Categories
Articles

ENISA – working out cloud security requirements

ENISA’s new report proposing a “Security Framework for Governmental Clouds” may be more widely useful than its title and explicit scope suggest. Chapter 3 of the report suggests something pretty close to a project plan that any organisation could use to assess which applications and data are appropriate to move to a cloud service, what […]

Categories
Articles

Internet regulation after the Google Spain case

Yesterday’s excellent University of Cambridge conference on Internet Regulation After Google Spain suggested that data protection law will continue to affect a growing range of our activities, but that interpreting its requirements in novel circumstances will continue to be challenging. It was suggested that if the current (1995) European Directive was for the age of […]

Categories
Articles

Apples and Oranges

In discussions of the “Right to be Forgotten” it is often observed that Google manages each month to deal with tens of millions of delisting requests for breach of copyright, as opposed to tens of thousands for inaccurate personal data. Often the implication seems to be that those numbers should be more similar. However it […]

Categories
Articles

Thinking about Cyberinsurance

A couple of discussions at Networkshop this week have raised the question of cyber-insurance, and whether this might be useful to universities and colleges. To think about that I split the question into three: What sort of risks does insurance cover, and are they things that are high on your risk register? If an incident […]