Since the EU's General Data Protection Regulation went into full effect in May 2018, European data protection authorities have received more than 160,900 data breach reports and imposed $126 million in fines under GDPR for a wide variety of infringements, not all involving data breaches.
British regulators have fined Dixons Carphone $653,000 for a breach that exposed millions of payment card details and personal data due to point-of-sale malware. The retailer's lack of security contributed to a "careless loss of data," the Information Commissioner's Office says.
Wanted: A new chief executive to assume command of Britain's growing National Cyber Security Center, part of GCHQ. As Ciaran Martin departs, the successful NCSC model he helped create is being widely emulated in many countries. But the U.S. remains a notable holdout.
Apple and Google have stopped distributing a popular messaging app marketed to English and Arabic speakers called ToTok. The New York Times has reported that U.S. intelligence agencies believe ToTok was developed by the United Arab Emirates government to spy on its citizens. The government bans rival offerings.
One of the largest fines to date for violating the EU's General Data Protection Regulation has been announced by Germany's federal privacy and data protection watchdog, the BfDI, against 1 & 1 Telecommunications, in part for inadequate authentication mechanisms. The company plans to appeal.
The latest edition of the ISMG Security Report offers an in-depth analysis of whether Instagram is doing enough to protect the contact information of minors. Plus: Compliance updates on GDPR and PCI DSS.
Microsoft will apply the core rights of the California Consumer Privacy Act across all its customers in the U.S., which could nudge other technology companies in the same direction as online privacy becomes an increasing concern. The move is significant in that the technology industry has lobbied against parts of the...
The EU's General Data Protection Regulation rewrote the rules of the data privacy and breach notification game when it went into full effect last year. Now, however, numerous organizations are revisiting and refining their GDPR compliance efforts around preparation and remediation, says PwC's Polly Ralph.
Data privacy discussions must focus not just on collecting, storing and securing data, but also the impetus for doing so - and whether it is being done in an ethical manner, says consultant Thom Lagford, a former CISO, who addresses GDPR compliance issues.
New legislation introduced by Sen. Ron Wyden, D-Ore., would "bring meaningful punishments for companies that violate people's data privacy, including larger fines and potential jail time for CEOs," he says. But can Congress agree on a privacy law?
Twitter apologized on Tuesday for repurposing phone numbers provided by users for security features for use in targeted advertising, claiming the move was a mistake. Earlier, Facebook was reprimanded for a similar practice.
In today's shifting security and regulatory environment, ongoing third-party monitoring is crucial to compliance success. But how do you keep up with a constantly changing and growing list of vendors?
This session will outline the keys to third-party risk management success through a modern approach to monitoring...
Europe's top court has ruled that Google does not have to remove links to sensitive personal data globally under the EU's "right to be forgotten" requirements, saying the requirement only applies in Europe.
In an exclusive session, veteran CISO Thom Langford looks at what GDPR has influenced since its introduction, how this impacts security and privacy leaders across sectors, and where data protection regulation can go from here.
Langford is the founder of (TL)2 Security, a strategic Information security Consultancy. As...