A summer clerk and I are writing a weekly GDPR update, and this week's is on unintended security consequences. We've written about the so-called GDPR ransomhacks ("give me the $ or I'll expose this data"), but what other attacks have you guys been seeing? I'd think it presents at least two good spearphishing opportunities: "hi, I want my personal data from you, here's some totally benign document proving my identity" and "hi, I'm grandma. Please give me my info so I can phish myself."
That was quick. Tesla sues ex-employee over "sabotage": http://www.businessinsider.com/tesla-sues-employee-elon-musk-said-committed-sabotage-2018-6
Soliciting suggestions:
I'm going to be running a meeting to go over enterprise risk assessment w/ exec management. I've worked w/ them successfully for years in other realms, so I know the players & styles, but for some reason I can't seem to get much out of these meetings. What would others make sure they impart on c level & try to get out of the meeting?
If you're curious about what the FTC said re: the recent TaxSlayer debacle, My "Death, Taxes, and Data Breaches" article begins on p. 12 of this month's Nebraska Banker. Synthesizes that enforcement action and some highlights from the #DBIR. Probably nothing new for people on this instance, but if it's helpful in trying to convince your executives that #infosec is worth budgeting for, feel free to share.
Flipbook: https://lnkd.in/e2vC6Gh
Thoughts about the GDPR
https://infosec.engineering/thoughts-about-the-gdpr/
#GDPR
#infosec
Interesting take on the GDPR by EasyDNS: https://easydns.com/blog/2018/05/28/gdrp-why-should-any-non-euro-companies-care/
Basically, they claim not to fall under the jurisdiction of EU law, and go further to say that acting as if they do could expose them to other undesirable (from their standpoint) EU laws, like VAT. It makes sense, and all discussions I’ve had with real lawyers indicate that they likely are correct, despite the prevailing opinion that it applies to everyone serving ppl in EU
“…60 to 85 percent of companies say they’re not ready to be compliant today.” #GDPR https://gizmodo.com/dozens-of-american-news-sites-blocked-in-europe-as-gdpr-1826319542
Royal weddings may have become irrelevant in 1776, but this American lawyer is up at 2:30 AM on a Friday to watch some #GDPR fireworks.
...jk, actually still working over here.
...and, here's my daily #GDPR hate-post. https://www.getcurricula.com/gdpr-perfect-phishing-scam/
Here's the link to the webinar. Accredited for CLE/CPE/HRCI (though I think they charge a processing fee on top for those).
I have a bunch of free passes to the webinar I'm giving on Wednesday and won't be using all of them. My topics will include a (very broad) overview of cybersecurity frameworks, and then some recent legal trends that pertain to #infosec. Shoot me a private message if interested.
Other than the Belgian DPA apparently indicating a 5 year recommendation (https://privacylawblog.fieldfisher.com/2017/belgian-dpa-publishes-recommendation-on-gdpr-record-keeping-obligation, I can't read the original report), does anybody know how long Art. 30 documentation needs to be kept around? #GDPR
"In the meantime I’m going to sit down with the family, remind them of the surveillance capacity I have[,] and see if they care."
#GDPR http://www.wired.co.uk/article/you-need-to-update-your-personal-terms-of-service
@jerrybell @dreiann @FlyingLawyer @AlainODea @chuck @rysiek @superruserr @jeff Last week's panel on Emerging Threat went great. Thanks so much for your input on the matter. It really jump started my research. You could clearly tell who prepared in advance. Thanks! 😀
This. Is. Awesome. https://techxplore.com/news/2018-05-plain-text
@FlyingLawyer From what I've read, yes, I think they're clear enough for me to comply in any of my current and planned projects, and my work for my employer. But it's very much aligned with my design ideals to begin with. I'm less sure I'd know how to comply if I were a marketing company!
(but I have little or no sympathy for marketing companies, so...)
