Keyboard and shadow - Data theft. © Colourbox (http://www.colourbox.com).
  • About this blog

    This blog, written in English, French, Portuguese and Spanish includes opinions, comments on recent news, laws or other developments, research notes and conference reports in the area of information security breaches, mainly in Europe, the United States and Latin America.

    It also features a "Library" that includes links to recent reports and surveys, practical guides, blogs and websites in the area, upcoming conferences, new data breach notification bills and laws, and other related resources.

    It should be of interest to company executives concerned with information security issues in their business, as well as to professionals practicing in the field of information security, privacy and data protection, along with the interested general public.

    The blog’s editor is Cédric Laurant, and Marie-Andrée Weiss and him the main authors.

Keyboard and shadow - Data theft. © Colourbox (http://www.colourbox.com).

The top 8 issues all CIO’s, CSO’s and CPO’s should know about how to notify data breaches in Europe

As the EU is about to enact a General Data Protection Regulation that will introduce a general obligation to notify personal data breaches for all companies doing business in Europe or directing it towards EU-based customers, we provide the reader with 8 of the most important aspects related to the implementation of this new obligation.

Rate this:

"Broken Lock". Photo by Alexander Kolosov; shot on July 18, 2013. Available at http://www.flickr.com/photos/86251473@N08/9339311161/. Licensed under a Creative Commons "Attribution-ShareAlike 2.0 Generic" (CC BY-SA 2.0) licence.

Vulneraciones de Datos Personales y Responsabilidad de los Encargados bajo la Ley Mexicana (2da parte)

Bajo la legislación mexicana de protección de datos personales, algunas dudas comienzan a emerger en relación con las vulneraciones de seguridad que pueden sufrir los encargados. La normativa vigente regula qué es una vulneración de seguridad y la forma en que los responsables deben actuar ante una. Sin embargo, los encargados no encuentran respuestas inmediatas en relación con sus obligaciones. Analizando la ley y su objeto, este post pretende dar algunas soluciones. (2da parte)

Rate this:

"Broken fence." Photo by Jens Schott Knudsen; shot on Aug. 25, 2013.

Vulneraciones de Datos Personales y Responsabilidad de los Encargados bajo la Ley Mexicana (1ra parte)

Bajo la legislación mexicana de protección de datos personales, algunas dudas comienzan a emerger en relación con las vulneraciones de seguridad que pueden sufrir los encargados. La normativa vigente regula lo que es una vulneración de seguridad y la forma en que los responsables deben actuar ante una. Sin embargo, los encargados no encuentran respuestas inmediatas en relación con sus obligaciones. Analizando la ley y su objeto, este post pretende dar algunas soluciones. (1ra parte)

Rate this:

Sony Playstation. Photo by Armando Becerra (2013)

The Sony PlayStation Network Hacking Case (An Analysis of the UK ICO’s Resolution)

On January 14, 2013, the UK Information Commissioner’s Office imposed Sony PlayStation Network a monetary penalty of GBP 250,000 for its serious breach of the UK Data Protection Act – a penalty Sony eventually decided not to appeal in July. The penalty comes after the company was hacked in April 2011, compromising the personal information of millions of its customers. In this article, I highlight why the ICO made a brilliant move and interpretation of the Act.

Rate this:

"Wincup V8 Vodafone Holden Smashed.. Taken on December 4, 2010. (c) 2010 All rights reserved. Courtesy of Dhatt Creative.

Full Speed Ahead: Business-Minded I.T. Security Risk Management

Recent massive data breaches lead us to discuss the movement for new thinking, new strategies and new leadership amongst IT security. In the new paradigm, flat-out prevention is no longer the goal. Companies need to pursue nuanced risk-management decisions that protect yet allow them to do business.

Rate this:

Data_Crown

The State of the State: U.K. Government Data Breaches

Government data breaches are very much a parochial problem in the U.K., causing indignation in widespread locales. In its recently published Annual Report for 2012/13, the Information Commissioner’s Office (ICO) states that data leaks by local authorities are a priority area for the data protection body. The ICO receives both individual complaints and declarations of self-reported data breaches from public and private entities.

Rate this:

"Head in Hands" by Alex E. Proimos. Shot on December 14, 2009 at Monnaie, Paris, France. Available at http://www.flickr.com/photos/proimos/4199675334/. Published under a Attribution-NonCommercial 2.0 Generic (CC BY-NC 2.0) license.

The State of the State: U.S. Government Data Breaches

Government data breaches run the gamut, but recently we are hearing about years-old security vulnerabilities that are not discovered by the government agencies themselves, but by outsiders. Plus, a review of the broad numbers regarding U.S. government data breaches of the past four years.

Rate this:

Backup-Battalion-Saves-World-From-Intergalactic-Data-Disasters-featured_image

Buzz Lightyear Saved from Data Death

In a world where a residential fire occurs every 79 seconds, a laptop is stolen every 53 seconds and a hard drive crashes every 15 seconds, citizens are crying out for help. Do not fear, the Backup Battalion is here! Watch how these super-powered information protectors defend the planet from data-munching monsters and cloud-thrashing titans. Interested in joining the team? Then gather your favorite pair of spandex and read on!

Rate this:

Designer: Thomas Saur. Available at http://wall.alphacoders.com/big.php?i=10203.

How and Wow: Verizon’s Tactical Survey of Global Data Breaches

What is really happening on the ground with data breaches globally? The Verizon “2013 Data Breach Investigations Report” aggregates and analyzes data from over 47,000 data security incidents and 621 confirmed data breaches. Read this summation to acquaint yourself with the Report’s telling details, unexpected correlations and promising strategies for detection and prevention.

Rate this:

"Herring-Hall-Marvin Safe Co." (Caja fuerte, Museo de Minería de Nacozari, Estado de Sonora, México) (Photo courtesy of Ricardo Alonso (c) 2010. All rights reserved.) Available at http://www.flickr.com/photos/ricardo_alonso/4818845451.

Todo lo que querías saber sobre la notificación de vulneraciones de datos personales en la nueva legislación mexicana (2da parte)

Las empresas mexicanas no sólo tienen que cumplir con una ley de protección de datos en vigor desde enero del 2012 que les impone nuevas obligaciones y mejores medidas de seguridad. También tienen que estar listas para notificar a los titulares cuando sufran una vulneración a sus datos personales. Con amenazas como el espionaje industrial, ciber-criminales, empleados negligentes y rumores de ciber-guerra, no existe ninguna organización inmune a las fugas de datos. Esta entrada explica como estar preparado y como interpretar la reciente ley. (2da parte)

Rate this:

  • Blog authors

  • Copyright notice

    © Copyright 2010-2014 "Information Security Breaches & The Law".
    All rights reserved, unless noted otherwise under each author's post, page or other material.
    If you would like to discuss licensing terms, contact us at: info [at] security-breaches [dot] com.

  • Enter your e-mail address here to follow this blog and receive notifications of new posts by e-mail.

  • The “Global Information Security Breach Professionals” Group on Linkedin

  • Wordpress Blog Stats

    • 31,500 hits
Follow

Get every new post delivered to your Inbox.

Join 438 other followers