dataprotection   1307

« earlier    

ICO crack down on Met Police Gangs Matrix
The ICO found that the data sharing was occurring informally between the MPS and the third parties. The data was often saved locally by individuals within the MPS and also by the third parties who received the personal data. This made it more difficult for the organisations to maintain control over who was accessing the data. Further, the MPS had failed to secure information sharing agreements with the third parties, which the ICO said was a basic necessity when sharing personal data between organisations.

The ICO was concerned about the large amounts of personal data being shared and the accuracy of that data. Crucially, the MPS had failed to carry out either a data protection or privacy impact assessment in relation to the Gangs Matrix. Although such impact assessments were not mandated under DPA98 (which they are now under the GDPR), they have for some time been recommended by the ICO as best practice for identifying and minimising the privacy risks of projects or policies. The ICO was particularly concerned that victims of gang-related violence were included in the Gangs Matrix without a distinction being made between them and the perpetrators of crime. The majority (64%) of the individuals in the Gangs Matrix were rated as green (low risk). In light of this, the ICO considered that the data processing by the MPS was excessive and lacking in differentiation.
datasharing  ICO  example  police  dataprotection  DPIA  enforcementnotice  regulation 
4 days ago by corrickwales
Hackers breach and steal password data for 100 million users
Compromised information includes cryptographically protected passwords, full names, email addresses, data imported from linked networks, and a variety of non-public content and actions, including direct messages, answer requests and downvotes. The breached data also included public content and actions, such as questions, answers, comments, and upvotes. In a post published late Monday afternoon, Quora officials said they discovered the unauthorized access on Friday. They have since hired a digital forensics and security firm to investigate and have also reported the breach to law enforcement officials.
security  dataprotection 
6 days ago by terry
Marriott's Starwood hotels mega-hack: Half a BILLION guests' deets exposed over 4 years
Few hacks of individual firm's customer data have come close to the scale of this one. The Yahoo! breach in 2013 saw three billion email accounts breached, while Carphone Dixons, the UK electronics retail chain, managed to lose control of 5.9 million sets of payment card data. In the US, the US Government Office for Personnel Management (which handles sensitive files on millions of government workers) had the personal data of 21 million employees' breached by hackers.
security  dataprotection 
6 days ago by terry
Marriott International becomes the hackers’ latest victim
DATA BREACHES have become so common that even biggish ones no longer make the news. But on November 30th Marriott International, a big American hotel chain, announced a real whopper. Half a billion records from a database owned by Starwood, one of the firm’s subsidiaries, had been accessed by hackers.
data  dataprotection 
9 days ago by terry
LinkedIn processed 18 million email addresses of non-users for targeted advertising
Social media network LinkedIn processed the email addresses of 18 million non-members and targeted them with advertising on Facebook without permission, an audit by the Data Protection Commissioner has found.
linkedin  ireland  gdpr  dataprotection  commissioner  emailaddress  targetedads  facebook  consent  permission  indie  radar 
16 days ago by laurakalbag
Data Protection and the Draft EU-UK Withdrawal Agreement: Ten Initial Conclusions | HL Chronicle of Data Protection
Assuming that the withdrawal agreement is passed (which is a big assumption – see conclusion eight below), then the transition period is initially expected to run from 29 March 2019 until 31 December 2020. During this time the GDPR, along with all other EU data protection laws, will continue in effect within the UK. This means a ratified withdrawal agreement should guarantee that the status quo is maintained for at least the next two years.
law  brexit  GDPR  dataprotection  EU  government 
16 days ago by corrickwales
Exploring good common principles for a digital identity system – By @odihq
As we become ever more reliant on online services, questions around our digital identities become more pertinent – here we explore what identity means in a digital age, and how we could develop an ethical and accessible framework for a digital identity system
identity  dataprotection  privacy  research 
18 days ago by corrickwales
France is ditching Google to reclaim its online independence
“We have to set the example,” said Florian Bachelier, one of MPs chairing the Assembly’s cybersecurity and digital sovereignty task-force, which was launched in April 2018 to help protect French companies and state agencies from cyberattacks and from the growing dependency on foreign companies. “Security and digital sovereignty are at stake here, which is anything but an issue only for geeks,” Bachelier added. [...]

In France, this all started with the Edward Snowden. In 2013, when the American whistleblower revealed that the NSA was spying on foreign leaders and had important capability to access data stocked on private companies’ clouds, it was a wake up call for French politicians. A senate report that same year fretted that France and the European Union were becoming “digital colonies”, a term that since then has been used by French government officials and analysts to alert about the threat posed by the US and China, on issues of economic, political and technological sovereignty. Recent scandals, including the Cambridge Analytica-Facebook imbroglio, further shook French politicians and public opinion.
france  google  privacy  dataprotection 
20 days ago by terry
Inside DeepMind as the lines with Google blur
Last week, the line between the companies blurred significantly when DeepMind announced that it would transfer control of its health unit to a new Google Health division in California. [...]

In March 2017, DeepMind also announced it would build a “data audit” system, as part of its public commitment to transparency. The technology would allow NHS partners to track its use of patient data in real time, with no possibility of falsification, DeepMind said. Google did not comment on whether it will finish the project.
google  ai  dataprotection 
20 days ago by terry
Facebook investors call on Mark Zuckerberg to resign as chairman following damaging report 
Facebook investors have called on the company’s chief executive Mark Zuckerberg to step down as chairman, following reports that the company hired a public relations firm to smear its critics by drawing links to George Soros.
facebook  business  dataprotection  privacy  governance 
20 days ago by corrickwales
Google: Our DeepMind health slurp is completely kosher
DeepMind told The Reg: “It is false to say that Google is “absorbing” data. This data is not DeepMind’s or Google’s – it belongs to our partners, whether the NHS or internationally. We process it according to their instructions.”

That claim, echoed by DeepMind Health chief Dominic King, brought a swift correction from legal experts.

“It doesn’t belong to DeepMind’s partners, it belongs to the individuals,” Serena Tierney partner at lawyers VWV. “Those ‘partners’ may have limited rights, but it doesn’t belong to them.”
google  dataprotection  gdpr 
23 days ago by terry

« earlier    

related tags

advertising  ai  analysis  analytics  aol  apis  apple  apps  auditing  balancingtest  banking  banks  banksarron  blockchain  book  brazil  breach  brexit  business  cambridgeanalytica  cambridgeuniversity  campaigning  cars  children  cnil  commissioner  consent  conservatives  cookies  corporateresponsibility  cybercrime  cybersecurity  data  databreach  databroker  datafund  dataportability  dataprivacy  datasharing  datatransfer  democracy  design  dev  dixons  dpcertcourse  dpia  dynamic  edps  eldoninsurance  email  emailaddress  enforcement  enforcementnotice  eprivacy  ethics  eu  eudatap  euinstitutions  europe  europeanunion  example  experian  facebook  fax  fine  fines  france  fraud  gdpr  gm  gmail  google  governance  government  guidance  guide  hacking  health  ico  identity  idpc  indie  innovation  intel  interactive  international  internet  ireland  kpmgcyberfi  labourparty  law  lawenforcement  legalaction  legalcase  legislation  linkedin  location  locationdata  marketing  mastercard  methodology  microsoft  misuse  morrisons  nationalarchive  nationalwebarchives  online  permission  personaldata  phones  police  policing  policy  politics  privacy  privacybydesign  products  proportionality  proposal  radar  radio  regions  regulation  report  research  responsibledisclosure  russia  science  security  siliconvalley  socialmedia  software  spain  spoofing  strategy  surveillance  targetedads  tech  technology  telegram  timcook  tools  transparency  trump  twitter  uk  us  vpn  vulnerability  web  webarchiving  website  whatsapp  windows10  yahoo 

Copy this bookmark: