UK government publishes paper on the case for EU data flows post Brexit

UK Government & Data Protection

Whilst the UK is still part of the EU it can continue to benefit from EU transfers of data as set out in the 1995 Directive (implemented in the UK as the Data Protection Act 1998). These EU rules allow for the free flowing of data across all EU member states; those outside the European Union though, have to prove they have adequate data protection controls in place and anyone within the EU wishing to transfer data to those countries […]

Drupal Security Release (8.3.7)

Drupal Notice

Web hosting platform, Drupal, have issued a maintenance release of their software that patches a number of security fixes. Users are urged to upgrade to the latest version, 8.3.7 as soon as possible. The release patches a number of security vulnerabilities: Views – Access Bypass – Moderately Critical – Drupal 8 – CVE-2017-6923 REST API can bypass comment approval – Access Bypass – Moderately Critical – Drupal 8 – CVE-2017-6924 Entity access bypass for entities that do not have UUIDs or […]

GDPR and fines

GDPR and fines

It seems the Information Commissioner’s Office (ICO) is getting a little fed up with misinformation about the General Data Protection Regulation (GDPR) and so are publishing a series of blog posts “sorting the fact from the fiction”. We tend to agree with the ICO on this – there is a lot of misinformation about the GDPR, articles speaking as though this is the first time businesses have had to worry about data protection, or companies pushing their services as though their product (which […]

Talk Talk fined for breach of data protection principle

news header

The ICO has fined TalkTalk £100,000 for a breach of principle 7 of the Data Protection Act – the “security” principle. It found that a third party company, contracted by TalkTalk, had wide access to customer data and that some of the third party accounts had been used to unlawfully access TalkTalk’s customer data. The issue was brought to the attention of the ICO after complaints that TalkTalk customers had been receiving scam calls, using TalkTalk data to identify themselves. You […]

Wordfence reports increase in TrafficTrade malware infection caused by theme

wordpress

WordPress security experts, Wordfence, are reporting a “significant increase in the number of WordPress websites hit by an infection [they’re] calling TrafficTrade.” Wordfence says there seems to be two routes to infection. A small number caused by a redundant searchreplacedb2.php script (which they reported as an issue a few weeks back). The bulk of infections though, are being caused by a vulnerability in the Newspaper theme – this is a premium theme. You can find full details on the Wordfence blog. Your […]

UK Government publishes its planned data protection reforms

UK Government & Data Protection

It was in the Tory manifesto and the Queen’s Speech back in June, so it’s no surprise that we’re getting a Data Protection Bill. We don’t have the actual Bill yet (looks like that is likely to have it’s initial reading in Parliament in September), but today (7th August) the Department for Digital, Culture, Media & Sport have published it’s intentions for the Bill. The initial part of the reform paper suggests additional data protection regulation over and above the […]