Welcome to ISMG's GDPR Resource Center!

The EU revamped its vaunted data protection and privacy laws with the 2016 passage of the General Data Protection Regulation. GDPR enforcement went into full effect on May 25, 2018, and any organization that stores Europeans’ personal data must comply.

Mockup of Facebook's dating service (Source: Facebook)

Facebook Delays EU Dating Service Rollout After 'Dawn Raid'

Mathew J. Schwartz • February 14, 2020

Any lonely hearts in Europe hoping to meet the person of their dreams via Facebook's dating service on Valentine's Day this year will have to wait a little longer. The social network has delayed the EU rollout of its dating service, following a Monday "dawn raid" by Irish privacy investigators.

Application Security

Growing Medical Device Sophistication Opens Security Issues

Latest

Active Defense & Deception

Analysis: Huawei 5G Dilemma

Nick Holland • January 17, 2020

The latest edition of the ISMG Security Report discusses why Britain is struggling to determine whether to use China's Huawei technology in developing its 5G networks. Plus: An update on a mobile app exposing infant photos and videos online and an analyst's take on the future of deception technology.

Breach Notification

UK Fines Dixons Carphone for Massive Breach

Jeremy Kirk • January 10, 2020

British regulators have fined Dixons Carphone $653,000 for a breach that exposed millions of payment card details and personal data due to point-of-sale malware. The retailer's lack of security contributed to a "careless loss of data," the Information Commissioner's Office says.

Application Security

Chivalric Disorder as Knight and Dame Data Goes Errant

Mathew J. Schwartz • December 31, 2019

Human error looks to be the obvious culprit in an accidental data breach by Britain's Cabinet Office, which published the home addresses of celebrities such as Elton John and Olivia Newton-John when it released a list of individuals set to be recognized for their contributions to British society.

Breach Notification

Ready for the New York SHIELD Act?

Scott Ferguson • December 30, 2019

While CCPA has drawn the biggest headlines when it comes to new U.S. privacy laws, businesses and consumers should also take notice of New York's SHIELD Act, which goes into effect in March 2020. The law is expected to have impact on Wall Street firms and other financial institutions headquartered in the state.

Endpoint Security

Smart Home Device Maker Wyze Exposed Camera Database

Jeremy Kirk • December 30, 2019

Seattle-based smart home device maker Wyze says an error by a developer exposed a database to the internet over a three-week period earlier this month. The data included customer emails, nicknames of online cameras, WiFi SSIDs, device information and Alexa tokens.

Critical Infrastructure Security

Job Search: Head of UK's National Cyber Security Center

Mathew J. Schwartz • December 30, 2019

Wanted: A new chief executive to assume command of Britain's growing National Cyber Security Center, part of GCHQ. As Ciaran Martin departs, the successful NCSC model he helped create is being widely emulated in many countries. But the U.S. remains a notable holdout.

3rd Party Risk Management

Is your Organization Suffering From Third-Party "Compliance Drift"?

Tony Howlett • December 13, 2019

Third-party vendors accessing your most critical systems and networks can also bring in security incidents along with all those wonderful things they promised in the sales presentation.

Account Takeover

GDPR Violation: German Privacy Regulator Fines 1&1 Telecom

Mathew J. Schwartz • December 10, 2019

One of the largest fines to date for violating the EU's General Data Protection Regulation has been announced by Germany's federal privacy and data protection watchdog, the BfDI, against 1 & 1 Telecommunications, in part for inadequate authentication mechanisms. The company plans to appeal.

Fraud Management & Cybercrime

Analysis: Instagram's Major Problem With Minors' Data

Nick Holland • November 15, 2019

The latest edition of the ISMG Security Report offers an in-depth analysis of whether Instagram is doing enough to protect the contact information of minors. Plus: Compliance updates on GDPR and PCI DSS.

Breach Notification

GDPR: $126 Million in Fines and Counting

Mathew J. Schwartz • January 21, 2020

Since the EU's General Data Protection Regulation went into full effect in May 2018, European data protection authorities have received more than 160,900 data breach reports and imposed $126 million in fines under GDPR for a wide variety of infringements, not all involving data breaches.

3rd Party Risk Management

A CISO's Security Predictions for 2020

Steve King • December 31, 2019

The cybersecurity outlook for 2020 and the new decade will be characterized by more advanced, targeted and coordinated attack vectors designed to exploit the cybersecurity skills shortage, along with congenitally poor security fundamentals and hygiene.

Application Security

Apple and Google Stop Distributing ToTok Messaging App

Mathew J. Schwartz • December 24, 2019

Apple and Google have stopped distributing a popular messaging app marketed to English and Arabic speakers called ToTok. The New York Times has reported that U.S. intelligence agencies believe ToTok was developed by the United Arab Emirates government to spy on its citizens. The government bans rival offerings.