The Home Depot Data Breach

© 2014 Colourbox

With up to 60 million customers affected, the recent security breach at North America’s largest hardware store, The Home Depot, once again proves that even some of the largest retailers have not implemented business processes that ensure the timely detection and communication, if not prevention, of such incidents. This post sheds a light on their dire consequences for consumers and what lawmakers in the U.S. and the E.U. intend to do about it.

Rate this:

Advertisements

The top 8 issues all CIO’s, CSO’s and CPO’s should know about how to notify data breaches in Europe

As the EU is about to enact a General Data Protection Regulation that will introduce a general obligation to notify personal data breaches for all companies doing business in Europe or directing it towards EU-based customers, we provide the reader with 8 of the most important aspects related to the implementation of this new obligation.

Rate this:

The Sony PlayStation Network Hacking Case (An Analysis of the UK ICO’s Resolution)

Sony Playstation. Photo by Armando Becerra (2013)

On January 14, 2013, the UK Information Commissioner’s Office imposed Sony PlayStation Network a monetary penalty of GBP 250,000 for its serious breach of the UK Data Protection Act – a penalty Sony eventually decided not to appeal in July. The penalty comes after the company was hacked in April 2011, compromising the personal information of millions of its customers. In this article, I highlight why the ICO made a brilliant move and interpretation of the Act.

Rate this:

Full Speed Ahead: Business-Minded I.T. Security Risk Management

"Wincup V8 Vodafone Holden Smashed.. Taken on December 4, 2010. (c) 2010 All rights reserved. Courtesy of Dhatt Creative.

Recent massive data breaches lead us to discuss the movement for new thinking, new strategies and new leadership amongst IT security. In the new paradigm, flat-out prevention is no longer the goal. Companies need to pursue nuanced risk-management decisions that protect yet allow them to do business.

Rate this:

The State of the State: U.K. Government Data Breaches

Government data breaches are very much a parochial problem in the U.K., causing indignation in widespread locales. In its recently published Annual Report for 2012/13, the Information Commissioner’s Office (ICO) states that data leaks by local authorities are a priority area for the data protection body. The ICO receives both individual complaints and declarations of self-reported data breaches from public and private entities.

Rate this:

How and Wow: Verizon’s Tactical Survey of Global Data Breaches

Designer: Thomas Saur. Available at http://wall.alphacoders.com/big.php?i=10203.

What is really happening on the ground with data breaches globally? The Verizon “2013 Data Breach Investigations Report” aggregates and analyzes data from over 47,000 data security incidents and 621 confirmed data breaches. Read this summation to acquaint yourself with the Report’s telling details, unexpected correlations and promising strategies for detection and prevention.

Rate this:

Towards a New Personal Data Breach Notification Framework in the EU

The European Commission published recently a Proposal for a Regulation on personal data protection. If adopted, it would repeal the 1995 Data Protection Directive. The Proposal includes a new data security framework: both the data controller and the data processor would have to implement appropriate technical and organizational measures in order to ensure that data is secure; a personal data breach would have to be reported within 24 hours to the supervisory authority, and also, without undue delay, to the data subject if the breach would adversely affect his personal data or privacy. We comment some of the pending issues.

Rate this:

Implementation of Privacy by Design and Technical and Organizational Security Measures: The Data Masking Solution

The European Union is working on a revised set of rules for its data protection framework. The concept and principles of “privacy by design” has been incorporated in this draft. We will assess how data masking can be considered an effective data security measure and whether data masking fulfills privacy by design principles. Data masking is not encryption. It is a technique that provides for the replacement of real data with fictitious but realistic data in test environments.

Rate this:

«Les droits de l’individu dans la révolution numérique» : l’Assemblée nationale française publie son rapport (5e et dernière partie)

"Future" (New York, NY, 2011) - Photo: Marie-Andrée Weiss

Depuis le début de cette série, la loi française en matière de notification des failles de sécurité a déjà changé. D’autres changements sont à venir, alors que Madame Viviane Reding expose son intention d’introduire une notification obligatoire des failles de sécurité pour les services bancaires et financiers et que la Commission européenne a lancé le 14 juillet dernier une consultation sur les règles pratiques de notification des violations de données à caractère personnel. (5e et dernière partie de notre série)

Rate this:

«Les droits de l’individu dans la révolution numérique» : l’Assemblée nationale française publie son rapport (4e partie)

"Arc-en-ciel" (New York, NY, 2011) - Photo: Marie-Andrée Weiss

Le rapport de l’Assemblée Nationale s’interroge également sur les garanties pour la confidentialité des données personnelles dans le ‘nuage’ et détaille les procédures légales d’exportation de ces données. (4e partie de notre série)

Rate this:

  • Blog authors

  • Copyright notice

    © Copyright 2010-2014 "Information Security Breaches & The Law".
    All rights reserved, unless noted otherwise under each author's post, page or other material.
    If you would like to discuss licensing terms, contact us at: info [at] security-breaches [dot] com.

  • Enter your e-mail address here to follow this blog and receive notifications of new posts by e-mail.

  • The “Global Information Security Breach Professionals” Group on Linkedin

  • Wordpress Blog Stats

    • 43,337 hits