Dublin Information Sec 2018: take note of this advice to embed lessons from a data breach
When assembling an incident response team, it’s worth including someone whose job is to take notes. It might seem like a small point, but it’s a big help for communicating during a breach, and learning lessons afterwards. Maybe it’s because I write things down for a living, but for me, that was one of the […]
Plan for potential incidents and breach scenarios, cybersecurity conference hears
Businesses should prepare an incident plan for security breaches in advance to know what resources they’ll need to deal with it. Speaking at the Technology Ireland ICT Skillnet Cybercrime Conference earlier today, Brian Honan said that running different scenarios can help businesses identify whether they’ll need assistance from IT, legal, HR or public relations. Research […]
Busting myths and misconceptions around GDPR and security
For better or worse, GDPR and security are often wedded together, when the relationship in fact is slightly more complicated. Sarah Clarke, a specialist in privacy, security, governance risk and compliance with BH Consulting, has picked apart some myths and misconceptions around the subject. She kindly gave us permission to use material she published in […]
UK issues data protection guidance for a no-deal Brexit scenario
In preparation for a possible no-deal Brexit, the UK Government has published guidance about how this will affect data protection. The EU uses a mechanism called an adequacy decision to allow the free flow of personal data to countries outside the EU. BH Consulting CEO Brian Honan has identified the key section of the UK […]
I read the news today, oh boy: social sharing and the dangers of false information
We’ve all done it: shared a post on social media in the belief that it’s spreading an important message or helping someone in need. But how many of us check to see whether it’s genuine? Earlier today I appeared on East Coast FM Radio in Ireland to talk about this problem. The interview came after […]
Using ISO 27001 to guide your GDPR breach response plan
Among the many changes GDPR will usher in, one of the biggest for many organisations will be mandatory breach reporting. From May 25, all organisations holding personal data about European Union residents must disclose a breach if it is “likely to result in risk to personal data”. What’s more, organisations must report such breaches within […]
Permission slip: what consent means and where it really applies to GDPR
As data protection and privacy professionals, we use terms from data protection legislation daily and they roll off the tongue as if we were born knowing what the words mean. The problem is, GDPR contains words that have both a legal meaning and a different semantic meaning. Talking with consumers and clients, I realise that […]
GDPRubbish: seven common data protection myths debunked
I have been evangelising about GDPR for almost two years, professionally and personally. It’s a powerful piece of legislation designed to empower citizens of Europe and to deter the inappropriate information management practices of the past. It aims to rebalance a data subject’s control over information with the organisation’s need to maximise use and profit […]
Prepare for breach: 10 steps to better incident response planning
Developing an incident response plan – and testing various scenarios against it – is now a must. Let’s all remember the Central Bank of Ireland’s stark warning back in 2016. “Firms should assume they will be subject to a successful cyber-attack or business interruption.” Having a structured and formalised response plan ensures organisations can deal […]
Data Protection Implications of Brexit
Well I guess this comes as no big surprise. In its “Notice to stakeholders: withdrawal of the United Kingdom and EU rules in the field of data protection”, the EU today declared that the United Kingdom post Brexit will not meet the adequacy requirements with regards to the transfer of personal data from the EU […]