Category News

Do you still worship at the Temple of Big Data?

Major personal data breaches are happening at a rate of one a day – Equifax, BUPADeloitteNHSNottingham County CouncilIslington CouncilHCA Healthcare and many, many more. Wanna Cry? (I bet you do).

Do you live in fear of whether you’re next? It doesn’t have to be this way. We are transitioning to an era in which individuals have both the skills and the opportunities to choose how they manage and share their personal data to achieve a range of beneficial outcomes.

Digital evangelists like Stephen Deadman, Global Deputy Chief Privacy Officer at Facebook remains optimistic about the future, rather than terrified by it...

Read More

Is processing personal data under ‘legitimate interest’ creepy or cool?

With less than 200 working days left before Regulation 2016/679 (General Data Protection Regulation) kicks in, a new global study published by the Centre for Information Policy Leadership – a privacy and security think tank – claims that organisations in the US, South America, Europe and Asia are confused about the legal basis for processing personal data under the GDPR.

A total of 223 senior managers of multi-national companies (57% Data Controllers, 43% Data Processors) responded to the survey across a wide variety of sectors including financial services, healthcare, pharma, technology and telecoms.

The authors of the study explored the reasons why organisations choose to rely on ‘legitimate interest’ as a basis for processing personal data and the reaction this could have among customer...

Read More

British data protection laws to criminalize breaches of GDPR

The British Government  has just announced (Monday 7 August 2017) that it will incorporate Directive 2016/679 (General Data Protection Regulation) along with specific derogations permitted under the GDPR as well as the Data Protection Law Enforcement Directive (DPLED) into UK law.

The move effectively repeals the current Data Protection Act 1998.

This follows a short consultation period (12 April – 10 May 2017) that called for views and which included 170 submissions from a wide range of professional bodies, legal and consumer groups, local government, technology companies, global organisations and academic institutions (7.1% of all respondents), including Henley Business School.

“Bringing EU law into our domestic law will ensure that we help to prepare the UK for the future after we ha...

Read More

Interview with Liberum Investment Bank on the consequences of the GDPR for institutional investors

This is a short 5 minute filmed interview produced by Liberum Investment Bank for its clients in London and New York on the Directive 2016/679 (General Data Protection Regulation). Recorded in London in July 2017.

Copyright Liberum Investment Bank 2017.

 

Read More

It’s time to press the delete key

One of the most important and fundamental principles of data protection under Regulation 2016/679 (GDPR) is the Principle of Minimisation. Arguably, it’s the one principle can help satisfy the need to manage security, data protection and privacy objectives, especially with respect to the Internet of Things (IoT).

Under Art.5(1)(c), GDPR, the Data Controller must ensure that ‘processing of personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.’ This is about ensuring that staff are only processing personal data in accordance with the purposes and once these have been satisfied, it’s safest to delete this personal data unless other legal grounds exist to hang on to it.

But the Principle of Minimisation is g...

Read More

Snooping by an employer on its workers will be a breach of the GDPR

In its latest Opinion, adopted on the 8 June and published on 29 June 2017, the Art.29 Data Protection Working Party (WP29) makes a fresh assessment of the balance between legitimate interests of the employer and the reasonable privacy expectations of employees working within the European Union.

The concept of ‘employee’ is widened and includes those with a contract of service as well as contractors working under a contract for services. The Opinion is intended to cover all situations where there’s an employment relationship, irrespective of whether this relationship is based on an employment contract.

WP29 also highlighted the risks posed by new technologies deployed in the workplace and the need for the employer to undertake a proportionality assessment before deploying such measur...

Read More

New Data Protection Act announced in Queen’s Speech to be in alignment with GDPR

The British Government signalled its intention to replace the Data Protection Act 1998 with a new Data Protection Act that will be in alignment with the EU General Data Protection Regulation (GDPR). The Department for Culture, Media and Sport and the Home Office will be the relevant ‘Lead Departments’ overseeing the passage of the Data Protection Bill through Parliament.

“A new law will ensure that the United Kingdom retains its world-class regime protecting personal data”, said Her Majesty the Queen Elizabeth II in her speech to both the House of Commons and the House of Lords on Wednesday 21 June 2017.

The Bill will fulfil a manifesto commitment to ensure the UK has a data protection regime that is fit for the 21st century.

The Bill will ensure that our data protection framework ...

Read More

Special considerations when using Cloud Service Providers under the GDPR

Regardless of the size of the organisation, Data Controllers are entering arrangements with Cloud Service Providers in the hope of improving customer service levels coupled with reductions in processing costs and enhanced personal data security.

It’s important for a Data Controller to understand the different Cloud Service models to select the one that’s best aligned with its risk appetite and business requirements.

Many are often apprehensive about cloud security, however cloud storage with a reputable provider will likely be more secure than on-premises storage because protecting data is the core function of the business.

Unlike a Data Controller that has the entire organisation to consider, a Cloud Service Provider’s only business is to securely process a Data Controller’s data and ...

Read More

Why BYOD in the workplace is such a bad idea

With data security of all organisations under significant threat from external actors, all organisations need to review the security of processing personal data as a matter of urgency. And such reviews must include the use of Bring Your Own Devices (BYOD) as well as the Internet of Things (IoT) used in the workplace.

An employee and independent contractor engaged by the Data Controller, Joint Data Controller(s), Data Processor and sub-Data Processor(s) may well be using their own personal mobile devices, such as a smartphone or tablet, to process personal data of customers, clients, supporters and employees.

The practice of Bring Your Own Devices (BYOD) is endemic across all industry, business and professional sectors and unless such personal data processing is properly secured it will be ...

Read More

The myth of cyber security and why computers can never be secure

The BBC has run a wonderful news story about the development of what’s claimed to be the world’s most secure email service.

Created by US security tech entrepreneur Will Donaldson, Nomx makes the bold claim it uses the “world’s most secure communications protocol” to protect email messages.

The Nomx personal email server costs from £155 – £310 and claims that users can help to stop messages being copied and hacked as they travel to their destination across the Internet.

Too good to be true?

BBC News asked ex-hacker and now security researcher Scott Helme and computer security expert Prof Alan Woodward of Surrey University to test whether the product could provide 100% protection against hacking and interception.

The investigation started by taking the device apart to find that it was b...

Read More