[UPDATE] Recordings from the event are now available David Clark of MIT is one of the best people to take a long view of the Internet: he has been working on it since the 1970s. So his suggestion – in a Weizenbaum Institute Symposium yesterday – that the 2020s may see as dramatic a change […]
The European Data Protection Board (the gathering of all EU Data Protection Regulators) has now published its initial guidance on transfers out of the EEA following the Schrems II case. This recommends that exporting organisations follow a similar roadmap to the earlier one from the European Data Protection Supervisor (who regulates the EU institutions). In […]
ePrivacy – progress or not?
Dataguidance is reporting that the German presidency has produced its progress report on the last six months of discussions on the ePrivacy Regulation. Recall that this was supposed to come into force on the same day as the GDPR… And it seems that Member States still haven’t reached agreement on what purposes might justify a […]
It’s still common to hear stories where privacy is supposedly in conflict with other objectives. I’ve been writing for years about how that’s not the case in security or access management. This morning’s ICO webinar on Security and Data Minimisation in Artificial Intelligence came up with a counter-example in that field, too… You might think […]
Improving security and privacy with AI
Two talks at last week’s FIRST conference looked at how Artificial Intelligence might be used in incident response. In both cases, the use of AI improves user privacy directly – by reducing or eliminating the need for human responders to look at user data – and also indirectly, by producing faster detection and mitigation of […]
Threat Intelligence is something of a perennial topic at FIRST conferences. Three presentations this year discussed how we can generate and consume information about cyber-threats more effectively. First Martin Eian from Mnemonic described using (topological) graphs to represent threat information. Objects, such as domain names, IP addresses and malware samples are vertices in the graph. […]
Some security incidents need more than a technical solution. Two talks at this week’s FIRST conference looked at the importance of human factors, in crisis management and vulnerability handling. Jaco Cloete looked at situations where a cyber-incident can become a business incident, causing reputational damage, social media fallout, loss of market share, regulatory fines, even […]
Ben Hawkes, from Google’s Project Zero, gave a fascinating keynote presentation on vulnerability disclosure policies at this week’s FIRST Conference. There is little disagreement about the aim of such policies: to ensure that discovering a vulnerability in software or hardware reduces/minimises the harm the vulnerability subsequently causes. And, to achieve that, there are only really […]
The ICO’s latest notice of a Monetary Penalty Notice, on Ticketmaster, contains unusually detailed guidance on the good practice they expect transactional websites to adopt. Although the particular breach concerned credit card data, this seems likely to apply to any site that takes customer data or that uses third party components. The whole notice is […]
The latest reports from the ICO sandbox provide important clarification of how data protection law applies to, and can guide, the application of novel technologies. This post looks at information sharing… FutureFlow’s Transaction Monitoring and Forensic Analysis Platform lets financial institutions such as banks upload pseudonymised transaction data to a common platform where they, regulators […]