Troy Hunt

DECEMBER 21, 2017

In the first 4 parts of "Fixing Data Breaches", I highlighted education , data ownership and minimisation , the ease of disclosure and bug bounties as ways of addressing the problem. This part of the series is also the hardest to implement. Changing the ROI of Security via Stiffer Penalties.

Data breaches 50

Data breaches GDPR Education Personal data 50

IT Governance

DECEMBER 20, 2022

Cyber criminals continued to wreak havoc, with the likes of Twitter , Uber and Neopets all reporting mammoth data breaches. In total, we have so far reported more than 1,000 data breaches in 2022, with almost half a billion breached records. million) fine for twelve breaches of the GDPR.

Security 132

Security Data breaches Ransomware Military 132

Data Protection Report

JUNE 9, 2022

Confusingly, they also state that they do not preclude a supervisory authority form using predetermined fixed amount fines for certain infractions (which would be at odds with this approach). For example, a data controller collects data without proper legal basis and when it is later hacked, it fails to notify the supervisory authority.

GDPR 52

GDPR Compliance Personal data IT 52

IT Governance

DECEMBER 13, 2018

Also in January, the ICO (Information Commissioner’s Office) fined Carphone Warehouse £400,000 – one of the largest fines it issued under the DPA (Data Protection Act) 1998 – for multiple security inadequacies that led to a 2015 data breach in which three million customers’ personal data was compromised.

Data breaches 71

Data breaches Personal data Access GDPR 71

Privacy and Cybersecurity Law

NOVEMBER 8, 2018

California law also requires businesses that suffer a breach of security to disclose the breach to consumers, and in some instances law enforcement, if sensitive information is compromised. Because the CCPA was passed in one day, it was for the most part poorly written. CCPA Background.

Privacy 58

Privacy Sales Compliance Cybersecurity 58

IT Governance

OCTOBER 11, 2018

As many as 438 third-party apps were potentially able to access the data of up to 500,000 Google+ account holders without their permission because of a vulnerability in one of its APIs. Google discovered and fixed the flaw in March 2018 as part of an audit it called Project Strobe, but opted not to disclose it at the time.

Personal data 73

Personal data Manufacturing Data breaches Government 73

Privacy and Cybersecurity Law

NOVEMBER 9, 2018

California law also requires businesses that suffer a breach of security to disclose the breach to consumers, and in some instances law enforcement, if sensitive information is compromised. Because the CCPA was passed in one day, it was for the most part poorly written. CCPA Background.

Privacy 58

Privacy Sales Education Compliance 58