The importance of having a coordinated incident response plan in place

This is true not only in monetary terms, but information security could even be a question of life and death.   In September 2020, a breaking article confirmed the inevitable - the first death caused by a ransomware attack. The alleged victim is a woman who necessitated urgent medical care and had to be re-rerouted to another hospital as a ...

“PUBLIC HEALTH AND PRIVACY” AND NOT “PUBLIC HEALTH OR PRIVACY”: Surveillance in the fight against COVID-19

“Hopefully COVID-19 will be gone at some point, but tracking technologies may stay for longer and permanently hamper the rights and freedoms of individuals” As part of my blog series on #PublicHealthANDprivacy in light of the COVID-19 pandemic, this short reflection will focus on digital surveillance. There is no doubt that data and technology have the ...

Happy Safer Internet Day: A call for data security by design

Today, Safer Internet Day, represents a good opportunity to remind organizations of the importance of embedding data protection and security into the design of processes, products and services. This consideration is, in fact, embodied in the first principle of five which I have identified as the foundation of Socially Responsible Data Protection and which are ...

Does Privacy Shield provide adequate protections?

On May 31st the Supreme Court of Ireland denied Facebook’s appeal to avoid referral of its recent case concerning the international transfer of personal data to the European Court of Justice.  You most likely remember the case brought forth by privacy activist and lawyer Max Schrems which questions whether the methods used by technology companies, and ...

Council announces Sanctions Framework for Cyber-attacks

In the Council's effort to deter cyber-attacks constituting an external threat to the EU or Member States, the EU can now impose targeted restrictive measures which include asset freezes on both persons and entities and a ban on people travelling to the EU. Such restricted measures are considered necessary in light of the Common Foreign ...

Irish Data Protection Commission investigates Facebook

On 3 October 2018 the Irish Data Protection Commission (DPC) commenced an investigation into the latest Facebook data breach examining the company's compliance with GDPR obligations concerning the implementation of technical and organisational measures to ensure the security and safeguarding of the personal data it processes. The breach was notified on 28 September 2018 and the investigation ...

Data breaches under the GDPR: A Webinar with Tresorit CEO and co-founder Istvan Lam

Want to know how to handle data breaches under the GDPR? Join me and Tresorit CEO and co-founder Istvan Lam on April 25th 2018 for a webinar where we will help you understand what exactly is considered a data breach under the GDPR, when you have to report an incident and to whom, who is liable for ...

ENISA’s Guidelines for the implementation of minimum security measures for Digital Service Providers

ENISA's "Technical Guidelines for the implementation of minimum security measures for Digital Service Providers" will prove to be extremely useful for businesses. The guidelines spell out minimum security measures and are especially relevant with respect to alignment with the GDPR which only set forth in Article 32 (Security of processing) the obligation of controllers and ...