About a year after 57 million records were breached at Uber, the company issued a breach notification press release. The CEO made no excuses for the lateness of the notice and to be fair, he was not involved in the handling of the whole thing since he was hired after the event. The notification also … Continue reading
Tag Archives: Privacy
Awareness training always has an attitude
A lot depends on why you think you’re training people. That motivation comes through in the attitude. And that attitude has a lot to do with how successful the training is. By my estimate, there are any number of nuanced attitudes but they more or less gravitate to one of three motives: We’re training you … Continue reading
When is a breach notification not a breach notification (part three)?
When it is presidential primary news. When the “family feud” is more newsworthy than the data. When there are no less than four parties involved who one can identify as data custodians of one kind or another. In a single sentence, the incident can be described as follows (the four data custodians are numbered in … Continue reading
I am not a number, I am a data point
Identity has changed. The post-World War II generation was concerned about being identified as a number. The sight of emaciated humans with identifying numbers tattooed on their inner forearms made this very real and very scary. By the late 1960’s the TV show The Prisoner portrayed the hero objecting on a regular basis: “I am … Continue reading
Big Data ebook free to download
this ebook is free to view or download. A humanistic look at Big Data, aggregation and how a data-centric view of the world is changing our relationship to our identities and the groups we belong to. click below (left to look/right to receive) to view or download: Big Data- slipping its moorings Continue reading
Aggregation is biased towards anonymity
Did the EU Court of Justice’s compromise on the right to be forgotten get its inspiration from a US law’s attempt at solving a logistical problem? I’ve written about the bias of aggregation towards anonymity in Anti-Viral, published by SecurityCurrent. In that piece, I show how the EU’s decision reinforces the idea that aggregation, the … Continue reading
Security and Privacy walk into a bar…
There can be no question that Security and Privacy are strongly related. It would be easier if they were the same thing. But they’re not, of course; there are differences. This blog has never shied away from stating the obvious. This post tries to enumerate the significant differences between privacy and security: I. They come … Continue reading
A new role in data privacy: the searcher
The EU’s efforts to define a right to be forgotten and the recent U.S. Supreme Court decision about how privacy is protected on cell phones go hand in hand. They remind us that the medium is still the message and that there is a new role in discussing data access and control. Why connect these … Continue reading
One hand washing the other
Can the HIPAA Security Rule learn something from the HIPAA Privacy Rule? When it comes to encryption at the application security level: yes. First, one of my particular soapboxes: in a world where medical records are increasingly found in digital form, the HIPAA Security Rule and the HIPAA Privacy rule cannot be minded by two … Continue reading
Cyber Security professionals need to help stop cyberbullying
Protecting data confidentiality, integrity and availability are not enough. We also must promote the ethical use of cyber space. And that starts by making sure it is not a place where anyone, especially children, can be harmed and exploited. An organization in Ireland does a great job of promoting this important effort: http://www.stopcyberbullies.ie/ Continue reading
{Cyber Security} 