Welcome to ISMG's GDPR Resource Center!

The EU revamped its vaunted data protection and privacy laws with the 2016 passage of the General Data Protection Regulation. GDPR enforcement went into full effect on May 25, 2018, and any organization that stores Europeans’ personal data must comply.

German Antitrust Office Restricts Facebook Data Processing

Mathew J. Schwartz • February 7, 2019

Germany's competition authority, the Bundeskartellamt, has prohibited Facebook from combining user data from different sources unless users consent, and it has also prohibited Facebook from blocking users who do not provide this consent. Facebook has one month to appeal the antitrust decision.

Compliance

Ireland's Privacy Watchdog Probes Facebook Data Breaches

Latest

Application Security

Facebook's Leaky Data Bucket: App Stored User Data Online

Jeremy Kirk • February 18, 2019

A security consultancy discovered Facebook user data exposed in two different places online without authentication or encryption. The data, which is now offline, came from an Android app that purported to offer statistical information to logged-in users.

Compliance

Report: Facebook Faces Multibillion Dollar US Privacy Fine

Mathew J. Schwartz • February 15, 2019

The Federal Trade Commission is reportedly negotiating a settlement with Facebook that includes a multibillion dollar fine for its privacy failures. But the social network is alarmed about the proposed settlement agreement's terms and conditions, The Washington Post reports.

Governance

Apple Slams Facebook for Monitoring App Given to Minors

Jeremy Kirk • January 31, 2019

Apple has revoked Facebook's enterprise certificate, leaving the social network's employees unable to access internal iOS apps, after Facebook used it to distribute an app that monitored smartphone activity, sometimes from minors, in exchange for monthly payments. Facebook says it did nothing wrong.

Compliance

The Reasons Behind Google's GDPR Fine

Nick Holland • January 25, 2019

The latest edition of the ISMG Security Report features an analysis of why Google was one of the first companies to be hit with a major GDPR fine, plus a global update on GDPR compliance trends and an in-depth report on shifts in malware.

General Data Protection Regulation (GDPR)

France Hits Google With $57 Million GDPR Fine

Jeremy Kirk • January 22, 2019

France has hit Google with a 50 million euro ($57 million) fine for violating the EU's General Data Protection Regulation. The country's data regulator says Google doesn't inform users in a clear way how their data is being collected and processed for targeted advertising.

General Data Protection Regulation (GDPR)

Life Under GDPR: Data Breach Cost Unknown

Mathew J. Schwartz • January 22, 2019

GDPR has been in effect since May 2018, but organizations are still waiting to see what impact it will have on the costs organizations might face from breach cleanup, investigations, sanctions and class action lawsuits, says Ian Thornton-Trump of the financial services firm AMTrust International.

Fraud Management & Cybercrime

Report: Federal Trade Commission Weighs Facebook Fine

Jeremy Kirk • January 21, 2019

The U.S. Federal Trade Commission is close to concluding its investigation into Facebook over the Cambridge Analytica scandal, the Washington Post reports, noting that the social network may face a record-setting fine, exceeding the $22.5 million fine the FTC in 2012 slammed on Google.

Application Security

Airline Booking System Exposed Passenger Details

Jeremy Kirk • January 17, 2019

Airline booking system provider Amadeus - whose system is used by 500 airlines - is investigating a software vulnerability that exposed passenger name records, which is the bundle of personal and travel data that gets collected when booking a flight.

Data Loss Prevention (DLP)

Marriott Mega-Breach: Victim Count Drops to 383 Million

Mathew J. Schwartz • January 7, 2019

Marriott International's digital forensic investigation now counts not 500 million but an "upper limit" of 383 million customers affected by the four-year mega-breach of its Starwood reservations system. The hotel giant now says the breach also exposed more than 5 million unencrypted passport numbers.

Cybercrime

Hackers Leak Hundreds of German Politicians' Personal Data

Mathew J. Schwartz • January 4, 2019

Hundreds of members of the German parliament, Chancellor Angela Merkel as well as numerous local celebrities have had their personal details and communications stolen and leaked online as part of what authorities are calling an attack on the country's democracy and institutions.

Incident & Breach Response

Legal Lessons Learned From Breach Investigations

Tom Field • December 27, 2018

What not to do after a breach? Share your incident response plan with your attorney and say, "Don't pay too much attention to it; we don't follow it." Randy Sabett of Cooley LLP discusses this and other lessons learned from breach investigations.

3rd Party Risk Management

Facebook Sued in US Over Cambridge Analytica

Jeremy Kirk • December 20, 2018

Facebook violated consumer protection law by failing to protect personal data that consumers thought they'd locked down, the District of Columbia alleges in a new lawsuit. Plus, Facebook is disputing a New York Times report that it ignored privacy settings and shared data with large companies without consent.