Welcome to ISMG's GDPR Resource Center!

The EU revamped its vaunted data protection and privacy laws with the 2016 passage of the General Data Protection Regulation. GDPR enforcement went into full effect on May 25, 2018, and any organization that stores Europeans’ personal data must comply.

Facial Recognition Use Triggers GDPR Fine

Akshaya Asokan • August 28, 2019

Sweden's Data Protection Authority has issued its first fine for violations of the European Union's General Data Protection regulation after a school launched a facial recognition pilot program to track students' attendance without proper consent.

General Data Protection Regulation (GDPR)

GDPR: Where Do We Go From Here?

Latest

Breach Notification

Foxit Software Breach Exposes Account Data

Jeremy Kirk • September 2, 2019

Foxit Software, the developer of popular PDF and document software, says user accounts were compromised in a breach. The company, which has 560 million users, isn't saying how the breach occurred, how many accounts were affected or for how long.

Breach Notification

Is the Equifax Settlement Good Enough?

Mathew J. Schwartz • July 24, 2019

Given the massive impact of the Equifax data breach, is the recently announced proposed settlement fair? One consumer advocate calls the money to be paid out by the consumer reporting agency the equivalent of a "parking ticket." Here's an analysis of the settlement's terms.

Fraud Management & Cybercrime

Ireland Assessing Minors' Profiles on Instagram

Jeremy Kirk • July 22, 2019

Ireland's Data Protection Commission says it is "assessing" a report concerning minors who have business profiles on Instagram that may expose email addresses and phone numbers. As many as 5 million kids worldwide have business accounts, but often they have no discernible link to a real business.

Application Security

Security Flaw Exposed Valid Airline Boarding Passes

Mathew J. Schwartz • July 16, 2019

A vulnerability in global airline check-in software used by 500 airlines could have been exploited to download other individuals' valid boarding passes, potentially giving them access to restricted airport spaces, warns security expert David Stubley. The flaw in Amadeus travel software has now been fixed.

Artificial Intelligence & Machine Learning

Leak Confirms Google Speakers Often Record Without Warning

Mathew J. Schwartz • July 12, 2019

George Orwell's "1984" posited a world in which Big Brother monitored us constantly via "telescreens." But thanks to our "smart" AI home assistants - from Google, Amazon and others - we're increasingly installing the monitoring equipment ourselves, and it may "hear" much more than we realize.

General Data Protection Regulation (GDPR)

Security Teams Confronting New Risks and Regulations

Scott Ferguson • July 8, 2019

New regulations are leading enterprises to rethink how they secure customer data. At the same time, businesses are subject to more risk from their third-party partners. Chis Niggel of Okta explains how these two trends are complicating enterprise security.

Business Continuity Management / Disaster Recovery

Cloudflare Calls Internet Outage 'Small Heart Attack'

Nick Holland • June 28, 2019

The latest edition of the ISMG Security Report discusses Cloudflare's harsh criticism of Verizon over an internet outage it labeled as a "small heart attack." Plus: sizing up the impact of GDPR; reviewing highlights of the ISMG Healthcare Security Summit.

Breach Notification

Identity as a Game-Changing Breach Defense

Information Security Media Group • June 25, 2019

Often in breach response, security professionals focus on the technical aspects of the attack. Yet, the non-technical aspects are often more insidious, says Teju Shyamsundar of Okta. And Identity can be a powerful tool to bolster defenses.

Artificial Intelligence & Machine Learning

Visual Journal: Infosecurity Europe 2019

Mathew J. Schwartz • June 18, 2019

The annual Infosecurity Europe conference this year returned to London. Here are visual highlights from the event, which featured over 240 sessions and more than 400 exhibitors, 19,500 attendees and keynotes covering data breaches, darknets, new regulations and more.

Cybercrime

10 Highlights: Infosecurity Europe 2019 Keynotes

Mathew J. Schwartz • June 14, 2019

Data breaches, incident response and complying with the burgeoning number of regulations that have an information security impact were among the top themes at this year's Infosecurity Europe conference in London. Here are 10 of the top takeaways from the conference's keynote sessions.

Cybercrime

Analysis: The Cybersecurity Risks Major Corporations Face

Nick Holland • June 14, 2019

The latest edition of the ISMG Security Report features a deep dive into an analysis of the cybersecurity risks that publicly traded companies face. Plus: Was the band Radiohead hacked? And what's unusual about the proposed Premera Blue Cross breach lawsuit settlement?

Cybercrime

No Invitation Required: Hackers Can Phish Evite Users

Mathew J. Schwartz • June 11, 2019

Online invitation site Evite has been hacked and information on an unspecified number of users stolen. In a data minimization fail, the breach apparently dates from earlier this year, but it's been tied to "an inactive data storage file associated with Evite user accounts" from before 2014.