DATE November 24, 2020 3:08 pm
POSTED BY Myles Dacres
CATEGORY
Blog
A good deal of Friday and yesterday was spent trying to unravel dataflows and network topography to determine the scope of a customer’s cardholder data environment (CDE). Three interesting channels are currently under scrutiny but today’s job is to get to the bottom of an e-commerce website white labelled by...
View Article »
DATE November 24, 2020 11:53 am
POSTED BY Myles Dacres
CATEGORY
Blog
It’s funny how you remember the first Subject Access Request you ever worked on. It’s like a rite of passage that leaves an indelible mark. The first SAR in question was the first in a spate of inbound SARs back in 2007 when the Outsourced DPO was the outsourced DPO...
View Article »
DATE November 20, 2020 11:03 am
POSTED BY Myles Dacres
CATEGORY
Blog
The decision to leave the EU is causing a period of profound change and uncertainty for British businesses, as we near the end of the transition period, and many things remain unclear in the world of data protection. Next week DPPs consulting team will unpick the complex issues during a...
View Article »
DATE November 19, 2020 10:36 am
POSTED BY Myles Dacres
CATEGORY
Blog
There’s a bit of a debate raging within the consulting team at DPP about the value of privacy and what it will take to persuade the reluctant controllers that they really must comply with the law and really should be taking a best practice approach to privacy management rather than...
View Article »
DATE November 17, 2020 12:42 pm
POSTED BY Myles Dacres
CATEGORY
Uncategorized
The ICO has been cracking down over the last few weeks and some quite substantial fines have been issued. With news like this its clear that now is a good time to look at your own compliance and make sure your business is secure and protected. Recent fines from the...
View Article »
DATE November 17, 2020 9:05 am
POSTED BY Myles Dacres
CATEGORY
Blog
The ICO’s monetary penalty notice issued to Ticketmaster makes interesting if not worrying reading. LOTS of buck passing preceded and arguably slowed identification of the compromise. Indeed, a customer notified Ticketmaster via Twitter about the vulnerability 6 or 7 weeks before Ticketmaster and their incident response team identified it. It...
View Article »
DATE November 16, 2020 11:05 am
POSTED BY Myles Dacres
CATEGORY
Blog
The Outsourced DPO picked up an inbound support ticket this morning querying whether a data processor agreement was still relevant or required amending in light of Brexit and Schrems 2. The processor agreement in question was that issued by the Danish Data Protection Authority, Datatilsysnet which has taken some flak...
View Article »
DATE November 10, 2020 12:36 pm
POSTED BY Myles Dacres
CATEGORY
Uncategorized
Outsourced DPO The BBC ran an interesting story today about AI in retail environments https://www.bbc.com/news/technology-54522442 which makes for interesting reading but probably nothing of any particular surprise. We have known for decades about the Club Card and similar initiatives amassing tons of data to try to predict shopping habits on...
View Article »
DATE November 10, 2020 12:34 pm
POSTED BY Myles Dacres
CATEGORY
Blog
Studios MG, a small software development company was issued with a monetary penalty notice in the sum of £40,000 last month for sending unsolicited direct marketing materials by email with out consent. Reading the ICO’s report(https://ico.org.uk/media/action-weve-taken/mpns/2618388/studios-mg-limited-mpn.pdf), it seems that SMG were not readily forthcoming in engaging with the ICO during...
View Article »
DATE November 5, 2020 4:56 pm
POSTED BY Myles Dacres
CATEGORY
Uncategorized
So, we’re back in lockdown again and that means an increase in virtual meetings and webinars as we all do our best to adapt to the new environment. At Data Protection People meetings are sometime recorded in order to enable minute takers to fulfil their task or to enable meeting...
View Article »