[UPDATE: slides from my TF-CSIRT presentation are now available] Several years ago I wrote a paper on using the GDPR to decide when the benefits of sharing information among network defenders outweighed the risks. That used the Legitimate Interests balancing test to compare the expected benefits – in improving the security of accounts, systems or […]
Great to have my paper – “Processing Data to Protect Data: Resolving the Breach Detection Paradox” – published by ScriptEd. Everything you always wanted to know about logfiles and the GDPR: Why Data Protection requires breach detection; What’s the GDPR “Purpose” of breach detection; What’s “Necessary”, when it comes to breach detection; What Safeguards are […]
I was delighted to be invited to contribute an article to IDPro’s Body of Knowledge for professionals working in the field of digital identity. Mine is (of course) on how the GDPR applies to identity management. But as well as standards and regulation the collection is steadily expanding to cover things like privacy for consumers, […]
WONKHE has published my article on the need to be careful in introducing, and withdrawing, with any post-virus data processing (the absolute sub-head isn’t mine!) Maintaining trust in university data handling
An article, on “The value of e-proctoring as Exams move on-line”/”Technology can reduce exam stress”, was published in University Business (6/5/20) and the Jisc website (13/5/20).
Having acted as programme chair for the FIRST Security and Incident response conference last year, I also got to co-edit the special conference issue of the ACM journal Digital Threats: Research and Practice (DTRAP). FIRST sponsored the journal, so our issue is open access, available for anyone to read. Topics covered: Using power consumption to […]
[Re-purposing an unused introduction to my full paper – “See no… Hear no… Track no..: Ethics and the Intelligent Campus” – that was published in the Journal of Information Rights, Policy and Practice this week] The Intelligent Campus is a microcosm of the Smart City. Smart cities, according to Finch and Tene, may be “more […]
I was recently invited by EDUCAUSE to present a webinar on GDPR to their community of mostly North American universities and colleges. The number of participants indicates that European data protection law is a topic of interest. But the most common question was why, as non-EU organisations, they should care about GDPR. So I wrote […]
The Forum of Incident Response and Security Teams (FIRST) invited me to write a piece on how GDPR affects security and incident response. Summary: it makes them pretty much essential 🙂
Education Technology have just published an article I wrote (though I didn’t choose the headline!) on how security and incident response fit into the General Data Protection Regulation. It aims to be an easy read: if you want something more challenging follow the “incident response protects privacy” link to get the full legal analysis.