Weekly Newsletter: 1st February – 5 February 2021
GDPR EU Representative

February 8, 2021

SaaS Data Ownership: The Key to Data Protection and More Impactful Machine Intelligence

[#SaaS #DataPrivacy]

“With Gartner reporting that 97% of organizations having some form of SaaS applications in their technology stack, the question of SaaS data ownership is quickly becoming something we can no longer sweep under the rug. […]

But the data stored and repeatedly overwritten in our SaaS applications represents a historical record of cause and effect change patterns in our business. This data, aside from being essential for compliance and data privacy, represents the biggest missed opportunity to improve modern-day machine learning algorithms. It is the literal “cause and effect” information gap that machine learning algorithms need to make sense of why things change in our business.

Some of the most iconic companies in the world that we buy from daily, wear on our wrists, have in our pockets, or rely on to power the internet, are starting to catch on to this opportunity –and they are using an old set of tools in a new way in order to drive unfair advantage in their markets.”

To read more: Click here.

Home working increases cyber-security fears

[#DataBreach #Homeworking #Remoteworking #DataSecurity #DataPrivacy]

“‘We see tens of different hacking attacks every single week. It is never ending.’ A senior computer network manager for a global financial services company, Peter (who did not want to give his surname, or the name of his employer, due to his firm’s anxieties surrounding cyber-security), says they are bombarded from all directions.

[…] With one in three UK workers currently based exclusively at home, and the same level in the US, this remote working on a vast scale continues to be a major headache for the IT security bosses of companies large and small around the world.

[…] Meanwhile, a separate UK study last year found that 57% of IT decision makers believe that remote workers will expose their firm to the risk of a data breach.”

To read more: Click here

Ransomware: A company paid millions to get their data back, but forgot to do one thing. So the hackers came back again

[#DataBreach #DataSecurity]

“A company that fell victim to a ransomware attack and paid cyber criminals millions for the decryption key to restore their network fell victim to the exact same ransomware gang under two weeks later after failing to examine why the attack was able to happen in the first place.

[…] The unnamed company fell victim to a ransomware attack and paid millions in bitcoin in order to restore the network and retrieve the files.

[…] However, the company just left it at that, failing to analyse how cyber criminals infiltrated the network – something that came back to haunt them when the same ransomware gang infected the network with the same ransomware less than two weeks later. The company ended up paying a ransom a second time.

[…] Examining the network following a ransomware incident and determining how the malware was able to enter the network as well as staying undetected for so long is, therefore, something all organisations that fall victim to ransomware should be considering alongside restoring the network – or preferably, before they even think about restoring the network.”

To read more: Click here

Reform in US Surveillance Laws is Only Way Forward Says EU Parliament in #SchremsII Resolution

[#SchremsII #EUUSDataTransfers #SCCs]

“‘For data controllers that fall within the scope of the US Foreign Intelligence Surveillance Act, a transfer of personal data from the Union is not possible under [the] SCCs, due to the high risk of mass surveillance; only a comprehensive reform of surveillances practices in the US can sustainably address this problem and provide legal certainty to businesses and data subjects’ – says European Parliament Committee on Civil Liberties, Justice and Home Affairs in draft #SchremsII resolution.

The draft resolution makes clear that no solution is possible, not even a comprehensive US Federal data protection law, without the revision of the US surveillance laws. It also puts caution regarding a possible ‘Privacy Shield 2.0’ arrangement and warns the UK and other states currently enjoying an adequacy declaration.”

To read more: Click here


Dutch data scandal highlights structural problems around privacy compliance

[#COVIDdata #DataSecurity #DataBreach #DataPrivacy]

“On Jan. 25, RTL News discovered widespread trade in the personal data of COVID-19 test subjects. With their personal data registered in the two main IT systems of the Municipal Health Services — known as the GGD — at least two employees maliciously downloaded the data. Apparently, over the course of the previous months, the data was offered for sale on various large chat groups on services such as Telegram, Snapchat and Wickr. Two GGD employees were arrested, though it is unclear whether they in fact managed to sell the data.

[…] Next to the concrete damage of the theft, the scandal also revealed a fundamental lack of respect for and understanding of privacy law in both public institutions and Dutch politics.”

To read more: Click here.