A version of this blog was originally published on 19 June 2017. Many of us live out whole lives on Facebook, Twitter, Instagram and LinkedIn, publicising our thoughts, interacting with friends, strangers and businesses, and keeping abreast of current affairs. …
You probably know what phishing is. It’s been around almost as long as the Internet, and everyone from your employer to Facebook provides warnings about how to identify and report such scams. But are you aware of how extensive phishing …
Anyone looking for advice on how to achieve effective cyber security should consider the NCSC’s (National Cyber Security Centre) 10-step guide. Originally published in 2012, it is now used by the majority of FTSE 350 organisations. In this blog, we …
The UK’s data protection watchdog has admitted that its website’s cookie policy breaches the requirements of the GDPR (General Data Protection Regulation). The ICO (Information Commissioner’s Office) made the statement following complaints that it was storing visitors’ personal data without …
A US medical bill and debt collection agency has filed for Chapter 11 bankruptcy protection after suffering a data breach that exposed the sensitive personal data of at least 20 million people. Compromised data included names, addresses, dates of birth …
Someone recently asked us: “Will my organisation be breached if we implement ISO 27001?” At first we thought they meant ‘will implementing ISO 27001 make me susceptible to data breaches?’ to which the answer is obviously ‘no’. ISO 27001 is …
The GDPR (General Data Protection Regulation) requires organisations to conduct a DPIA (data protection impact assessment) whenever processing is ‘likely to result in a high risk’ to the rights and freedoms of individuals. The Regulation doesn’t define what ‘high risk’ …
The Home Office reported 35 data breaches to the ICO (Information Commissioner’s Office) in 2018–19, including several cases of employees accidentally disclosing sensitive information to unauthorised parties. A further 1,895 data breaches were logged by the Home Office’s data controller …
When the GDPR (General Data Protection Regulation) took effect a year ago, it promised to overhaul the EU’s data protection landscape. Things have moved a little slower than expected for most member states, but that’s not been the case in …
If your organisation is subject to the GDPR (General Data Protection Regulation), you’re probably aware of your requirement to “implement appropriate technical and organisational measures” to protect the personal data you hold. An essential principle of this is data protection …
