Security News
Concerns over privacy and security raise important questions: is Zoom safe, and is it even GDPR compliant? In our current example, we do not know whether the host asked for a copy to be kept by Zoom for future reference, or whether Zoom kept a copy by default.
A newly released report offers a glimpse into how European Union authorities are applying the General Data Protection Regulation to some of the biggest U.S. technology firms, including social media giants Facebook and Twitter. What makes Ireland a bellwether for GDPR is that many U.S. technology firms, including Apple, Facebook and Google, have designated Ireland as their "Main establishment" in the EU. Under GDPR, that enables them to qualify for a one-stop-shop mechanism, which ensures that the data protection authority in that country takes the lead on any EU privacy investigations.
A joint report by the International Association of Privacy Professionals and Ernst & Young, published last year, revealed inconsistencies in how companies are implementing the DPO role, including whether the CISO also serves as DPO. When Is DPO Required? While some say it's appropriate for CISOs to serve as DPOs because the roles complement each other, others argue the DPO position should be separate.
During the Brexit transition period, "It will be business as usual for data protection," which means mandatory compliance with the EU's General Data Protection Regulation remains in effect, the U.K. Information Commissioner's Office said in a Jan. 29 blog post. What happens after the transition period is over? From a privacy standpoint, that remains the million-dollar - or rather, pounds-sterling - question, and "Depends on negotiations during the transition period," as noted in a Brexit FAQ issued by the ICO. Odds are good that after 2020, U.K. organizations will have to continue to comply with GDPR. Otherwise, they could be shut out of easy trading with the EU, leaving Britain at a competitive disadvantage.
From when GDPR went into full effect on May 25, 2018, until Friday, EU data protection authorities also imposed €114 million in fines under the privacy regulation for a wide variety of infringements, not all involving data breaches. The report doesn't count the U.K. Information Commissioner's Office stating that it intends to fine Marriott International $130 million and to fine British Airways $239.5 million for data breaches that occurred after GDPR went into full effect, since those penalties have yet to be finalized.
The UK Information Commissioner's Office has kicked £280m in data breach fines against British Airways and US hotel chain Marriott into the long grass. As spotted by City law firm Mishcon de Reya, the ICO has extended the time before it will fine the two companies what it claimed would be a total of £282m, split between BA's £183m and Marriott's £99m. In a statement the UK's data protection regulator said: "Under Schedule 16 of the Data Protection Act 2018, BA and the ICO have agreed to an extension of the regulatory process until 31 March 2020. As the regulatory process is ongoing we will not be commenting any further at this time."
$10 Million GDPR Fine Imposed on German Telco 1&1 read more
Your quick summary of infosec news beyond everything else we've reported Roundup Here's your Register security roundup of infosec news about stuff that's unfit for production but fit for print.…
$11 Million Fine for Authentication Shortcomings at Telecommunications ProviderOne of the largest fines to date for violating the EU's General Data Protection Regulation has been announced by...
$11 Million Fine for Authentication Shortcomings at Telecommunications ProviderOne of the largest fines to date for breaching the EU's General Data Protection Regulation has been announced by...