Examples and Personal data - Information Management Today

EDPB Publishes Guidelines to Clarify Scope of EU “Cookie” Notice and Consent Requirements

Hunton Privacy

NOVEMBER 20, 2023

Article 5(3) provides that: “[…]the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information.”

Personal data

Personal data IoT Access Communications

Processing of riders’ personal data ? The Italian Data Protection Authority sanctions a food delivery company

Privacy and Cybersecurity Law

JULY 26, 2021

On July 5, 2021, the Italian supervisory authority (“ Garante ”) published an injunction against a company operating a food delivery app (“ Company ”) over the processing of riders’ personal data with respect to the use of algorithms for the management of the orders. Retention period. The need for a DPIA.

Personal data

Personal data GDPR e-Delivery Communications

Phishers migrate to Telegram

Security Affairs

APRIL 6, 2023

Phishers also use to share stolen personal data with their subscribers. User personal data for sale. Crooks offers data collected through phishing campaign to the subscribers. Data includes verified online banking credentials, in some cases phishers also provides info on the account balances.

Phishing

Phishing Sales Archiving Personal data

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

Privacy issues in smart cities – Lessons learned from the Waterfront Toronto – Sidewalks project

Privacy and Cybersecurity Law

JUNE 29, 2020

This must be addressed with procurement contract terms restricting the use of the personal data. Smart cities digital solutions often collect data without consent. Otherwise, the collection must be optional, for example through an app. Risk # 3: Excessive collection of personal data. Share on Facebook.

Privacy

Privacy Personal data Data collection Risk

Brits Express Greater Concern Over Data Privacy as Cyber Attacks Soar

IT Governance

MARCH 24, 2022

That figure might not come as a surprise, given the growing awareness of data privacy. There are regular news stories of data breaches, while the GDPR (General Data Protection Regulation) has changed the way organisations handle personal data. Yet, what is a surprise is what we are doing to address these concerns.

Data Privacy

Data Privacy Privacy Data breaches GDPR

The impact of Schrems II on Canada: No more onward transfer on the basis of the EU-US Privacy Shield

Privacy and Cybersecurity Law

JULY 17, 2020

The decision recognizes the validity of Standard Contractual Clauses (SCCs) to transfer personal data outside of the European Union (EU), but invalidates the transfer of personal data from the EU to the US under the EU-US Privacy Shield. Under adequacy, the cross-border transfer of personal data is generally authorized.

Privacy

Privacy Personal data Compliance IT

The Belgian Data Protection Authority Publishes Recommendation Concerning Data Processing for Direct Marketing Purposes

HL Chronicle of Data Protection

MARCH 5, 2020

It refers to all data subjects that may be targeted by direct marketing such as clients, members, prospects, subscribers, or even voters. Attracting new clients, subscribers, or members. Necessity for Data Minimisation. Fulfilment of Transparency Obligations and making sure that Data Subjects can exercise their rights.

Marketing

Marketing GDPR Personal data Healthcare

PRIVACY ISSUES IN SMART CITIES – LESSSONS LEARNED FROM THE WATERFRONT TORONTO – SIDEWALKS PROJECT

Privacy and Cybersecurity Law

JUNE 29, 2020

This must be addressed with procurement contract terms restricting the use of the personal data. . Smart cities digital solutions often collect data without consent. Otherwise, the collection must be optional, for example through an app. Risk # 3: Excessive collection of personal data. Share on Facebook.

Privacy

Privacy Personal data Data collection Risk

More on Schrems II: No grace period for cross-border data flows – So moving on to next steps

Privacy and Cybersecurity Law

AUGUST 5, 2020

When the Court of Justice of the European Union (CJEU) invalidated the EU-US Privacy Shield as a vehicle to transfer personal data from the EU to the US, last July 16, 2020, the obvious question was: “What is the transition period?” The answer is now coming from EU Data Protection Authorities in Europe: there is none.

Personal data

Personal data Privacy GDPR Compliance

Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof

Security Affairs

APRIL 8, 2021

The four leaked files contain information about the users whose data has been allegedly scraped by the threat actor, including their full names, email addresses, phone numbers, workplace information, and more. An example of leaked data: What’s the impact of the leak? SecurityAffairs – hacking, data scraping). Next steps.

Passwords

Passwords Phishing Personal data Libraries

UK Supreme Court Grants Google Permission to Appeal Class Action Claim in Lloyd vs Google LLC

Data Matters

JULY 16, 2020

relates to the alleged tracking of personal data by Google of 4.4 million iPhone users and subsequent selling of the users’ data to advertisers, without the users’ knowledge and consent. The class action brought against Google by Richard Lloyd, the former editor of consumer protection rights group “Which?”, to the U.S.

Personal data

Personal data GDPR Privacy Data Privacy

The Data Breach "Personal Stash" Ecosystem

Troy Hunt

JANUARY 29, 2024

Stashes of breaches like this are all over the place and they fuel an exchange ecosystem that replicates billions of records of personal data over and over again. Websites like these are taken down for a simple reason: The ecosystem of personal stashes exchanged with other parties fuels crime.

Data breaches

Data breaches Passwords Personal data Access

There is a Serious Lack of Corporate Responsibility During Breach Disclosures

Troy Hunt

MARCH 19, 2020

The data consists of an extensive number of records containing personal information. I wanted to send you what’s been sent to me a give you the opportunity to respond before I notify my subscribers impacted in the incident. They were an HIBP subscriber monitoring their domain! Yet somehow, it frequently goes ignored.

Data breaches

Data breaches Sales Personal data IT

HMRC forced to delete 5 million voice records after GDPR gaffe

IT Governance

MAY 9, 2019

According to the ICO , HRMC’s failing was that it didn’t obtain explicit consent to record individuals’ voices (a form of biometric data, which the GDPR considers a special category of personal data ). However, organisations that process personal data should be aware that consent isn’t always the best lawful basis to rely on.

GDPR

GDPR Personal data Education Passwords

Data Breach: Millions of Phone Numbers, Recordings, and Call Logs Compromised in Ringostat Data Leak

Security Affairs

MARCH 3, 2021

Redacted example of client details. Redacted example of metadata information. Scams, Phishing, and Malware: It is common for unethical hackers and criminals on the Internet to use personal data to create trustworthy phishing emails. For examples of theft, do not let them into your home on first request.

Data breaches

Data breaches Metadata Phishing B2B

How Spoutible’s Leaky API Spurted out a Deluge of Personal Data

Troy Hunt

FEBRUARY 4, 2024

There's also no way to see if there are other active sessions, for example the way Twitter shows them : Further, changing the password doesn't invalidate existing sessions so as best as I can tell, if someone has successfully accessed someone else's Spoutible account there's no way to know and no way to boot them out again.

Personal data

Personal data Passwords Data breaches IT

UK: ICO PUBLISHES SIGNIFICANT NEW GUIDANCE ON COOKIES AND SIMILAR TECHNOLOGIES

DLA Piper Privacy Matters

JULY 4, 2019

Firstly, important concepts in e-privacy law – such as consent and transparency – must be interpreted in accordance with data protection law. Secondly, the use of cookies will in many cases involve the processing of personal data, which then implicates the GDPR. What are the key takeways?

GDPR

GDPR Personal data Privacy Communications

EDPB Releases Opinion on Interplay Between the ePrivacy Directive and the GDPR and a Statement on the ePrivacy Regulation

Hunton Privacy

MARCH 19, 2019

The Belgian Data Protection Authority (“DPA”) requested the Opinion, highlighting questions on the competence, tasks and powers of EU DPAs and the applicability of the GDPR’s cooperation and consistency mechanisms in those situations where both the GDPR and the ePrivacy Directive apply to the processing of personal data.

GDPR

GDPR Personal data Communications Government

Catches of the Month: Phishing Scams for July 2022

IT Governance

JULY 5, 2022

Welcome to our July 2022 review of phishing attacks, in which we explore the latest email scams and the tactics that cyber criminals use to trick people into handing over their personal data. OpenSea has since warned that the information could be used to launch phishing attacks. Get started.

Phishing

Phishing e-Delivery Retail Insurance

Data Enrichment, People Data Labs and Another 622M Email Addresses

Troy Hunt

NOVEMBER 22, 2019

I've become more familiar with this sector over recent years due to the frequency with which it's been suffering data breaches that have ultimately landed in my inbox. — Troy Hunt (@troyhunt) November 15, 2016 Time and time again since that poll, a pulse check of subscriber sentiment has returned similar results.

Data breaches

Data breaches e-Delivery Cloud Information Security

Catches of the Month: Phishing Scams for April 2023

IT Governance

APRIL 11, 2023

Welcome to our April 2023 review of phishing attacks, in which we explore the latest email scams and the tactics that cyber criminals use to trick people into handing over personal data. Users can monetise their YouTube channel if they create original content, have 1,000 subscribers and 4,000 watch hours.

Phishing

Phishing Passwords Ransomware Insurance

Data Protection Regime in Turkey Takes Shape

Data Protection Report

DECEMBER 6, 2017

On October 28, 2017, the Turkish Data Protection Authority (the “ Authority ”) published an important regulation supplementing the Law on Protection of Personal Data (the “ Data Protection Law ”), namely the Regulation on the Deletion, Destruction and Anonymization of Personal Data (the “ Regulation ”).

Personal data

Personal data Paper Encryption Cloud

When It Comes to a Data Breach, How Do You Want to Be Notified?

Thales Cloud Protection & Licensing

AUGUST 7, 2018

I decided to take that advice and put myself in the shoes of a customer and came up with a list of activities I’d like to see happen in the event that my person data was compromised in a breach. Visit this page to subscribe to our newsletter to receive the latest data security research, insights from our blogs and other resources.

Data breaches

Data breaches Retail IT Communications

Fixing Data Breaches Part 2: Data Ownership & Minimisation

Troy Hunt

DECEMBER 19, 2017

In part 2 of the series, I want to talk about data ownership and minimisation and this is all about reducing the impact on individuals and organisations alike when things do go wrong. Who Owns Our Personal Data? The owner can request the organisation provide them with a copy of their data ("right of access").

Data breaches

Data breaches Personal data GDPR Data collection

Key lessons from the first major GDPR fines for cyber breaches

Privacy and Cybersecurity Law

JANUARY 18, 2021

These first fines are likely to form the ICO’s “baseline” for cybersecurity and other personal data breach enforcement over the years to come. Subscribe and stay updated. Litigation is likely in these situations and regulatory findings in MPNs may provide ammunition to claimants. The BA MPN is available here. Share on Facebook.

GDPR

GDPR Cybersecurity Data breaches Risk

In a Few Days, Credit Freezes Will Be Fee-Free

Krebs on Security

SEPTEMBER 10, 2018

Via numerous front-end Web sites, each of these mini credit bureaus serve thousands or tens of thousands of people who work in the above mentioned industries and who have the ability to pull credit and other personal data on Americans. In other cases, it’s trivial for anyone to sign up for these services.

Access

Access Military Retail Security

The Digital Markets Act Is Almost Here: 10 Things to Know About the EU’s New Rules for Big Tech

Data Matters

JUNE 1, 2022

process and use personal data. For example, end users must be able to easily (i) change any preinstalled and default settings, (ii) switch between and subscribe to different services, and (iii) access and port their data. Among others, the obligations and prohibitions limit gatekeepers’ ability to.

Marketing

Marketing Computer and Electronics Communications GDPR

UK ICO Publishes Social Networking and Online Forums Guidance

Hunton Privacy

JUNE 14, 2013

Under Section 36 of the DPA, individuals who process personal data for their personal, family or household affairs are exempt from complying with the obligations of the DPA with respect to such processing. The ICO’s expectations in terms of “reasonable steps” will depend on the circumstances.

Personal data

Personal data Compliance Sales Communications

A Practical Guide to Cyber Incident Response

IT Governance

MAY 24, 2024

In this interview, I pick her brain on cyber incident response more generally, gaining her expert insight into the ‘what’, ‘how’ and ‘why’, along with practical, real-life examples. For example, not so long ago, LockBit [an infamous ransomware gang] got taken down. Is it normal if someone logs in from a Russian IP address, for example?

Risk

Risk Security Ransomware Phishing

FRANCE: Website publisher fined for violation of the cookie requirements

DLA Piper Privacy Matters

JULY 11, 2018

French law requires to place a short-form information notice on personal data collection form (e.g., registration form) specifying the identity of the data controller, the purposes of the processing, whether it is mandatory or not to provide the data, and the data subjects’ rights. The website challenges.fr

Communications

Communications GDPR Compliance Data collection

China issues Personal Information Security Specification

Data Protection Report

FEBRUARY 5, 2018

Although the Specification is not a mandatory regulation, it nonetheless has a key implementing role in relation to China’s Cyber Security Law (“Cyber Security Law”) in respect of protecting personal information in China. To subscribe to posts from Data Protection Report , please click here.

Information Security

Information Security Security Compliance Personal data

Executive Order on access to Americans’ bulk sensitive data and Attorney General proposed regulations – Part 2

Data Protection Report

MARCH 7, 2024

Demographic or contact data linked only to other demographic or contact data—such as a data set linking first and last names to residential street addresses, email addresses to first and last names, or customer loyalty membership records linking first and last names to phone numbers—would not constitute covered personal identifiers.

Access

Access Military Compliance Personal data

Data Breach Misattribution, Acxiom & Live Ramp

Troy Hunt

NOVEMBER 22, 2022

Let's assume there's no further context given, it's just your legitimate personal data and it also includes your phone number, email address. and over 400 other fields of data. But that ridiculous example is nothing compared to the amount of traction some misattributions get.

Data breaches

Data breaches Privacy Personal data e-Delivery

List of Data Breaches and Cyber Attacks in 2023

IT Governance

JUNE 1, 2023

So, each month, we’ll update this page with the latest figures and links, so be sure to bookmark it to keep an eye out for the latest data breach news. Meanwhile, you can subscribe to our Weekly Round-up to receive the latest cyber security news and advice delivered straight to your inbox. million people.

Data breaches

Data breaches Insurance Personal data Ransomware

A Closer Look at the LAPSUS$ Data Extortion Group

Krebs on Security

MARCH 23, 2022

” The LAPSUS$ Telegram channel has grown to more than 45,000 subscribers, and Microsoft points to an ad LAPSUS$ posted there offering to recruit insiders at major mobile phone providers, large software and gaming companies, hosting firms and call centers. .”

Passwords

Passwords Authentication Access IT

Saving World Health Day: UNICC and Group-IB take down scam campaign impersonating the World Health Organization

Security Affairs

APRIL 30, 2021

By this time in the scam routine is no longer mentioned as users would visit a hookup website, inadvertently install a browser extension, or subscribe to paid services. For example, the currency of the reward would change depending on the user’s location. About UNICC. Follow me on Twitter: @securityaffairs and Facebook.

Phishing

Phishing e-Delivery e-Discovery Risk

Lawyers are the real winners in the Yahoo data breach compensation case

IT Governance

FEBRUARY 12, 2020

Last week, victims of Yahoo’s data breaches between 2012 and 2016 were given good news, with the proposed settlement from the US class-action lawsuit heading to a judge for final approval. million (about £91 million) in compensation to users whose personal data was leaked. Yahoo, now owned by Verizon, has agreed to pay $117.5

Data breaches

Data breaches Personal data Government IT

Why Sucessful Central Bank Digital Currencies require Partnership enagement

Thales Cloud Protection & Licensing

JUNE 21, 2023

For example, working with the secure element of a mobile phone. Data privacy; e-wallets, devices and transaction systems should not have direct access to sensitive personal data. For example, if a consumer offers to deposit €100,000 of CBDC into a bank, the digital cash on the device doesn’t care who is carrying it.

Retail

Retail Encryption e-Discovery Data Privacy

Article 29 Working Party Issues Opinion on Device Fingerprinting

Hunton Privacy

DECEMBER 2, 2014

of the e-Privacy Directive, EU Member States must ensure that the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is allowed only if the subscriber or user has provided consent. According to Article 5.3

Privacy

Privacy Analytics Communications Access

Hackers, Scrapers & Fakers: What's Really Inside the Latest LinkedIn Dataset

Troy Hunt

NOVEMBER 6, 2023

I scrolled through the 10M+ rows of data (many records spanned multiple rows due to line returns), and my eyes fell on a fellow Aussie who for the purposes of this exercise we'll call "EM", being the initials of her first and last name. There are over 1.8k That's something most people will still want to know.

Data breaches

Data breaches IT Personal data Passwords

Dentons Privacy Community does Artificial Intelligence

Privacy and Cybersecurity Law

OCTOBER 29, 2020

For example: consumer law; competition law; product safety laws; equality laws; and regulations governing medical devices. The ICO has published 3 key pieces of guidance: Big data, artificial intelligence, machine learning and data protection (2017) Explaining decisions made with AI (June 2020) Guidance on AI and data protection (July 2020).

Artificial Intelligence

Artificial Intelligence Privacy Compliance Data Privacy

The Legitimisation of Have I Been Pwned

Troy Hunt

MARCH 21, 2018

That harm extends all the way from those in data breaches feeling a sense of personal violation (that's certainly how I feel when I see my personal information exposed), all the way through to people literally killing themselves (there are many documented examples of this in the wake of the Ashley Madison breach).

Data breaches

Data breaches Passwords Government IT

The Business of Data Newsletter – Issue 7 (7 December 2018)

Information Matters

DECEMBER 7, 2018

UK consumers threaten data breach backlash – Computer Weekly, 5 December 2018. “Seven out of 10 UK consumers and two-thirds, on average, around the world would stop doing business with a brand that suffers a breach of users’ financial or personal data. Who steals personal data and how do they make money from it?

IoT

IoT Blockchain Personal data Analytics

Catches of the month: Phishing scams for November 2019

IT Governance

NOVEMBER 13, 2019

Our ‘catches of the month’ feature provides examples of recent phishing scams, showing you the latest tactics that scammers use and what you should do to keep yourself and your organisation secure. Now consider the fact that you are much more likely to find a porn watcher than a Netflix subscriber. million UK subscribers in 2020.

Phishing

Phishing Data breaches Personal data Access

EDPB Publishes Guidelines to Clarify Scope of EU “Cookie” Notice and Consent Requirements

Processing of riders’ personal data ? The Italian Data Protection Authority sanctions a food delivery company

Webinars

Trending Sources

Phishers migrate to Telegram

Webinars

Privacy issues in smart cities – Lessons learned from the Waterfront Toronto – Sidewalks project

Brits Express Greater Concern Over Data Privacy as Cyber Attacks Soar

The impact of Schrems II on Canada: No more onward transfer on the basis of the EU-US Privacy Shield

The Belgian Data Protection Authority Publishes Recommendation Concerning Data Processing for Direct Marketing Purposes

PRIVACY ISSUES IN SMART CITIES – LESSSONS LEARNED FROM THE WATERFRONT TORONTO – SIDEWALKS PROJECT

More on Schrems II: No grace period for cross-border data flows – So moving on to next steps

Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof

UK Supreme Court Grants Google Permission to Appeal Class Action Claim in Lloyd vs Google LLC

The Data Breach "Personal Stash" Ecosystem

There is a Serious Lack of Corporate Responsibility During Breach Disclosures

HMRC forced to delete 5 million voice records after GDPR gaffe

Data Breach: Millions of Phone Numbers, Recordings, and Call Logs Compromised in Ringostat Data Leak

How Spoutible’s Leaky API Spurted out a Deluge of Personal Data

UK: ICO PUBLISHES SIGNIFICANT NEW GUIDANCE ON COOKIES AND SIMILAR TECHNOLOGIES

EDPB Releases Opinion on Interplay Between the ePrivacy Directive and the GDPR and a Statement on the ePrivacy Regulation

Catches of the Month: Phishing Scams for July 2022

Data Enrichment, People Data Labs and Another 622M Email Addresses

Catches of the Month: Phishing Scams for April 2023

Data Protection Regime in Turkey Takes Shape

When It Comes to a Data Breach, How Do You Want to Be Notified?

Fixing Data Breaches Part 2: Data Ownership & Minimisation

Key lessons from the first major GDPR fines for cyber breaches

In a Few Days, Credit Freezes Will Be Fee-Free

The Digital Markets Act Is Almost Here: 10 Things to Know About the EU’s New Rules for Big Tech

UK ICO Publishes Social Networking and Online Forums Guidance

A Practical Guide to Cyber Incident Response

FRANCE: Website publisher fined for violation of the cookie requirements

China issues Personal Information Security Specification

Executive Order on access to Americans’ bulk sensitive data and Attorney General proposed regulations – Part 2

Data Breach Misattribution, Acxiom & Live Ramp

List of Data Breaches and Cyber Attacks in 2023

A Closer Look at the LAPSUS$ Data Extortion Group

Saving World Health Day: UNICC and Group-IB take down scam campaign impersonating the World Health Organization

Lawyers are the real winners in the Yahoo data breach compensation case

Why Sucessful Central Bank Digital Currencies require Partnership enagement

Article 29 Working Party Issues Opinion on Device Fingerprinting

Hackers, Scrapers & Fakers: What's Really Inside the Latest LinkedIn Dataset

Dentons Privacy Community does Artificial Intelligence

The Legitimisation of Have I Been Pwned

The Business of Data Newsletter – Issue 7 (7 December 2018)

Catches of the month: Phishing scams for November 2019

Stay Connected