Morrisons data breach case highlights wider reaching liabilities than just GDPR fines

A High Court judge has found Morrisons supermarket liable for a 2014 data leak where an employee leaked Morrisons staff payroll information. The employee was found guilty for the breach and is currently serving an 8 year prison sentence. However, some of the employees impacted by the breach (i.e. their details were leaked) took the supermarket to court to claim damages for threat of identity theft and potential financial loss. Whilst Morrisons argued they couldn’t be held liable for the […]

WordPress patches 4 new security issues

wordpress

All versions of WordPress 3.7 onwards have been patched to fix four new security vulnerabilities. As reported in the security and maintenance release notes for v4.9.1, the following fixes have been implemented in the latest security release: Use a properly generated hash for the newbloguser key instead of a determinate substring. Add escaping to the language attributes used on html elements. Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds. Remove the ability to upload JavaScript […]

Privacy policies not up to scratch according to international investigation

data privacy

A global investigation by data protection regulators, including the UK’s ICO, found that website’s privacy policies tended to be inadequate in providing the information visitors to the sites need to understand how their data is collected and processed. The ICO reviewed 30 websites in the UK and found: 26 out of the 30 didn’t specify how and where data would be stored Detail about international transfer of data (i.e. outside the EEA) was often unclear 26 out of the 30 […]

Microsoft 365 launching GDPR Compliance Manager

cloud computing

Last week Microsoft announced that it will be launching a Compliance Manager across it’s cloud offering which will help organisations meeting their online compliance requirements, citing GDPR as one such compliance challenge. Microsoft says its Compliance Manager is “designed to help organizations meet complex compliance obligations like the GDPR. It performs a real-time risk assessment that reflects your compliance posture against data protection regulations when using Microsoft Cloud services, along with recommended actions and step-by-step guidance.” The Compliance Manager should […]

Changes to Binding Corporate Rules in a GDPR world

international transfer

Today the ICO published a new blog post about it’s approach to processing Binding Corporate Rules (BCRs) applications. BCRs are used to allow intra-group transfer of data where the transfer is outside the EEA. Simply, put they allow a business to arrange the transfer of EU related data to a part of their business that’s outside Europe. The process requires the company to submit the BCRs to a “lead authority” (determined on their HQ location), these are then discussed between […]

Vulnerability found in popular WordPress SEO plugin Yoast

wordpress

This week, WordPress security plugin Wordfence, reported on security vulnerabilities in three WordPress plugins, including one in the very popular SEO plugin, Yoast SEO. If you use Yoast SEO on your WordPress site and haven’t upgraded to version 5.8.0 you are advised to do so immediately. If you’re running Wordfence then you’re already protected, but should update Yoast anyway.

Hubdate: GDPR lawful basis for processing

Hub Changelog

Hub Changelog v1.0.6 – 18th November 2017 We’re continuing to work on our detailed overview of the GDPR, within the data protection section, where we break the GDPR down into it’s main sections. This week we’ve published some information about: The lawful basis for processing Full changelog archives

New E-privacy rules progressing through EU

privacy regulations

It’s not just data protection that’s changing next year, the EU are also working on introducing new e-privacy regulations. Proposals for new e-privacy regulations were announced back in January and aim to bring current privacy regulations (e.g. the Privacy and Electronic Communications Regulations in the UK) in line with the GDPR as well as update the regulations around the use of cookies and up to date with current technologies. Last month, it was announced that draft proposals were approved by the […]

ICO launches dedicated GDPR advice line

GDPR phone helpline

On the 1st November, the Information Commissioner’s Office (ICO) launched a dedicated support helpline for SMEs and charities needing help with the new GDPR data protection changes that are coming next year. The ICO say “the phone service is aimed at people running small businesses or charities and recognises the particular problems they face getting ready for the new law” with the Commissioner herself adding: All organisations have to get ready for the new data protection rules, but we recognise […]

EU GDPR guidance starting to take shape

waiting for GDPR guidance

There’s a question about whether it’s coming quick enough, but the EU’s Article 29 Working Party appear to be on the role with their GDPR guidance. They have recently published guidance for supervisory authorities (e.g. ICO) on fining and on Data Protection Impact Assessments (DPIA), plus are currently consulting on a couple of other pieces of guidance: Guidelines on personal data breaches Guidelines on automated decision making and profiling Anyone wishing to comment on these guidelines needs to pass their […]