In the wake of the arrest of “Pompompurin,” BreachForums’ self-proclaimed owner and moderator, DataBreaches has been contacted by a number of anxious folks who want to know if they are at risk of being arrested for their own actions. Obviously, DataBreaches is not a lawyer or any kind of authority and can’t provide any assurances. …
Category: Commentaries and Analyses
Norwegian data protection authority fines U.S. firm almost $240,000 for failure to notify within 72 hours
It’s encouraging to see breach notification deadlines taken seriously. The Norwegian Data Protection Authority has imposed a monetary penalty of NOK 2.5 million on Argon Medical Devices for breaching Article 33 (1) of the GDPR. That article requires controllers to notify the regulator of a personal data breach within 72 hours. According to Datatilsynet (the…
French CNIL is setting the tone for 2023: patients data and medical research on its radar
Julie Schwartz and Patrice Navarro of HoganLovells write: CNIL has always been very attentive to the processing of health data and to their security and confidentiality. It regularly publishes content on its website (practical information sheets, guidelines and binding recommendations), and has also made health data security one of its priority topics for its investigations…
UK law: Ethical hackers urged to respond to Computer Misuse Act reform proposals
Alex Scroxton reports: Ethical hackers, security researchers and consultants, and the community at large are being urged to step up and make their voices heard as the government explores a series of proposed changes to the Computer Misuse Act (CMA) of 1990. The long-awaited consultation, which has been running since February, is seeking views on a…
The criminal use of ChatGPT – a cautionary tale about large language models
From Europol: In response to the growing public attention given to ChatGPT, the Europol Innovation Lab organised a number of workshops with subject matter experts from across Europol to explore how criminals can abuse large language models (LLMs) such as ChatGPT, as well as how it may assist investigators in their daily work. Their insights…
FTC Seeks Comment on Business Practices of Cloud Computing Providers that Could Impact Competition and Data Security
From the FTC: The Federal Trade Commission staff are seeking information on the business practices of cloud computing providers including issues related to the market power of these companies, impact on competition, and potential security risks. In a Request for Information, FTC staff are seeking information about the competitive dynamics of cloud computing, the extent to…