Paul Van den Buick writes: The European legal framework on the protection of personal data (Directive 95/46/Ec) is acknowledged as one of the strictest in the world. This tendency seems to be confirmed by the new draft regulation on the protection of personal data revealed by the European Commission in January 2012, which, once adopted,…
Category: Commentaries and Analyses
Entities need to up their game when it comes to breach disclosures
Help Net Security reports on a new Experian/Ponemon survey, “Consumers confused about data breaches.” Over 60% of respondents had trouble understanding the notification letters or felt the entity did not give them sufficient details. One take-home message is what I’ve been saying for years: breach notifications need to be written in plain language and include…
New Math, data breaches version
As a survivor of New Math, it’s somewhat amazing that I’m willing to deal with numbers or math at all. Yet, here I am, with a simple equation as today’s New Math: UNCC + UN = time for regulation Simple, elegant, and somewhat nonsensical as a math equation, but two recent education sector breaches do…
University of Nebraska breach needs to reverberate in Washington, D.C.
The University of Nebraska disclosed a breach last week, which I dutifully entered on DataLossDB. The breach sounded like it could be huge, despite the university’s statement that it had no evidence (at that time) that any data had been downloaded: The NeSIS database includes Social Security numbers, addresses, grades, transcripts, housing and financial aid…
UK: Medical and social security records being stored unlawfully and inappropriately accessed, statistics show
Cahal Milmo reports: Medical and social security records kept by public bodies are being unlawfully or inappropriately accessed dozens of times a month and hundreds of civil servants disciplined for data offences, according to Government records. Staff at the Department for Work and Pension (DWP) are being reprimanded at a rate of nearly five per…
How do you view your customers?
Wow. I just read some really offensive advice by Ronald Raether about what to say after a data breach. Well, I should be clear that I didn’t read all of his advice because I stopped reading after his first answer to the interviewer: RONALD RAETHER: The first place to start is with defining the goals….