MasterCard: Biometric Corporate Card Program is now also available in Germany

7. October 2016

A new biometric corporate credit card programm, called Identity Check Mobile, has been released by BMO Financial Group (BMO) and MasterCard in Canada and in the U.S. at the beginning of the year.

This programm enables cardholders to verify their transactions by using facial recognition and fingerprint biometrics in case they purchase online.

Introducing this verification process will increase security when purchasing without a face-to-face interaction so that the possibility of a card being used by anyone who is not the cardholder will be reduced.

Steve Pedersen, Vice President, Head, North American Corporate Card Products, BMO Financial Group commented on the programm by saying “The use of biometric technology has become more common for consumers looking for convenient and secure ways to make purchases using their smartphones, so this was the natural next step for us as innovators in the payment security space” he continued  “Mitigating the risk of fraud is always our top priority, and the inclusion of this technology is going to make payment authentication easier, and strengthen the security of the entire payments ecosystem.”

MasterCard just published that starting from the 4th Octobre 2016 this form of payment is also available in Germany.

Centre for Information Policy Leadership just held GDPR workshop

6. October 2016

Last month, the CIPL held its second workshop in Paris as part of its two-year GDPR implementation project.

During this workshop almost 120 business delegates as well as 12 data protection authorities, four European Member State governments both the European Commission and the European Data Protection Supervisor, a non-DPA regulator and several academics and on top of all of the named above the IAPP participated in order to develop best practices and to build a bridge between authorities and economy.

This time, the workshop mainly focused both on the role of the data protection officers and on the privacy impact assessment, also called PIA.

In this context it was also announced that the Article 29 Working Party is going to release its first guidelines concerning the GDPR either before the end of the year or at the beginning of 2017. These guidelines will include advise on data portability and the role of the DPO. Furthermore, the Article 29 Working Party will also release guidance on risk, PIAs and certifications later on.

CISPE published Code of Conduct

5. October 2016

The Cloud Infrastructure Services Providers in Europe, CISPE, published a Data Protection Code of Conduct for Cloud Infrastructure Service Providers.

CISPE is a relatively new accosiation including more than 20 cloud infrastructure providers that operate within Europe.

The CISPE Code of Conduct focuses on transparency and compliance with EU data protection laws. Therefore, the CISPE Code of Conduct has been designed in such a way that it will be compliant with the GDPR coming into force in May 2018. The CISPE Code of Conduct has been built on internationally recognised state-of-the-art of security measures increasing the data security for cloud customers.

In the press release, Axelle Lemaire, French Minister for Digital Affairs and Innovation, commented that “The CISPE Code of Conduct show that the European cloud computing industry is capable to provide secure and compliant services for all personal and technical data in Europe and improve trust in digital services.”

UK Data Protection Commissioner speaks about “Brexit” and the GDPR

Last week, Elizabeth Denham, held her first speech as UK Information Commissioner (ICO). In this speech she referred, amongst others, to the effects of the Brexit with regard to the application of the GDPR.

Denham remarked that the GDPR involves the modernization of European Data Protection and the necessity of these new rules in order to ensure cross-border commerce and the protection of individuals. As the GDPR may be applicable before the UK has left the EU, she ensured that the ICO will keep on providing guidance and advice on the GDPR.

Furthermore, she stated that even after the UK has formally left the EU, flows of personal information will be still necessary, so that the level of data protection in the UK should be essentially equivalent to the one in the EU. Therefore, she encourages businesses to improve and adapt their practices to the GDPR.

Category: GDPR · UK
Tags: , ,

Apple offers hackers up to $200,000

29. September 2016

Forbes just released an article saying that Apple invited some of the best hackers to its headquarter in Cupertino.

Among them:

  • the 19-year-old teenage prodigy who was the first to jailbreak an iPhone 7, and therefore now being a world-renowned iOS hacker as well as an
  • ex-NSA employee who has repeatedly found security lacks concerning Mac OS X  Luca Todesco.

The meeting should have been secret and kept confidential, but unfortunately some details leaked. So for example that Apple plans to brief them on the launch of its bug bounty program. The hackers will be rewarded with up to $200,000 in case they can provide Apple with information on vulnerabilities about its laptops and phones. Furthermore, the mentioned program is expected to be put into effect before the end of the month due to the fact that this has been promised at the Black Hat security conference in Las Vegas last months. Nevertheless, Apple pursues an invite-only list-strategy in order to get quality over quantity.

Hamburg Data Protection Commissioner issues statement on the data exchange between Facebook and WhatsApp

27. September 2016

Today, the Hamburg Data Protection Commissioner (DPA) issued a press release announcing an administrative order that aims at prohibiting the data exchange between Facebook and WhatsApp.

The critical opinion of the Hamburg DPA is based on the following arguments:

  • Facebook and WhatsApp are legally independent companies, each of which has its own service terms and conditions.
  • This data exchange infringes German Data Protection Law, as a legal basis for the collection and processing of personal data is required. In this case, the Hamburg DPA does not identify a legal basis for this data exchange.
  • The legal basis is neither based on the user’s consent because Facebook has not obtained the effective consent of WhatsApp’s users.
  • The ECJ has recently ruled that if a subsidiary processes personal data on behalf of its mother company, the national data protection laws are applicable. Facebook has its subsidiary for German speaking countries in Hamburg. According to this ruling, German data protection law is applicable in this case.

Johannes Caspar, Commissioner of the Hamburg DPA, has remarked that the administrative order protects personal data of around 35 million WhatsApp users in Germany, who have not given their consent for the processing of their personal data by Facebook. Upon this data exchange Facebook would receive personal data of WhatsApp users that do not even have a Facebook account.

Dropbox: new server location in Germany

Heise online released an article last week talking about a new possibility for Dropbox users, namely to select a German server location.

As already announced, EU citizens are now able to save their data on a server located in Germany. However, this new storage possibility is only available for business use so far. The requirement is that more than 250 employees use Dropbox. Therefore, the new server location is not applicable for private use.

However, Dropbox did not build the new server location on its own. In fact, the infrastucture is provided by Amazon though AWS.

 

How to be prepared for the GPDR in 13 Steps

26. September 2016

Last week, the Belgian Data Protection Authority “Privacy Commission”, published Guidelines containing 13 Steps that will help organizations in order to prepare for the EU General Data Protection Regulation. The Guidelines were published in French and in Dutch.

The Belgian Data Protection Authority recommended to follow the steps shown below in order to be compliant with the GDPR:

  • Awareness: Instruct the relevant persons about the upcoming changes.
  • Internal Records: Document the stored data, where it came from and to whom it is transfered.
  • Privacy Notice: Review and update the Privacy Notice.
  • Individuals’ Rights: Check existing procedures in order to comply with individuals’ rights.
  • Access Requests: Review current procedures about access requests. Consider how these requests will be handled in accordance with the new GDPR time limits.
  • Legal Basis: Document all data processing procedures. Demonstrate the respective legal basis for each data processing procedure.
  • Consent: Review how consent is collected and recorded.
  • Children’s Personal Data: Plan procedures in order to verify the ages of individuals. Determine how to gather parental or legal guardian consent for processing procedures that involve children’s data.
  • Data Breach: Guarantee that procedures are implemented on how to handle data breaches.
  • Data Protection by Design and Data Protection Impact Assessments: Check these concepts. Consider how to implement them.
  • Data Protection Officer: Appoint and review the Data Protection Officer.
  • International: Check which Data Protection Authority will be responsible for you.
  • Existing Contracts: Review the current contracts.

Do Europeans care more about their data than Americans?

22. September 2016

Recode just published an interview with Margrethe Vestager, Europeans Commissioner for Competition, talking about her impression that Europeans care more about their data than Americans.

First, she elaborates that Europe has historically been more critical towards new technology practices such as data collection. In this context, Vestager said “I am an economist, so I know that there is no such thing as a free lunch” she went on “You pay with one currency or another — either cents, or you pay with your data, or you pay with the advertisements that you accept. And I think people are becoming more and more aware of the fact that their personal data do have a value.”

Vestager underlined her point of view that Europeans care more about their data than Americans by saying “What we see in Europe is that a huge proportion of citizens find that they are not in control” she added “They distrust the companies to protect their data, and I think that is very bad, because then there is a risk of withdrawing from all the benefits of our digital economy. And in order to build up trust I think it is very important that we enforce privacy rules, that we get privacy by design in new services, so that privacy is not just an add-on, that it is very basic.”

Therefore, according to Vestager the Europeans have a greater need to protect their data than Americans.

Persumed hacker attack on German politicians

This week, heise-online reported that after last years attack on the German Parliament, this year on the 15th and 24th August the offices of several members of Parliament as well as their employees were targeted again in a new attack.

Emails containing malware were sent to the respective politicians. The Emails were supposedly sent by Heinrich Krammer working for the NATO-Headquarter.

The German Federal Office for Information Security (BSI) stated that the attacks probably originated from Russia. The BSI believes that the attacks might be linked to the hacking of private emails from Hillary Clinton’s campaign team in the US earlier this year.

The BSI assumes that the hackers might have been looking for potentially damaging information which could be released a few weeks before elections next year in an attempt to influence the result.

 

Category: Data breach · USA
Tags: , ,
Pages: Prev 1 2 3 ... 41 42 43 44 45 46 47 ... 53 54 55 Next
1 42 43 44 45 46 55