GDPR

Data privacy: better the nanny state, the Wild West or a coalition of the willing?

After countless data breaches and scandals relating to major tech behemoths’ cavalier usage of our personal data, it would seem natural to assume that Brits have decided to police their own privacy with much greater intent. On the contrary, post-Cambridge Analytica and the #DeleteFacebook movement, UK user numbers have grown over the last year, passing…


After countless data breaches and scandals relating to major tech behemoths’ cavalier usage of our personal data, it would seem natural to assume that Brits have decided to police their own privacy with much greater intent. On the contrary, post-Cambridge Analytica and the #DeleteFacebook movement, UK user numbers have grown over the last year, passing 40 million for the first time (around 60 per cent of the UK population). 

Furthermore, the rate at which people accept default options and blindly accept T&Cs and privacy policies only increases as our digital lives become more cluttered. According to a survey by Deloitte, 90% of consumers accept legal terms and conditions without reading them.

If we can’t help ourselves as consumers, who will? 

  • Data Protection Day 2019: Privacy firmly in the limelight
  • Data privacy: will it be as in vogue as it was in 2018?
  • A new era in data awareness

Consumer protections

Enter Her Majesty’s Government. It seems that various factions across Government have come to the conclusion, almost in unison, that greater consumer protections are needed. With GDPR still the soundtrack to last summer that’s ringing in our ears, a slew of Government activity is underway to crack down on big tech companies, and some is directed specifically at ensuring greater privacy protections. 

Recently, Jeremy Wright, the Digital secretary, unv

Read More

Be the first to write a comment.

Leave a Reply

GDPR

The 10 data privacy fails of the decade – and what we learnt from them

Today marks one of the most important days in the calendar for professionals in data  – Data Privacy Day! As we enter the 2020s, let’s take a look back over the data privacy fails that shaped the previous decade – and what we learnt from them –  so we can ensure the next 10 years are…

Today marks one of the most important days in the calendar for professionals in data  – Data Privacy Day! 

As we enter the 2020s, let’s take a look back over the data privacy fails that shaped the previous decade – and what we learnt from them –  so we can ensure the next 10 years are remembered for championing greatness in data privacy, and produce a decade of privacy wins.

1. Data privacy fails happened in the most unexpected of places…

Imagine buying an app-controlled, Bluetooth connected vibrator to spice up your love life for when your partner isn’t in town. It’s all fun and games until you discover your partner hasn’t been controlling it…it’s actually been hacked by a total stranger. 

Believe it or not, this actually happened in 2016, when it was discovered that anyone with a Bluetooth connection could hijack certain sex toys and control them because of their total lack of security protection. 

And if that’s not off-putting enough, it turned out the company was collecting and storing personal data gathered by the vibrator’s app – without their users’ consent. The app tracked the toys’ temperature and vibration intensity when paired with it – so essentially, the company ended up with large data files that detailed the exact sexual stimulation requirements of their customers. 

There is definitely such a thing as too much information…

Vibrators are not the only unusual objects that were hacked over this past decade. In 2017, cybercriminals managed to hack into a casino in North America through its internet-connected fish tank!

The aquarium in the lobby was fitted with a smart thermometer to regulate the tank’s temperate. It was through this device that the hackers were able to exploit a vulnerability and get a foothold in the network. Once there, they managed to access the high-roller database of gamblers and pull it back across the network, out the thermostat, and up into the cloud. You could say, they went fishing…

What have we learnt?

People should be able to buy things as personal as vibrators and as innocuous as fish tanks in safety. It’s simply astonishing that a vibrator was left so insecure when the risk of assault was so obvious. And it was even worse that the company was behaving so invasively as to capture such personal data without consent. While you could argue that the casino should have known better than to put a smart fish tank inside its security perimeter, the risk of exploiting a vulnerability to gain access to other systems has been well known for years, and the fish tank manufacturer simply should not have put its clients at such risk.

As the Internet of Things continues to grow, more devices will begin to come online, and these devices will come in many shapes and sizes. It’s crucial that the manufacturers of these devices follow a Privacy by Design model, and ensure that privacy and security are baked into products right from the start of the development lifecycle – not tacked on at the end. It’s far less hassle to think about data privacy at the beginning, and work it into a product, than to fix security flaws later down the line – if that’s even possible.

The adoption of IoT technology means cybercriminals can be more imaginative with their cybersecurity attacks, and these incidents are compelling reminders that the IoT devices are vulnerable to being hacked or compromised. The problem often occurs when manufacturers focus solely on the performance and usability of IoT devices, and ignore security measures and encryption mechanisms. Simple cybersecurity protocols such as authentication through OAuth, secure storage, penetration tests, and regular audits should be standard for internet-connected devices.

It’s also important for consumers to remember that any object, no matter how innocuous, that can connect to the internet has the potential to get hacked. Be vigilant, keep your operating systems and software up-to-date, use strong passwords, and if at all possible keep internet of things devices separated from important data..

2. The data privacy fail that stopped Harry from having his surname on his schoolbook…  

No-one wants to lose their identity, but an overenthusiastic reading of the GDPR in 2019 nearly led to just that. A primary school banned the use of children’s surnames on textbooks, in order to comply with (their perception of) GDPR regulations.

The bizarre situation led to a young boy, known as Harry Szlatoszlavek, being labelled as ‘Harry2’ by his classmates. ‘Harry2’ even received a Christmas card from another boy which read: ‘To Harry2 from Jack2.’,

Read More

Continue Reading
GDPR

The evolution of data privacy

As we enter the new decade, data privacy has become a top business priority. The nonstop revelations about social media data usage, the introduction of new legislation such as the GDPR and the California Consumer Privacy Act (CCPA), and a more alert consumer base change how companies have to manage their data. Data Privacy Day…

As we enter the new decade, data privacy has become a top business priority. The nonstop revelations about social media data usage, the introduction of new legislation such as the GDPR and the California Consumer Privacy Act (CCPA), and a more alert consumer base change how companies have to manage their data. Data Privacy Day reminds us that data security is evolving. We continue to face new data privacy challenges, so it is an ideal time to understand the trends and prepare for the future.

About the author

Stephen Manley, Chief Technologist, Druva.

Begin with fighting ransomware

All businesses, regardless of size and scale, are responsible for protecting customer data. However, with the increasing volume of valuable and sensitive data that will be generated and stored, ransomware has greater incentive and opportunity to attack unprepared organisations. Attackers have already begun to focus on corporate and government attacks with malware, rather than broad consumer attacks because the payoff is easier and larger. Furthermore, the opportunity is so large that cyber-attackers’ Ransomware as a Service has made virtually anybody in the world a threat.

Despite t

Read More

Continue Reading
GDPR

Radiohead launches online ‘public library’ so you can stream their rare stuff

Radiohead has launched a “public library” online and yes, you can get a library card. The legendary English band unveiled the Radiohead Public Library on Monday, an online archive of Radiohead’s back catalogue in one place, with links to either buy or stream via Spotify and Apple Music, along with videos and out-of-print merchandise. Fans…

Radiohead has launched a “public library” online and yes, you can get a library card.

The legendary English band unveiled the Radiohead Public Library on Monday, an online archive of Radiohead’s back catalogue in one place, with links to either buy or stream via Spotify and Apple Music, along with videos and out-of-print merchandise.

Fans can head to the website to register as a library member, and create their own library card. It’s pretty neat, but it looks like you can’t customise it on the site — you have to download the PNG file to add your mugshot into the corner. If you want to print it out and laminate it to throw in your wallet, go for it. 

And that QR code? It heads to the GDPR website — s

Read More

Continue Reading
GDPR

Cookie consent tools are undermining GDPR

A new study by researchers at MIT, UCL and Aarhus University suggests that most cookie consent pop-ups served to European internet users are likely defying regional privacy laws such as GDPR.The researchers published their findings in a paper titled “Dark Patterns after the GDPR: Scraping Consent Pop-ups and Demonstrating their Influence” which argues that vendors…

A new study by researchers at MIT, UCL and Aarhus University suggests that most cookie consent pop-ups served to European internet users are likely defying regional privacy laws such as GDPR.

The researchers published their findings in a paper titled “Dark Patterns after the GDPR: Scraping Consent Pop-ups and Demonstrating their Influence” which argues that vendors of consent management platforms (CMPs) are engaging in illegal practices, saying:

active consent is required for tracking

Read More

Continue Reading