UpDATA - the data risk blog

Latest posts

1 a 10 de 37
  • SARs: a tool for identity theft

    Enviado: 12 August 2019

    A researcher from Oxford University has sent a fake subject access request to over 150 companies in order to prove how the “right of access” under Article 15 of the GDPR can be easily exploited by malicious attackers to steal sensitive personal information.

  • US regulator imposes fine on Facebook more than double the GDPR maximum

    Enviado: 18 July 2019

    Following a settlement last week the US Federal Trade Commission has imposed a fine of $5bn on Facebook in relation to its privacy law violations in connection with the Cambridge Analytica scandal. The sheer scale of the fine, more than twice the maximum level possible under GDPR, and the market reaction to it raise a number of interesting questions.

  • FOI requests continue to expose cyber weaknesses in the financial services sector

    Enviado: 11 July 2019

    The FCA has confirmed that in November 2018 four UK banks were targeted by hackers, further highlighting cyber weaknesses in financial services.

  • Ramming home the point, the ICO intends to fine Marriott almost £100m

    Enviado: 09 July 2019

    Following on from its announcement of the largest ever GDPR fine yesterday – £183m against British Airways - the ICO has gone again, announcing the second largest ever GDPR fine – this time a fine of almost £100m against Marriott.

  • British Airways - the ICO shows its teeth

    Enviado: 09 July 2019

    This morning the Information Commissioner’s Office announced that it intended to impose a fine of £183.39m on British Airways in respect of the well-publicised data breach, in which, beginning in June 2018, the data of 500,000 customers was compromised.

  • FOI request sheds light on stark increase in reported cyber incidents

    Enviado: 03 July 2019

    A recent Freedom of Information Act request submitted to the Financial Conduct Authority highlights a near 12-fold increase in cyber incidents between 2017 and 2018.

  • Data Controller DSAR obligations clarified

    Enviado: 07 June 2019

    This blog highlights the key points from the recent decision in Dawson- Damer and others v Taylor Wessing LLP and others [2019] EWHC 1258 (Ch).

  • Prosecutions for snooping employees

    Enviado: 01 April 2019

    The ICO has announced three successful prosecutions for unlawful obtaining or disclosing of personal data under s55 of the Data Protection Act 1998, all of which involved employees accessing or transferring personal data in their own self-interest.

  • German competition regulator restricts Facebook data use

    Enviado: 15 February 2019

    The Bundeskartellamt found Facebook's merging of user data from multiple sources to be both anti-competitive and in breach of the GDPR.

  • The PRA’s letter on cyber underwriting: ignore “silent” cyber exposures at your peril

    Enviado: 14 February 2019

    The PRA has written to insurance firms highlighting its concerns about both “affirmative” cyber cover and “non-affirmative” (or silent) cyber exposure.

1 a 10 de 37