Under the GDPR (General Data Protection Regulation), all personal data breaches must be recorded by the organisation and there should be a clear and defined process for doing so. Additionally, there are circumstances in which…
Virginia Data Privacy Law
Virginia is about to get a data privacy law, modeled on California’s law.Read more: schneier.com
A guide to the GDPR and CCTV in…
You might be surprised to learn that CCTV footage is subject to the GDPR (General Data Protection Regulation). The Regulation isn’t just about written details, like names and addresses; it applies to any information that can…
The Problem with Treating Data as a Commodity
Excellent Brookings paper: “Why data ownership is the wrong approach to protecting privacy.” From the introduction: Treating data like it is property fails to recognize either the value that varieties of personal information serve or…
What are the best books on data privacy?
Looking for affordable ways to keep your data secure? Sometimes the simplest solutions are the best – and nothing beats the simplicity of a book. With books, you get expert advice at your fingertips. You…
NoxPlayer Android Emulator Supply-Chain Attack
It seems to be the season of sophisticated supply-chain attacks. This one is in the NoxPlayer Android emulator: ESET says that based on evidence its researchers gathered, a threat actor compromised one of the company’s…
Extracting Personal Information from Large Language Models Like…
Researchers have been able to find all sorts of personal information within GPT-2. This information was part of the training data, and can be extracted with the right sorts of queries. Paper: “Extracting Training Data…
Backdoor in Zyxel Firewalls and Gateways
This is bad: More than 100,000 Zyxel firewalls, VPN gateways, and access point controllers contain a hardcoded admin-level backdoor account that can grant attackers root access to devices via either the SSH interface or the…
Have you met the DSP Toolkit deadline?
Earlier this year, NHS Digital confirmed that it was extending the 2020/2021 compliance deadline for DSP (Data Security and Protection) Toolkit until 30 September in light of the COVID-19 pandemic. If you’re not already compliant,…