Categories
Presentations

Pseudonymous Identifiers and the Law

For a while I’ve been trying to understand how pseudonymous identifiers, such as IP addresses and the TargetedID value used in Federated Access Management, fit into privacy law. In most cases the organisation that issues such identifiers can link them to the people who use them, but other organisations who receive the identifiers can’t. Indeed […]

Categories
Articles

Cloud Incident Response and Security

Cloud computing was the theme of the day at the FIRST conference, with talks on security and incident response both concluding that we may need to re-learn old techniques. The adoption of at least some form of “cloud” seems to be inevitable, so we need to understand how to do this with an acceptable level […]

Categories
Articles

Thoughts on Data Breach Notification

Regulators and governments are moving towards creating a requirement that anyone who suffers a security breach affecting personal data would have to report it. A number of American states already have such laws, the recent revision of the European Telecoms Framework Directive introduced a breach notification requirement for telecoms providers and the Commissioner has stated […]