2016, Examples and Exercises - Information Management Today

Data Subject Access Requests – High Court dismisses claim where DSAR regime abused

DLA Piper Privacy Matters

JANUARY 15, 2021

In late 2019, the Claimant issued proceedings and sought various relief, including in connection with an allegation that the Defendant had failed to provide data, contrary to the Data Protection Act 2018 ( “DPA 18” ) and the General Data Protection Regulation (EU) 2016/679 ( “GDPR” ).

Access

Access GDPR Personal data Retail

Leaked documents from Russian firm NTC Vulkan show Sandworm cyberwarfare arsenal

Security Affairs

APRIL 2, 2023

A joint research conducted by Mandiant with a collective of media outlets (including Papertrail Media, Der Spiegel, Le Monde, and Washington Post) focused on documents, dated between 2016 and 2020, belonging to NTC Vulkan (Russian: НТЦ Вулкан). ” reads the report published by Mandiant. . ” continues Mandiant.

Energy and Utilities

Energy and Utilities Education Ransomware IT

The Impact of Data Protection Laws on Your Records Retention Schedule

ARMA International

APRIL 18, 2022

A data subject request is an action by an individual to exercise that right, and the organization has an obligation to respond to that request 10 11. 2016/679 (EU, April 27). 2016/679, Art. 2016/679 (EU, April 27). 2016/679, Art. resumes, personnel files, video/call recordings). 2 DLA Piper. 2000. . § 2 DLA Piper.

Personal data

Personal data GDPR Privacy Records Management

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

U.S. Government White Paper to Help Companies Address the EU’s National Security Concerns in Schrems II

Data Matters

SEPTEMBER 30, 2020

safeguards are stronger than those available in Europe comports with and updates the conclusions previously documented in “Essentially Equivalent: A Comparison of the Legal Orders for Privacy and Data Protection in the European Union and the United States” issued by Sidley Austin LLP in 2016, and available at [link].).

Paper

Paper Government Security Privacy

Europe: EDPB Guidelines on calculation of fines under GDPR – a case of evolution, not revolution?

DLA Piper Privacy Matters

MAY 23, 2022

The Guidelines follow the previously adopted Guidelines on the application and setting of administrative fines for the purpose of the Regulation 2016/679 (WP253), which focus on the circumstances in which to impose a fine. For example, the Guidelines state that for undertakings with an annual turnover of ? €2m,

GDPR

GDPR Personal data Risk IT

RSAC insights: CyberGRX finds a ton of value in wider sharing of third-party risk assessments

The Last Watchdog

MAY 10, 2021

CyberGRX launched in 2016 as a clearinghouse for companies to pool and share standardized assessment data and actually analyze the results for action. So much time and energy was put into the administrative exercise of just requesting data and responding to questionnaires,” Kneip says. “By Visibility boost.

Risk

Risk Insurance Access Security

In praise of. the Investigatory Powers Act 2016

Data Protector

AUGUST 17, 2020

I see the IPA as an outstanding example that Governments of all countries should adopt to ensure that public authorities act transparently and put effective mechanisms in place to ensure that human rights are appropriately respected. Where opinion formers had concerns, these issues should be addressed.

Communications

Communications Government Personal data Compliance

Processing of riders’ personal data ? The Italian Data Protection Authority sanctions a food delivery company

Privacy and Cybersecurity Law

JULY 26, 2021

The Company was found guilty of infringing the following provisions of Regulation EU 2016/679 (“ GDPR ”): Information provided to the riders pursuant to Article 13 of the GDPR. For example, geolocation data was used to exclude some riders from work opportunities. What infringements did the Garante identify? Retention period.

Personal data

Personal data GDPR e-Delivery Communications

EDPB Adopts Guidelines on Data Processing Through Video Devices

Hunton Privacy

JULY 26, 2019

Although the Guidelines provide examples of data processing for video surveillance, these examples are not exhaustive. The European Data Protection Board (the “EDPB”) recently adopted its Guidelines 3/2019 on processing of personal data through video devices (the “Guidelines”).

GDPR

GDPR Personal data Privacy Compliance

4 ways ISO 27001 can enhance your business

IT Governance

NOVEMBER 16, 2017

In the UK, the number of organisations certified to the Standard increased by 20% in 2016 , bringing the total to more than 33,000. The negative effects of security incidents can be seen to some extent in almost all breaches, but for an extreme example, see the aftermath of the 2015 TalkTalk breach.

Information Security

Information Security Sales Personal data Risk

Insights about the first five years of Right to be Forgotten requests at Google

Elie

DECEMBER 12, 2019

So in January 2016, as a preparation to providing better statistical analysis, our RTBF reviewers started manually annotating each requested URL with additional data, including the site category, the type of page content, and the requesting entity. Different countries, different usages.

Privacy

Privacy Paper Government GDPR

Insights about the first three years of the Right To Be Forgotten requests at Google

Elie

FEBRUARY 26, 2018

So in January 2016, our RTBF reviewers started manually annotating each requested URL with additional category data, including category of site, type of content on page, and requesting entity. The way the RTBF is exercised through Europe varies by country. For example peoplecheck.de Different countries, different usages.

Privacy

Privacy Government Paper Access

Time and tide waits for no man – IoT in Insurance

CGI

MAY 27, 2016

Fri, 05/27/2016 - 07:25. For example, car insurance could be varied between theft and fully comprehensive when the Car is not being used. Behavioural based health and wellness - For life insurance, the level of exercise completed could influence the premiums offered. Time and tide waits for no man – IoT in Insurance.

Insurance

Insurance IoT Marketing Manufacturing

SCHREMS 2.0 – the demise of Standard Contractual Clauses and Privacy Shield?

DLA Piper Privacy Matters

JULY 1, 2019

It was introduced in 2016 following the downfall of a predecessor scheme known as ‘Safe Harbor’. In exceptional circumstances and for the sake of legal certainty, the CJEU may decide to limit the effects of any judgement to the future although this discretion is rarely exercised by the court and notably wasn’t used in the Schrems 1.0

Privacy

Privacy Personal data GDPR Risk

Predictions 2016: Apple, Tesla, Google, Medium, Adtech, Microsoft, IoT, and Business on a Mission

John Battelle's Searchblog

JANUARY 3, 2016

The post Predictions 2016: Apple, Tesla, Google, Medium, Adtech, Microsoft, IoT, and Business on a Mission appeared first on John Battelle's Search Blog. it was really you who’ve encouraged me to have at it again for 2016. 2016 will be the year that “business on a mission” goes mainstream.

IoT

IoT Blockchain Marketing IT

Polish DPA issues the first fine for a violation of the GDPR – and it’s harsh

DLA Piper Privacy Matters

APRIL 2, 2019

Consequently, PUODO explained that the failure to comply with the information obligation led to the company’s privileged position in exercising its rights in relation to the rights of data subjects and constituted an important element of the company’s business. . 14 5(b) of the GDPR.

GDPR

GDPR Personal data IT Paper

GERMANY: Federal Court summary judgment: FCO achieves stage victory against Facebook

DLA Piper Privacy Matters

JUNE 25, 2020

or external services, for example by using “like” or “share buttons” on third-party websites. In March 2016, the FCO initiated proceedings against Facebook for abuse of a dominant market position and concluded these proceedings with a so-called cease and desist order on 06 February 2019.

Marketing

Marketing Personal data GDPR Analytics

Data Protection Regime in Turkey Takes Shape

Data Protection Report

DECEMBER 6, 2017

As explained in our newswire article on data protection , Turkey’s long-awaited Data Protection Law was enacted on April 7, 2016 and was later followed by the Regulation on the Processing and Protecting the Privacy of Personal Health Data on October 20, 2016. Due care must be exercised to ensure the data removed is not recoverable.

Personal data

Personal data Paper Encryption Cloud

U.S. CLOUD Act and International Privacy

Data Protection Report

AUGUST 1, 2019

The executive agreements are intended to work in both directions so that, for example, the Australian government could require production of data stored in the U.S. Processing of the personal data is “necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.”

Cloud

Cloud Privacy e-Discovery Personal data

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

There's a smart IoT enabled toothbrush for example, I mean, a toothbrush is a stick with bristles. Vamosi: The book Practical IoT Hacking is full of useful examples. Vamosi: For example, let's say you're a large retail organization with a number of physical locations. And then there's this other example. At the same time.

IoT

IoT Communications Security IT

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

There's a smart IoT enabled toothbrush for example, I mean, a toothbrush is a stick with bristles. Vamosi: The book Practical IoT Hacking is full of useful examples. Vamosi: For example, let's say you're a large retail organization with a number of physical locations. And then there's this other example. At the same time.

IoT

IoT Communications Security IT

The Burden of Privacy In Discovery

Data Matters

SEPTEMBER 29, 2021

To pick just two recent examples of the latter, the EU’s General Data Protection Regulation1 (GDPR) and the California Consumer Privacy Act2 (CCPA) both impose sweeping requirements on businesses with the aim of increasing consumers’ privacy and control over how their personal data is used. For example, in John B.

Privacy

Privacy e-Discovery Computer and Electronics e-Delivery

If I Go to a Protest, What Kinds of Personal Information Might Police Collect About Me? (important guest post)

Architect Security

SEPTEMBER 24, 2020

We’ve seen examples here in the D.C. They matched his DNA from their database to DNA extracted from a cigarette butt he left at the scene of the protest in 2016. And there are only very rare examples of people successfully petitioning to get out of them. Now That You’re in the System, How Do You Get Out?

Data collection

Data collection Paper Metadata Access

The Cathay Pacific Breach: Is Data Protection and Cyber Security Law in Hong Kong About to Receive an Upgrade?

HL Chronicle of Data Protection

JUNE 17, 2019

Hong Kong’s past reforms to the PDPO have been “event driven”, the best example being the Octopus Rewards case in 2010, which led to extensive reforms to Hong Kong’s direct marketing controls. The earliest known date at which personal data was actually compromised was 7 September, 2016.

Personal data

Personal data Data breaches Security Compliance

The Hacker Mind Podcast: Can a Machine Think Like A Hacker?

ForAllSecure

SEPTEMBER 1, 2020

In 2016, DARPA turned to hacking and sponsored a CTF challenge, the Cyber Grand Challenge, to see whether machines could successfully find and patch software vulnerabilities. Tyler: So for example, you know the network traffic that we got. Vamosi: So what, if anything, did we learn from this exercise? Request Demo Learn More.

IT

IT Security Information Security Cybersecurity

The Hacker Mind Podcast: Can a Machine Think Like A Hacker?

ForAllSecure

AUGUST 31, 2020

In 2016, DARPA turned to hacking and sponsored a CTF challenge, the Cyber Grand Challenge, to see whether machines could successfully find and patch software vulnerabilities. Tyler: So for example, you know the network traffic that we got. Vamosi: So what, if anything, did we learn from this exercise?

IT

IT Security Information Security Cybersecurity

The Hacker Mind Podcast: Can a Machine Think Like A Hacker?

ForAllSecure

AUGUST 31, 2020

In 2016, DARPA turned to hacking and sponsored a CTF challenge, the Cyber Grand Challenge, to see whether machines could successfully find and patch software vulnerabilities. Tyler: So for example, you know the network traffic that we got. Vamosi: So what, if anything, did we learn from this exercise?

IT

IT Security Information Security Cybersecurity

11th Circuit Vacates LabMD Enforcement Order; Casts Doubt on Decades of FTC Cybersecurity Enforcement Practices

Data Matters

JUNE 12, 2018

In recent years, the Federal Trade Commission has increasingly exercised its enforcement authority to target deceptive and unfair information security practices. See Lab MD, Inc. FTC , 678 Fed. 816 (11th Cir. The Eleventh Circuit’s Decision. Scope of FTC’s Section 5 Unfairness Authority.

Cybersecurity

Cybersecurity Information Security Security IT

Discovery of New Internet of Things (IoT) Based Malware Could Put a New Spin on DDoS Attacks

Data Protection Report

NOVEMBER 3, 2017

Now, a new Internet of Things (IoT) botnet, called IoT Reaper, or IoTroop, has been discovered by researchers and could present a threat that could dwarf the 2016 attacks and create a major disruption to internet activity around the world. Negotiating/Reviewing Contractual Liability. Further Investigation.

IoT

IoT Communications Risk Passwords

EU: What’s left of the GDPR’s one-stop-shop? CJEU clarifies the competences of non-lead data protection authorities

DLA Piper Privacy Matters

JULY 5, 2021

When the GDPR was adopted back in 2016, its new cooperation and consistency mechanism, coined as the one-stop-shop, was marketed as one of the major advancements that the GDPR would bring to organisations. However, to exercise this general competence, a DPA must be competent “with respect to a particular instance of data processing.”

GDPR

GDPR IT Compliance Marketing

What it Takes to Be Your Organisation’s DPO or Data Privacy Lead

IT Governance

DECEMBER 6, 2023

As privacy professionals, we see consumers exercising their rights to withdraw consent to their data being processed via ‘opt out’ or ‘unsubscribe’ buttons, for example. We recognise the visible and consumer-facing aspects of it in our everyday lives.

Data Privacy

Data Privacy Privacy GDPR IT

Encouraging students to improve their IL skills

CILIP

OCTOBER 10, 2018

has been a challenge that has exercised the minds of academics ranging from skilled lexicographers to scholars in information science. 2 When we talk, for example, of a ? 2 When we talk, for example, of a ?model? pupil, we are likely to be referring to a learner who serves as a fine example to others. For example, give ?students

Education

Education Libraries Paper IT

Singapore proposes changes to cybersecurity and data protection regimes

Data Protection Report

SEPTEMBER 25, 2017

participate in exercises. For example, the Assistant Cyber Commissioner for financial institutions would likely be an officer from the Monetary Authority of Singapore (MAS). Consent is not required in limited circumstances, for example, where consent is deemed, or where it is necessary for any investigation or proceedings.

Cybersecurity

Cybersecurity Data breaches Personal data Compliance

New York State Department of Financial Services Challenges OCC Authority on Fintech Charters

Data Matters

SEPTEMBER 20, 2018

Examples of such firms include certain lenders and mortgage servicers, premium finance companies, money transmitters and virtual currency businesses. Prior OCC Publications. Office of the Comptroller of the Currency , No. 18-cv-08377 (S.D.N.Y. 14, 2018). 4 Available at [link]. 5 Available at [link]. 7 Vullo v. 14, 2018). 7 Vullo v.

Financial Services

Financial Services Paper Marketing Privacy

Have I Been Pwned Domain Searches: The Big 5 Announcements!

Troy Hunt

JUNE 15, 2023

It was an all or nothing affair that nuked the lot of them whereas now, it's a domain-by-domain exercise. Let me illustrate by example: in January this year, I loaded a rather large breach into HIBP: New scraped data: Twitter had over 200M accounts scraped from a vulnerable API in 2021. 98% were already in @haveibeenpwned.

IT

IT Cloud Mining Metadata

LIVE STREAMING SECURITY GAMES

ForAllSecure

MAY 24, 2016

Just about every employee in our company has been involved in Capture the Flag exercises for the past several years, and we have been hosting these online events for our customers for about 3 years now. For example, the i7 5930K we chose supports 40 PCI-express lanes, compared to just 16 on the i7 6700K. 5/24/2016, 5:47:15 PM.

Security

Security IT Communications

EUROPE: ECJ and responsibility for personal data processing on Facebook fan pages

DLA Piper Privacy Matters

JUNE 13, 2018

4] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, OJ 2016 L 119, p. 5] [link]. [6] 5] [link]. [6]

Personal data

Personal data GDPR Privacy Risk

FRANCE : THE CNIL ADOPTS REVISED GUIDELINES AND FINAL RECOMMENDATIONS ON COOKIES AND OTHER TRACKERS

DLA Piper Privacy Matters

OCTOBER 6, 2020

To that end, the CNIL provides practical examples and good practices in the Recommendations, from the use of a “reject all” button to the availability of a visible “cookies” icon enabling users to parameter their choices and withdraw their consent. A more detailed list of cookies and trackers exempt from consent.

GDPR

GDPR Communications Access Data collection

New To Autonomous Security? The Components, The Reality, And What You Can Do Today

ForAllSecure

AUGUST 27, 2019

This has been proven in in-depth scientific work in top-tier research venues, a 2016 public demonstration by DARPA (the Defense Advanced Research Projects Agency), and new industry tools. Examples include industry RASP products. Proving security is an academic exercise. Autonomy is just another word for automating decisions.

Security

Security Cybersecurity Libraries IT

I'm Open Sourcing the Have I Been Pwned Code Base

Troy Hunt

AUGUST 7, 2020

Visual Studio Code, for example, is open source. For example, people have often questioned whether I'm logging searches in order to build up a new list of email addresses. That exercise alone requires help and for a while now, I've been talking to some of the smartest people I know in this space.

Passwords

Passwords IT Privacy Libraries

New To Autonomous Security? The Components, The Reality, And What You Can Do Today

ForAllSecure

AUGUST 27, 2019

This has been proven in in-depth scientific work in top-tier research venues, a 2016 public demonstration by DARPA (the Defense Advanced Research Projects Agency), and new industry tools. Examples include industry RASP products. Proving security is an academic exercise. Autonomy is just another word for automating decisions.

Security

Security Cybersecurity Libraries IT

NEW TO AUTONOMOUS SECURITY? THE COMPONENTS, THE REALITY, AND WHAT YOU CAN DO TODAY.

ForAllSecure

AUGUST 27, 2019

This has been proven in in-depth scientific work in top-tier research venues, a 2016 public demonstration by DARPA (the Defense Advanced Research Projects Agency), and new industry tools. Examples include industry RASP products. Proving security is an academic exercise. Autonomy is just another word for automating decisions.

Security

Security Cybersecurity Libraries IT

European Commission Publishes Draft UK Adequacy Decisions

Data Matters

FEBRUARY 19, 2021

To date, 12 countries have been deemed ‘adequate’ by the EC (including, for example, Argentina, Canada (commercial organisations), Israel, Switzerland, and most recently, Japan). Standard Contractual Clauses) or a derogation under the GDPR can be relied on (e.g., consent of the data subject). What are the next steps?

GDPR

GDPR Personal data Privacy Access

Five Key Considerations Regarding New U.S. Sanctions to Address Ransomware Threats

Data Matters

SEPTEMBER 24, 2021

Since December 2016 , OFAC has designated malicious cyber actors, including perpetrators of ransomware attacks. For example, it recommends that companies adopt meaningful cyber-risk-mitigation practices such as those found in the U.S.

Ransomware

Ransomware Cybersecurity Blockchain Compliance

Data Subject Access Requests – High Court dismisses claim where DSAR regime abused

Leaked documents from Russian firm NTC Vulkan show Sandworm cyberwarfare arsenal

Webinars

Trending Sources

The Impact of Data Protection Laws on Your Records Retention Schedule

Webinars

U.S. Government White Paper to Help Companies Address the EU’s National Security Concerns in Schrems II

Europe: EDPB Guidelines on calculation of fines under GDPR – a case of evolution, not revolution?

RSAC insights: CyberGRX finds a ton of value in wider sharing of third-party risk assessments

In praise of. the Investigatory Powers Act 2016

Processing of riders’ personal data ? The Italian Data Protection Authority sanctions a food delivery company

EDPB Adopts Guidelines on Data Processing Through Video Devices

4 ways ISO 27001 can enhance your business

Insights about the first five years of Right to be Forgotten requests at Google

Insights about the first three years of the Right To Be Forgotten requests at Google

Time and tide waits for no man – IoT in Insurance

SCHREMS 2.0 – the demise of Standard Contractual Clauses and Privacy Shield?

Predictions 2016: Apple, Tesla, Google, Medium, Adtech, Microsoft, IoT, and Business on a Mission

Polish DPA issues the first fine for a violation of the GDPR – and it’s harsh

GERMANY: Federal Court summary judgment: FCO achieves stage victory against Facebook

Data Protection Regime in Turkey Takes Shape

U.S. CLOUD Act and International Privacy

The Hacker Mind: Hacking IoT

The Hacker Mind: Hacking IoT

The Burden of Privacy In Discovery

If I Go to a Protest, What Kinds of Personal Information Might Police Collect About Me? (important guest post)

The Cathay Pacific Breach: Is Data Protection and Cyber Security Law in Hong Kong About to Receive an Upgrade?

The Hacker Mind Podcast: Can a Machine Think Like A Hacker?

The Hacker Mind Podcast: Can a Machine Think Like A Hacker?

The Hacker Mind Podcast: Can a Machine Think Like A Hacker?

11th Circuit Vacates LabMD Enforcement Order; Casts Doubt on Decades of FTC Cybersecurity Enforcement Practices

Discovery of New Internet of Things (IoT) Based Malware Could Put a New Spin on DDoS Attacks

EU: What’s left of the GDPR’s one-stop-shop? CJEU clarifies the competences of non-lead data protection authorities

What it Takes to Be Your Organisation’s DPO or Data Privacy Lead

Encouraging students to improve their IL skills

Singapore proposes changes to cybersecurity and data protection regimes

New York State Department of Financial Services Challenges OCC Authority on Fintech Charters

Have I Been Pwned Domain Searches: The Big 5 Announcements!

LIVE STREAMING SECURITY GAMES

EUROPE: ECJ and responsibility for personal data processing on Facebook fan pages

FRANCE : THE CNIL ADOPTS REVISED GUIDELINES AND FINAL RECOMMENDATIONS ON COOKIES AND OTHER TRACKERS

New To Autonomous Security? The Components, The Reality, And What You Can Do Today

I'm Open Sourcing the Have I Been Pwned Code Base

New To Autonomous Security? The Components, The Reality, And What You Can Do Today

NEW TO AUTONOMOUS SECURITY? THE COMPONENTS, THE REALITY, AND WHAT YOU CAN DO TODAY.

European Commission Publishes Draft UK Adequacy Decisions

Five Key Considerations Regarding New U.S. Sanctions to Address Ransomware Threats

Stay Connected