U.K. businesses shy from involving police in cyber incident response for fear of regulatory consequences, lawmakers sitting on Parliament's Joint Committee on National Security Strategy heard. Allowing businesses to anonymously disclose incidents would result in more data, suggested a witness.
Facebook will pay a 265 million euro fine to the Irish data protection authority to resolve a 2021 incident when the scraped data of 533 million users appeared online. The data contained names, phone numbers and birthdates. Facebook says it takes active measures against data scraping.
The French data protection authority fined Discord 800,000 euros for privacy and security practices that violate the General Data Protection Regulation. Authorities said the fine might have been higher except that Discord's "business model is not based on the exploitation of personal data."
Soccer fans watching the 2022 FIFA World Cup live from Doha should think twice about installing two apps developed for the Qatari government, warn multiple European data protection authorities. The apps likely open the door to surveillance by authorities with a spotty human rights track record.
The British data watchdog says the U.K. Department for Education shouldn't have allowed a private company to use student records to check whether new users of gambling apps were underage. A departmental spokesperson said it will ensure such misuse of the database doesn't reoccur.
The U.K. Information Commissioner levied a nearly $5 million fine against Interserve Group Limited for its lack of security protections in the run-up to a 2020 ransomware attack. The firm kept employee data on servers running obsolete versions of Windows and used outdated antivirus software.
The latest edition of the ISMG Security Report discusses how ransomware-as-a-service groups are shifting their business models, how investigators battling cybercrime have been hindered by GDPR, and how employees consider workplace "choice" a key factor for job satisfaction.
Thales plans to enter the customer identity and access management market through its purchase of an emerging European CIAM player. The French firm plans to capitalize on OneWelcome's strong product by extending its footprint beyond Europe and into North America and Asia-Pacific.
The European Parliament has granted Europol permission to receive and process datasets from private parties and pursue research projects for better handling of security-related cases. Use of these powers will be overseen by the European Data Protection Supervisor and the Fundamental Rights Officer.
The Dutch Data Protection Authority has imposed penalties of 3.7 million euros ($4 million) and 565,000 euros ($600,000) on the Dutch Tax and Customs Administration and the Ministry of Foreign Affairs, respectively, for violating the General Data Protection Regulation.
As President Joe Biden visits Europe this week, the U.S. and the European Commission announced they have agreed in principle to a new Trans-Atlantic Data Privacy Framework. Officials say it will foster cross-border data flows and address concerns raised by the EU Court of Justice in 2020.
In the U.S., three states now have disparate data privacy laws - and more are coming. Meanwhile, China has enacted a new law that has global enterprises scrambling. How will these and other actions shape privacy discussions in 2022? Noted attorney Lisa Sotto shares insights.
Lisa Sotto, partner and chair of the global privacy and cybersecurity practice at Hunton Andrews Kurth LLP, joins three ISMG editors to discuss important cybersecurity and privacy issues, including how U.S. enterprises are harmonizing three disparate privacy laws, and ransomware preparedness.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including the status of the recommendations of the Cyberspace Solarium Commission today and what still needs to be enacted by the current Congress, addressing the increasing challenge of cyberattacks...