October | 2013 | Information Security Breaches & The Law

Categories
Categories
Pages
Andreas Leupold Annie C. Bai Armando Becerra Brazil Canada Canadian Law Central America Central American Law Colombia Comments Conferences Countries Cédric Laurant English Español EU Law Europe European Union Farid Bouguettaya France Français Germany Héctor Guzmán Infographics Interviews Joseph Santangelo Latin America Law Marie-Andrée Weiss Mexico News Non-EU North America Notes Online Backup Geeks Opinions Outlines Português Posts (Practical guides) Renato Leite Monteiro Reports & Surveys South America South American Law United Kingdom United States
Security Breach Library (latest items)
- Fortinet 2013 Cybercrime Report (December 2012) This paper explores the world of the cybercriminal, describes how they build and deploy attacks to harvest valuable data, and what you can do to fight back.
- Online Trust Alliance Data Protection & Breach Readiness Guide (February 2013) The goal of the 2013 Data Protection & Breach Readiness Guide is to provide prescribed guidelines that help businesses proactively develop a plan to minimize data collection, enhance data protection and to create a customer-centric incident response p
- Security & Defense Agenda, Cyber-security: "The vexed question of global rules – An independent report on cyber-preparedness around the world" (Feb. 2012) This report is made up of a survey of some 250 leading authorities worldwide and of interviews carried out in late 2011 and early 2012 with over 80 cyber-security experts in government, companies, international organisations and academia. It offers a glob
- Verizon, 2013 Data Breach Investigations report (April 2013) This report makes you discover stats that might surprise you: from the percentage of espionage-related attacks to the astonishing length of time it often takes to spot a security breach.
October 2013

M T W T F S S

« Sep Jan »

1 2 3 4 5 6

7 8 9 10 11 12 13

14 15 16 17 18 19 20

21 22 23 24 25 26 27

28 29 30 31
Blogroll (recommended reference websites)

October 2013
M	T	W	T	F	S	S
« Sep		Jan »
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31

The Sony PlayStation Network Hacking Case (An Analysis of the UK ICO’s Resolution)

Posted by Armando Becerra on October 8, 2013 · 4 Comments

Sony Playstation. Photo by Armando Becerra (2013)

On January 14, 2013, the UK Information Commissioner’s Office imposed Sony PlayStation Network a monetary penalty of GBP 250,000 for its serious breach of the UK Data Protection Act – a penalty Sony eventually decided not to appeal in July. The penalty comes after the company was hacked in April 2011, compromising the personal information of millions of its customers. In this article, I highlight why the ICO made a brilliant move and interpretation of the Act.

Rate this:

Filed under Armando Becerra, Comments, English, Europe, European Union, United Kingdom · Tagged with accountability, data breach, data security breaches, Information Commissioner’s Office, monetary penalty, Sony PlayStation Network, UK Data Protection Act of 1998, vulnerability

Read this website in your language!

--> Click here to translate
Call to Guest Bloggers / Appel à blogueurs / Llamada a blogueros / Chamada para blogueiros convidados

--> Click here (EN) - --> Cliquez ici (FR) - --> Clique aquí (ES) - --> Clique aqui (PT)
Most Visited Posts & Pages (last 24-48 h)
Top Rated
Recent Posts
Tag Cloud
adequate level of data protection América Móvil anonymization Anteprojeto de Lei sobre privacidade e proteção de dados pessoais (Brasil) Argentina Article 29 Data Protection Working Party Assemblée nationale française Binding corporate rules brechas de seguridad Bundesdatenschutzgesetz California Office of Privacy Protection California Security Breach Notification Act Californie CIL cloud computing CNIL Code des postes et des communications électroniques Commission nationale de l’informatique et des libertés confidentiality confidentialité des données contractual clauses correspondant "informatique et libertés" cybersecurity Código de Defesa do Consumidor (Brasil) dados pessoais damage to reputation data breach data breaches data breach notification data controller data loss data protection Data Protection Authority data protection by default data protection law data protection officer data security data security breaches data subject datos personales Directive 95/46/CE Directive 2009/136/CE Directive 2009/140/CE données à caractère personnel Düsseldorfer Kreis encryption ENISA Estados Unidos EU Directive 95/46/EC EU Directive 2002/58/EC EU Directive 2009/136/EC EU e-Privacy Directive European Commission European data protection authorities European Data Protection Supervisor European Network and Information Security Agency European Union external audit externalisation failles de sécurité falhas de segurança fallas de seguridad Farmacias San Pablo fuga de datos fuga de información German Federal Data Protection Act Germany Google hackeo hacking IaaS IFAI Information Commissioner’s Office information security Informatique en Nuage Instituto Federal de Acceso a la Información y Protección de Datos integrity intimidade IT security Ley Federal de Protección de Datos Personales en Posesión de los Particulares (México) LFPDPPP LinkedIn loi "Informatique et libertés" loi no. 78-17 du 6 janvier 1978 medidas de seguridad México notificación de brechas de seguridad notificación de vulneraciones de seguridad notification des violations de securité obligations en matière de sécurité PaaS personal data plan de continuidad de negocio Privacidade privacy privacy by design Proteção de Dados Reglamento de la Ley Federal de Protección de Datos Personales en Posesión de los Particulares (México) responsable du traitement responsables de traitement de données RLFPDPPP SaaS Safe Harbor Framework Safe Harbor self-certification security breach security breaches security breach notification self-regulation sensitive information sensitive personal information sécurité des données technical and organizational measures technological protection measures Telcel TV Azteca Union européenne United Kingdom United States US Federal Trade Commission vie privée violaciones de seguridad violations de sécurité vulnerability vulneración de datos personales vulneración de seguridad
Blog Tweets (last 5)
- The latest The #DataBreach Weekly Digest! paper.li/security_breac… Thanks to @PogoWasRight #biometric #privacy - Tweeted 2 days ago
- The latest The #DataBreach Weekly Digest! paper.li/security_breac… #hipaa #privacy - Tweeted 1 week ago
- The latest The #DataBreach Weekly Digest! paper.li/security_breac… #hipaa - Tweeted 2 weeks ago
- The latest The #DataBreach Weekly Digest! paper.li/security_breac… Thanks to @PogoWasRight - Tweeted 3 weeks ago
- The latest The #DataBreach Weekly Digest! paper.li/security_breac… Thanks to @PogoWasRight #privacy #ransomware - Tweeted 1 month ago
Follow @security_breach
Recent News on Security Breaches
- ENISA releases report on situation of implementation of e-Privacy Directive's data breach notification requirement (ENISA, Jan. 13, 2011) “ENISA reviewed the current situation in order to develop a consistent set of guidelines addressing the technical implementation measures and the procedures, as described by Article 4 of the reviewed Directive 2002/58/EC.”
- "EU Study Frowns over Data Breach Notification Rules. Cyber-security Agency Worries" (The Register, Jan. 14, 2011) New study identifies risk prioritisation, enforcement and resources as key issues. ENISA hopes research will help to develop best practice on breach notification and inform future decisions on whether EU rules, first to apply to telcos and ISPs, ought to
- Citigroup Cites $2.7 Million in Customer Losses From Hack (Wall Street Journal, June 25, 2011) Citigroup Inc. has told government officials that about 3,400 of the customers whose credit-card information was hacked have suffered about $2.7 million in losses
- Citigroup did little to assist victims of privacy breach, critics say (The Globe and Mail, June 24, 2011) After a massive data breach last month, Citigroup did not offer its hacked clients the same degree of identity-theft protection that many other companies provide, drawing criticism from privacy advocates.
- Citigroup says hackers accessed bank card data (The Globe and Mail, June 9 & 14, 2011) About 1% of Citibank’s card customers were affected by the breach, which a report asserts had been discovered in May during routine monitoring.
- Preparation for hacker attacks helps in protecting, insuring firms (Business insurance.com, June 27, 2011) “Preparing in advance for a seemingly inevitable data breach will put a company in a better position to respond when its systems are attacked, as well as improve its position with insurers in seeking cyber risk coverage.”
- "Data Breaches a Symptom of a Bigger Problem" (Infosecurity-us.com, June 14, 2011) “Organizations that lack adequate security funding – especially small and medium-sized businesses – are being targeted by hackers because they are easy prey.”
- "Cybersecurity: SEC outlines requirement that companies report cyber theft and attack" (Washington Post, Oct. 15, 2011) “Cyberspies and criminals steal what is estimated to be tens of billions of dollars worth of data from U.S. companies each year. Yet experts say few companies report these losses to shareholders.”

Authors' recent talks on information security & data protection issues
- Cédric Laurant: "Retention and Online Search: How Current Challenges for Privacy Become New Threats for Freedom of Expression" Conference on Internet Governance, Policy and Regulation – Internews, Annenberg School for Communication (Pennsylvania University) & USAID (Sarajevo, Bosnia-Herzegovina – 8-9 June 2012)
- Cédric Laurant: Presentation: "Ejercicios prácticos de la Ley Federal de Protección de Datos en Posesión de los Particulares en el ámbito de Internet y redes sociales en México" Seminario “Derecho de las Tecnologías de la Información y Comunicación”, Instituto de Investigaciones Jurídicas, UNAM (Mexico City, Mexico – 5 Oct. 2012)
- Cedric Laurant: Presentation: "An Update on Latin American Developments in Privacy and Consumer Protection Laws and Enforcement Mechanisms" The Public Voice Conference: “Privacy Rights are a Global Challenge” – Held in conjunction with the 34th International Conference of Data Protection & Privacy Commissioners (Punta del Este, Uruguay – Oct. 22, 2012)
- Cedric Laurant: Web conference on "Incident Response: Clean up on Aisle Nine" SecureWorld Expo – Online event on 29 Nov. 2012 at 13:00 (GMT-5; EST)
- Cédric Laurant: Presentación sobre los aspectos jurídicos del manejo de vulneraciones de datos de carácter personal según la LFPDPPP y su Reglamento. Una comparativa con el marco jurídico mexicano, EE.UU. y de la U.E. Congreso de Seguridad de la Información, Instituto Politécnico Nacional (IPN) – Escuela Superior de Ingeniería Mecánica y Eléctrica (ESIME) – Unidad Culhuacán (Mexico City, Mexico – 21-22 March 2013)
- Cédric Laurant: Presentation about the data protection aspects of mobile phone 3rd party apps in Mexico, the European Union & the United States INTUG (International Telecoms Users Group), Mobile Broadband & Roaming Conference (Mexico City, Mexico – Jan. 29, 2013)
- Cédric Laurant: Presentation: "Los aspectos jurídicos y de gobernanza de la información del manejo de vulneraciones de datos de carácter personal en el sector financiero según el marco legal mexicano y una comparación con el marco jurídico es 1st HSBC Information Security & Fraud Risk Conference – HSBC Headquarters (Mexico City, Mexico – 10-11 April 2013)
- Cédric Laurant: presentation: "Evita sanciones por fuga de datos personales de tu empresa" Tecnológico de Monterrey – Campus Edo de México (Atizapán de Zaragoza – Estado de México – 24 abril 2013)
- Cédric Laurant: Presentation: "The Latin American Privacy Revolution” Annual Retreat, Twin Cities Privacy Network (Minneapolis, Minnesota, United States – June 7, 2013)
- Armando Becerra: Presentation at the "Mesa Redonda: El estado de la industria de la Seguridad Informática en México" (14 Feb. 2013) BugCON 2013 (Mexico City, Mexico – Feb.14, 2013)
- Armando Becerra: Presentation: "Tráfico de bases de datos en el mercado negro digital" GuadalajaraCON 2013, Universidad de Guadalajara (Guadalajara, Mexico – April 19, 2013)
- Armando Becerra: Presentation: "Psicología de la Seguridad y Protección de Datos Personales" 1st HSBC Information Security & Fraud Risk Conference – HSBC-Mexico Headquarters (Mexico City, Mexico – April 10, 2013)
- Marie-Andrée Weiss: Presentation: "The Big Data IP Problem: Big Issues for "Big Data'" Live Webinar & Teleconference, American Bar Association (June 28, 2013)
- Cédric Laurant: Web conference presentation: "Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buzz in Europe? What U.S. Companies Should Know" SecureWorld Web Conference: “Incident Response: Clean Up on Aisle Nine” (29 Nov. 2012)
- Armando Becerra – Presentation: "Experiencias Telemáticas" UPIITA, IPN – Conference: “Telemático: Copa de nada con sabor a todo” (Mexico City, Mexico – 15 July 2013)
- Armando Becerra – Presentation: "Experiencias Telemáticas" UPIITA, IPN – Workshop: “Entrevistas exitosas y formas de presentar un CV” (Mexico City, Mexico – 15 July 2013)
- Armando Becerra – Presentation: "Mercados Negros Digitales" B:secure Conference: “La liga de la seguridad” (Mexico City, Mexico – 4 July 2013)
- Armando Becerra – Presentation: "Mercado Negro Digital" Campus Party México 2013 (México City, Mexico – 1 Aug. 2013)
- Cédric Laurant: Presentation about self-regulation and co-regulation in the Mexican data protection legal framework Expo Tecnología, “TICs y Seguridad”, World Trade Center (Mexico City, Mexico – April 8-10, 2014)

Authors' upcoming talks on information security & data protection issues
- Cédric Laurant: Presentation about "The Right to be Forgotten in Latin America: Legislation, Cases in Law and Trends" American Bar Association, Fall Meeting 2014 (Buenos Aires, Argentina – October 21-25, 2014)
- Cédric Laurant: Presentation about security and confidentiality "in the cloud" b:Secure Conference: “Seguridad y confidencialidad en la nube”. Crown Plaza Hotel (Mexico City, Mexico – November 6, 2014)
- Cédric Laurant: Presentation about “Seguridad de la información, vulneraciones de datos personales y la gestión de riesgos” IAPP-KnowledgeNet (Mexico City, Mexico – September 25, 2014)
Archives by date
- September 2014 (1)
- July 2014 (1)
- January 2014 (2)
- October 2013 (1)
- September 2013 (1)
- July 2013 (1)
- June 2013 (1)
- May 2013 (1)
- April 2013 (1)
- January 2013 (2)
- June 2012 (2)
- November 2011 (1)
- September 2011 (1)
- August 2011 (4)
- May 2011 (2)
- February 2011 (2)
- December 2010 (1)
- November 2010 (1)
- August 2010 (2)
- July 2010 (3)
- June 2010 (1)

Subscribe to this blog by e-mail

Enter your e-mail address here to follow this blog and receive notifications of new posts by e-mail.
Search for:
The “Global Information Security Breach Professionals” Group on Linkedin
Wordpress Blog Stats
- 46,474 hits

Information Security Breaches & The Law

Categories

Pages

Security Breach Library (latest items)

Blogroll (recommended reference websites)

The Sony PlayStation Network Hacking Case (An Analysis of the UK ICO’s Resolution)

Rate this:

Read this website in your language!

Call to Guest Bloggers / Appel à blogueurs / Llamada a blogueros / Chamada para blogueiros convidados

Most Visited Posts & Pages (last 24-48 h)

Top Rated

Recent Posts

Tag Cloud

Blog Tweets (last 5)

Recent News on Security Breaches

Blog authors

Copyright notice

Authors' recent talks on information security & data protection issues

Authors' upcoming talks on information security & data protection issues

Archives by date

Subscribe to this blog by e-mail

The “Global Information Security Breach Professionals” Group on Linkedin

Wordpress Blog Stats