data breach · USA
Tags: , ,

Spains DPA: Investigations due to WhatsApp sharing data with Facebook

10. October 2016

After Hamburg’s Data Protection Commissioner strongly recommended that Facebook should stop processing German data gained from WhatsApp, after the U.K. Information Commissioner, the ICO, also started to investigate the agreement betweent WhatsApp and Facebook and after Italy’s data protection authority, the Garante, has started to look into this issue, now Spain’s data protection authority, the AEPD, raises concerns.

Therefore, Spain’s data protection authority advises users to read the terms and conditions especially before accepting them. Furthermore, it offers guidance on changing the respective settings.

MasterCard: Biometric Corporate Card Program is now also available in Germany

7. October 2016

A new biometric corporate credit card programm, called Identity Check Mobile, has been released by BMO Financial Group (BMO) and MasterCard in Canada and in the U.S. at the beginning of the year.

This programm enables cardholders to verify their transactions by using facial recognition and fingerprint biometrics in case they purchase online.

Introducing this verification process will increase security when purchasing without a face-to-face interaction so that the possibility of a card being used by anyone who is not the cardholder will be reduced.

Steve Pedersen, Vice President, Head, North American Corporate Card Products, BMO Financial Group commented on the programm by saying “The use of biometric technology has become more common for consumers looking for convenient and secure ways to make purchases using their smartphones, so this was the natural next step for us as innovators in the payment security space” he continued  “Mitigating the risk of fraud is always our top priority, and the inclusion of this technology is going to make payment authentication easier, and strengthen the security of the entire payments ecosystem.”

MasterCard just published that starting from the 4th Octobre 2016 this form of payment is also available in Germany.

Centre for Information Policy Leadership just held GDPR workshop

6. October 2016

Last month, the CIPL held its second workshop in Paris as part of its two-year GDPR implementation project.

During this workshop almost 120 business delegates as well as 12 data protection authorities, four European Member State governments both the European Commission and the European Data Protection Supervisor, a non-DPA regulator and several academics and on top of all of the named above the IAPP participated in order to develop best practices and to build a bridge between authorities and economy.

This time, the workshop mainly focused both on the role of the data protection officers and on the privacy impact assessment, also called PIA.

In this context it was also announced that the Article 29 Working Party is going to release its first guidelines concerning the GDPR either before the end of the year or at the beginning of 2017. These guidelines will include advise on data portability and the role of the DPO. Furthermore, the Article 29 Working Party will also release guidance on risk, PIAs and certifications later on.

CISPE published Code of Conduct

5. October 2016

The Cloud Infrastructure Services Providers in Europe, CISPE, published a Data Protection Code of Conduct for Cloud Infrastructure Service Providers.

CISPE is a relatively new accosiation including more than 20 cloud infrastructure providers that operate within Europe.

The CISPE Code of Conduct focuses on transparency and compliance with EU data protection laws. Therefore, the CISPE Code of Conduct has been designed in such a way that it will be compliant with the GDPR coming into force in May 2018. The CISPE Code of Conduct has been built on internationally recognised state-of-the-art of security measures increasing the data security for cloud customers.

In the press release, Axelle Lemaire, French Minister for Digital Affairs and Innovation, commented that “The CISPE Code of Conduct show that the European cloud computing industry is capable to provide secure and compliant services for all personal and technical data in Europe and improve trust in digital services.”

UK Data Protection Commissioner speaks about “Brexit” and the GDPR

Last week, Elizabeth Denham, held her first speech as UK Information Commissioner (ICO). In this speech she referred, amongst others, to the effects of the Brexit with regard to the application of the GDPR.

Denham remarked that the GDPR involves the modernization of European Data Protection and the necessity of these new rules in order to ensure cross-border commerce and the protection of individuals. As the GDPR may be applicable before the UK has left the EU, she ensured that the ICO will keep on providing guidance and advice on the GDPR.

Furthermore, she stated that even after the UK has formally left the EU, flows of personal information will be still necessary, so that the level of data protection in the UK should be essentially equivalent to the one in the EU. Therefore, she encourages businesses to improve and adapt their practices to the GDPR.

Category: GDPR · UK
Tags: , ,

Apple offers hackers up to $200,000

29. September 2016

Forbes just released an article saying that Apple invited some of the best hackers to its headquarter in Cupertino.

Among them:

  • the 19-year-old teenage prodigy who was the first to jailbreak an iPhone 7, and therefore now being a world-renowned iOS hacker as well as an
  • ex-NSA employee who has repeatedly found security lacks concerning Mac OS X  Luca Todesco.

The meeting should have been secret and kept confidential, but unfortunately some details leaked. So for example that Apple plans to brief them on the launch of its bug bounty program. The hackers will be rewarded with up to $200,000 in case they can provide Apple with information on vulnerabilities about its laptops and phones. Furthermore, the mentioned program is expected to be put into effect before the end of the month due to the fact that this has been promised at the Black Hat security conference in Las Vegas last months. Nevertheless, Apple pursues an invite-only list-strategy in order to get quality over quantity.

Hamburg Data Protection Commissioner issues statement on the data exchange between Facebook and WhatsApp

27. September 2016

Today, the Hamburg Data Protection Commissioner (DPA) issued a press release announcing an administrative order that aims at prohibiting the data exchange between Facebook and WhatsApp.

The critical opinion of the Hamburg DPA is based on the following arguments:

  • Facebook and WhatsApp are legally independent companies, each of which has its own service terms and conditions.
  • This data exchange infringes German Data Protection Law, as a legal basis for the collection and processing of personal data is required. In this case, the Hamburg DPA does not identify a legal basis for this data exchange.
  • The legal basis is neither based on the user’s consent because Facebook has not obtained the effective consent of WhatsApp’s users.
  • The ECJ has recently ruled that if a subsidiary processes personal data on behalf of its mother company, the national data protection laws are applicable. Facebook has its subsidiary for German speaking countries in Hamburg. According to this ruling, German data protection law is applicable in this case.

Johannes Caspar, Commissioner of the Hamburg DPA, has remarked that the administrative order protects personal data of around 35 million WhatsApp users in Germany, who have not given their consent for the processing of their personal data by Facebook. Upon this data exchange Facebook would receive personal data of WhatsApp users that do not even have a Facebook account.

Dropbox: new server location in Germany

Heise online released an article last week talking about a new possibility for Dropbox users, namely to select a German server location.

As already announced, EU citizens are now able to save their data on a server located in Germany. However, this new storage possibility is only available for business use so far. The requirement is that more than 250 employees use Dropbox. Therefore, the new server location is not applicable for private use.

However, Dropbox did not build the new server location on its own. In fact, the infrastucture is provided by Amazon though AWS.

 

Pages: Prev 1 2 3 ... 26 27 28 29 30 31 32 ... 39 40 41 Next
1 27 28 29 30 31 41