Privacy Archives - IT Governance Blog

How do data breaches happen? Understanding your organisation’s biggest threats

Luke Irwin 26th June 2019 #BreachReady, Breaches and Hacks

Data breaches are fast becoming a top priority for organisations. But it’s not only cyber criminals hacking your systems that you should be concerned about; there are many other ways your systems and information can be compromised. Let’s go through …

[Continue Reading...]

The ICO admits that its cookie policy violates the GDPR

Luke Irwin 20th June 2019 EU GDPR

The UK’s data protection watchdog has admitted that its website’s cookie policy breaches the requirements of the GDPR (General Data Protection Regulation). The ICO (Information Commissioner’s Office) made the statement following complaints that it was storing visitors’ personal data without …

[Continue Reading...]

Will you suffer a data breach if you implement ISO 27001?

Luke Irwin 20th June 2019 Breaches and Hacks, ISO 27001

Someone recently asked us: “Will my organisation be breached if we implement ISO 27001?” At first we thought they meant ‘will implementing ISO 27001 make me susceptible to data breaches?’ to which the answer is obviously ‘no’. ISO 27001 is …

[Continue Reading...]

Examples of data processing activities that require a DPIA

Luke Irwin 19th June 2019 EU GDPR

The GDPR (General Data Protection Regulation) requires organisations to conduct a DPIA (data protection impact assessment) whenever processing is ‘likely to result in a high risk’ to the rights and freedoms of individuals. The Regulation doesn’t define what ‘high risk’ …

[Continue Reading...]

Home Office report reveals susceptibility to accidental data breaches

Luke Irwin 19th June 2019 Breaches and Hacks

The Home Office reported 35 data breaches to the ICO (Information Commissioner’s Office) in 2018–19, including several cases of employees accidentally disclosing sensitive information to unauthorised parties. A further 1,895 data breaches were logged by the Home Office’s data controller …

[Continue Reading...]

How Ireland became Europe’s data protection watchdog

Luke Irwin 14th June 2019 EU GDPR

When the GDPR (General Data Protection Regulation) took effect a year ago, it promised to overhaul the EU’s data protection landscape. Things have moved a little slower than expected for most member states, but that’s not been the case in …

[Continue Reading...]

What is data protection by design and default

Luke Irwin 13th June 2019 EU GDPR

If your organisation is subject to the GDPR (General Data Protection Regulation), you’re probably aware of your requirement to “implement appropriate technical and organisational measures” to protect the personal data you hold. An essential principle of this is data protection …

[Continue Reading...]

Leicester City FC fans’ financial details stolen in cyber attack

Luke Irwin 11th June 2019 Breaches and Hacks, Retail

A troubled season for Leicester City FC just got worse, with the club announcing that a cyber criminal has broken into the club’s online shop and stolen fans’ financial details. The breach occurred between 23 April and 4 May 2019, …

[Continue Reading...]

Organisations struggling to meet GDPR requirements, with poor planning and lack of awareness to blame

Luke Irwin 6th June 2019 EU GDPR

Last month marked the first anniversary of the GDPR (General Data Protection Regulation) taking effect, but many organisations are still struggling to meet their compliance requirements, according to a Thomson Reuters report. GDPR+1 Year: Business Struggles with Data Privacy Regulations …

[Continue Reading...]

Cyber criminals steal 113,000 data records from rivals

Luke Irwin 3rd June 2019 Breaches and Hacks

OGusers, a popular forum among cyber criminals, has been raided by a rival group. The incident exposed the email addresses, hashed passwords, IP addresses and private messages of nearly 113,000 members of the online criminal hacking community. However, the damage …

[Continue Reading...]