Welcome to ISMG's GDPR Resource Center!

The EU revamped its vaunted data protection and privacy laws with the 2016 passage of the General Data Protection Regulation. GDPR enforcement went into full effect on May 25, 2018, and any organization that stores Europeans’ personal data must comply.

Pro-Russia disinformation about coronavirus (Source: EU's EUvsDisinfo database)

Analysis: Russia's COVID-19 Disinformation Campaign

Nick Holland • March 27, 2020

The latest edition of the ISMG Security Report analyzes how and why Russia is spreading disinformation about the COVID-19 pandemic. Plus: the latest CCPA regulation updates; a CISO's tips on securely managing a remote workforce.

►

Active Defense & Deception

Facebook Delays EU Dating Service Rollout After 'Dawn Raid'

Latest

Application Security

Analysis: Indictments in Equifax Hack

Nick Holland • February 14, 2020

The latest edition of the ISMG Security Report analyzes the indictments of four Chinese military officers in connection with the 2017 Equifax data breach. Also featured: Advice on implementing NIST's new privacy framework; lessons learned in a breach disclosure.

Artificial Intelligence & Machine Learning

To Combat Rogue AI, Facebook Pitches 'Radioactive Data'

Mathew J. Schwartz • February 6, 2020

Facebook scientists have proposed using "radioactive data" watermarks to identify when online images get used to train neural networks. The proposal appears to be aimed at the rise of big data startups, such as Clearview AI, that are scraping publicly available photographs to create facial recognition tools.

Data Masking & Information Archiving

Avast Stops Using Security Software to Track Browsing Data

Jeremy Kirk • January 31, 2020

Anti-virus giant Avast is shuttering Jumpshot, its data collecting side business that has been funneling detailed internet browsing activity from the company's security products and browser extensions to marketers, after a probe by PCMag and Motherboard found the company was failing to fully anonymize data.

Active Defense & Deception

Analysis: Huawei 5G Dilemma

Nick Holland • January 17, 2020

The latest edition of the ISMG Security Report discusses why Britain is struggling to determine whether to use China's Huawei technology in developing its 5G networks. Plus: An update on a mobile app exposing infant photos and videos online and an analyst's take on the future of deception technology.

Breach Notification

UK Fines Dixons Carphone for Massive Breach

Jeremy Kirk • January 10, 2020

British regulators have fined Dixons Carphone $653,000 for a breach that exposed millions of payment card details and personal data due to point-of-sale malware. The retailer's lack of security contributed to a "careless loss of data," the Information Commissioner's Office says.

Application Security

Chivalric Disorder as Knight and Dame Data Goes Errant

Mathew J. Schwartz • December 31, 2019

Human error looks to be the obvious culprit in an accidental data breach by Britain's Cabinet Office, which published the home addresses of celebrities such as Elton John and Olivia Newton-John when it released a list of individuals set to be recognized for their contributions to British society.

Breach Notification

Ready for the New York SHIELD Act?

Scott Ferguson • December 30, 2019

While CCPA has drawn the biggest headlines when it comes to new U.S. privacy laws, businesses and consumers should also take notice of New York's SHIELD Act, which goes into effect in March 2020. The law is expected to have impact on Wall Street firms and other financial institutions headquartered in the state.

Endpoint Security

Smart Home Device Maker Wyze Exposed Camera Database

Jeremy Kirk • December 30, 2019

Seattle-based smart home device maker Wyze says an error by a developer exposed a database to the internet over a three-week period earlier this month. The data included customer emails, nicknames of online cameras, WiFi SSIDs, device information and Alexa tokens.

Critical Infrastructure Security

Job Search: Head of UK's National Cyber Security Center

Mathew J. Schwartz • December 30, 2019

Wanted: A new chief executive to assume command of Britain's growing National Cyber Security Center, part of GCHQ. As Ciaran Martin departs, the successful NCSC model he helped create is being widely emulated in many countries. But the U.S. remains a notable holdout.

Fraud Management & Cybercrime

Bringing Outsiders Into Your Compliance Team: Four Considerations

Richard Graham - Head of North American Business Solutions, BAE Systems Applied Intelligence • February 11, 2020

Money Laundering investigators are in high demand: banks and other financial institutions have spent almost two decades hiring more and more of them.

General Data Protection Regulation (GDPR)

UK's Brexit Transition Period: Keep Complying With GDPR

Mathew J. Schwartz • February 7, 2020

As former U.K. Prime Minister Theresa May famously declared: "Brexit means Brexit." But what Britain's exit from the EU means for the nation's data privacy rules and future EU-U.K. data flows remains to be seen, as the country navigates its post-Brexit transition period.

General Data Protection Regulation (GDPR)

Ireland's Privacy Watchdog Probing Google's Data Use

Akshaya Asokan • February 5, 2020

Ireland's Data Protection Commission is launching an investigation into how Google uses customer data for its location services after the privacy watchdog received numerous complaints from consumer rights organizations across the European Union.