Regulatory compliance and standard requirements

Lauri Love battles police for return of computers as NCA confirms live investigation

The National Crime Agency (NCA) confirms there is a live investigation into Lauri Love in the UK, as Love brings legal action against UK police for the return of seized computer equipment Continue Reading

ICO and government help UK businesses prepare for no-deal Brexit

The Information Commissioner’s Office (ICO) and the government are providing guidance for UK businesses, particularly SMEs, on how to prepare for a possible no-deal Brexit Continue Reading

UK trade sector risks GDPR fines over poor data disposal

UK businesses in the trade sector are risking GDPR fines for failing to wipe data from old IT equipment, a survey shows Continue Reading

Large disparity in NHS cyber skills and training spend

Despite government pledges to up cyber security spending across the NHS, there are still huge disparities in cyber security skills and spending on cyber security training, FoI requests reveal Continue Reading

Brexit implications for data protection

Leaving the European Union will have serious implications for data protection in the UK unless adequate steps are taken, so businesses are advised to have contingency plans in place Continue Reading

UK consumers threaten data breach backlash

Most UK and global consumers are willing to walk away from businesses that fail to look after personal data, with retailers most at risk, research shows Continue Reading

Liberty heads for judicial review over Investigatory Powers Act

The UK's powers to conduct supsicionless bulk surveillance on individuals and organisations face a legal challenge in the high court next year Continue Reading

UK government commits to opening up data in bid to push adoption of AI

Opening up data is vital to government plans to push adoption of artificial intelligence across all sectors of the UK economy Continue Reading

Marriott data breach highlights basic failings

A breach of a guest reservation database of the Starwood division of the Marriott International hotel group highlights basic personal data protection failures Continue Reading

UK cyber security strategy making ‘good progress’

The National Cyber Security Strategy is making good progress, but there is much left to be done, according to a Cabinet Office official Continue Reading

Cyber resilience lacking due to apathy of UK leaders

An unwillingness to accept that cyber is a real threat to critical national infrastructure by UK political and business leaders has resulted in a lack of resilience, says security industry veteran Continue Reading

CIO interview: Stephen Docherty on NHS data sharing

The Cambridge Analytica scandal raised awareness about privacy. Stephen Docherty, CIO of South London and Maudsley NHS Trust, explains why Continue Reading

Businesses failing to win consumer trust

Businesses are still largely failing to win the trust of consumers to keep their personal data safe as data breaches continue to make headlines Continue Reading

ICO fines Uber £385,000 for data protection failings

Like Facebook, Uber has escaped a potentially much higher fine for data protection failings because the 2016 breach that affected millions of UK customers is not covered by the GDPR Continue Reading

GDPR is encouraging UK IT directors to pay cyber ransoms

As predicted ahead of the General Data Protection Regulation enforcement deadline, research shows that fear of fines under the new laws is making some firms more likely to pay cyber ransoms Continue Reading

Unprecedented actions by Commons committee augur badly for Facebook

House of Commons’ serjeant-at-arms effectively arrested the CEO of a US software company and frogmarched him to Parliament, where he was told he would be imprisoned if he failed to hand over papers on Facebook Continue Reading

ICO finds Metropolitan Police's Gangs Matrix seriously breaches data protection laws

A year-long ICO investigation has highlighted major problems with how the Metropolitan Police handles and shares the personal data of individuals on its Gangs Matrix Continue Reading

Dutch audit finds Microsoft Office leaks confidential data

The diagnostics Microsoft Office collects from users should be a source of concern for any government CISO, according to a DPIA audit Continue Reading

Police challenged over refusal to disclose files on WikiLeaks staff

Lawyers will challenge the Metropolitan Police Service today to confirm or deny whether it holds correspondence with US law enforcement about three WikiLeaks staff – including two UK citizens – in a freedom of information tribunal Continue Reading

Government lacks cyber resilience leadership, according to MPs

The government lacks political leadership and urgency in dealing with cyber threats, according to Joint Committee on National Security Strategy, calling for a minister in charge of delivering cyber resilience Continue Reading

Credit card fraud in ANZ showing no signs of abating

The value of fraudulent transactions more than doubled that of legitimate purchases during the third quarter this year Continue Reading

Three factors marginalising the CISO role

Chief information security officers are typically marginalised due to three factors, and de-coupling the technical and managerial aspects of the job will enable empowerment, says consultant Continue Reading

Many firms still stuck in GDPR prep phase six months after its initiation

Six months after the GDPR compliance deadline, many companies are struggling to make data protection principles part of everyday business, says PwC’s GDPR and data protection lead Continue Reading

Why is hiring a government chief security officer such a tricky business?

Security bosses and CIOs weigh in on why they think the government is struggling to recruit a chief security officer Continue Reading

Global IoT security standard remains elusive

Despite the lack of a global internet of things security standard, existing security frameworks are on the same page in areas such as device upgradability and data stewardship. Continue Reading

Members of Parliament should back EU Withdrawal Agreement, says industry

Industry experts say the government’s EU Withdrawal Agreement is far from perfect and still requires more clarity, but call on MPs to back it, as it’s better than a No-Deal Brexit Continue Reading

DeepMind won’t share patient data with Google ‘at this stage’, says company’s health boss

Amid concerns and questions around Google’s takeover of the DeepMind’s Streams app, Dominic King, the company’s health lead, promises that ‘at this stage’, nothing will change, and it won’t share any patient data with the internet giant Continue Reading

It’s complicated: How enterprises are approaching IAM challenges

Identity and access management challenges are evolving with digital transformation. Computer Weekly explores some of the ways organisations are ensuring the right people gain the right access to the right resources Continue Reading

Thailand’s Democrat Party holds election with blockchain

The Zcoin blockchain was used to store file hashes of voting data and identities of voting members of Thailand’s main opposition party Continue Reading

EU regulation set to advance single market for non-personal data

The European Union Council and Parliament have approved a regulation, to take effect in six months’ time, to ensure the free movement of non-personal data, such as IoT data, across the bloc Continue Reading

GDPR a challenge to AI black boxes

Most artificial intelligence “black boxes” do not comply with EU data protection laws and will have to be re-engineered, warns security researcher and consultant Continue Reading

Increasing value of personal data a 21st century challenge

The increasing value of personal data presents the challenge of managing a personal data economy, says identity and security expert Continue Reading

Cyber security high on European Commission agenda

The European Commission is recognising the growing importance of cyber security to the digital economy and is increasing funding to support research, resilience and cooperation Continue Reading

Making the UK the safest place to live and work online

Government, industry and individuals all have to play their part in enhancing cyber security practices Continue Reading

Banking sector leading CIAM innovation, say Big Four

Maturity in consumer identity and access management (CIAM) differs from sector to sector, with the banking sector taking the lead in terms of innovation, according to the Big Four accounting firms Continue Reading

DevSecOps not limited to coding, says analyst

DevSecOps is seen as a way of ensuring application security, but security leaders must understand that embedding a security culture and taking the inter-dependencies of new development frameworks into account is key, says KuppingerCole Continue Reading

Facebook to appeal EU-US data transfer ruling in Irish Supreme Court

Facebook will appeal a decision by the Irish High Court to refer questions over the legality of EU-US data transfers to the European Court of Justice in January, as the Dublin court rejects attempt by a UK IT expert to join the case Continue Reading

Radisson hotel group could be GDPR test case

Privacy watchers say the breach of personal data of members of the Radisson Hotel Group’s loyalty scheme could be an interesting test case for how the GDPR will be applied Continue Reading

Key elements to success in consumer identity management

Success in consumer identity management is not just about getting the technology right, it is also about keeping in mind the consumer needs, preferences and concerns, says KuppingerCole Continue Reading

GDPR driving data protection maturity

The EU data protection laws are helping to drive data protection maturity internationally, but five months after enforcement many companies are still playing catch-up, says consultant Continue Reading

Australia’s data breaches are a ‘sign of naiveté’

McAfee executive attributes Australia’s poor cloud security record to the lack of data protection measures amid “new and confusing” cloud configurations Continue Reading

As data volumes grow, backup needs analytics, says StorageCraft CEO

Backup appliance maker’s CEO says backup needs analytics so customers can prioritise restore of critical data in a world where volumes increase by 50% a year Continue Reading

IoT ecosystem needs to be investigated, say experts

A conference of IoT experts convened by Enisa and Europol has made key recommendations to ensure security vulnerabilities do not overshadow benefits Continue Reading

Mitigating third-party cyber risks in a new regulatory environment

GDPR and the NIS Directive increase the focus on managing cyber security throughout the supply chain. Organisations need to check their suppliers are compliant Continue Reading

MEPs call for action in wake of Facebook-Cambridge Analytica scandal

European members of parliament demand action to protect citizens’ privacy from abuses such as those uncovered in the Facebook-Cambridge Analytica data sharing scandal Continue Reading

ICO issues maximum £500,000 fine to Facebook

The UK privacy watchdog has confirmed that Facebook has escaped a fine of more than $1bn under the GDPR, but will face the maximum under the DPA for failing to protect users’ personal information Continue Reading

Cathay Pacific under fire over breach affecting 9.4 million passengers

Hong Kong-based airline reveals massive data breach of the most sensitive personal data of passengers five months after loss was confirmed Continue Reading

Becrypt security platform helps ease cloud adoption

Becrypt’s secure operating system is driving a new service aimed at helping organisations reduce cost and increase agility in using cloud-based services and online applications Continue Reading

Morrisons loses appeal against data breach liability ruling

Supermarket chain has lost its appeal against a High Court ruling that found it liable for a data leak by a former employee, underlining the importance of managing insider threats Continue Reading

Learn lessons from attacks, says McAfee investigations chief

Organisations should use every cyber attack as an opportunity to learn, identify weaknesses and improve security posture, according to McAfee’s head of cyber investigations Continue Reading

NHS standards framework aims to set the bar for quality and efficiency

NHS Digital’s standards framework sets out renewed commitment to implement and use open standards across the NHS Continue Reading

Time to implement new cyber security protections, says McAfee CEO Chris Young

Convergence of threats and technologies and an increasingly complex regulatory environment are driving the need to implement new cyber security protections, says McAfee chief Continue Reading

UK faces 10 cyber attacks a week as hostile states step up hacking, says NCSC

The UK’s National Cyber Security Centre has thwarted more than 1,600 attacks over the past two years – many by hostile nation states Continue Reading

Tech companies should not be under legal duty to remove terrorist material, says watchdog

The internet should not be a safe place for terrorists, but making it compulsory for technology companies to trawl for radical content risks interfering with the rights of innocent people, says Max Hill QC, the independent reviewer of terrorism legislation Continue Reading

Good data governance is good business

Organisations are failing to understand the importance of getting their data relationship with customers right and seeing the business opportunities that it enables, an industry analyst warns Continue Reading

Apple challenges Australia’s proposed decryption law

Tech giant Apple argued that the lack of judicial oversight could reduce customer trust and security, among other reservations over Australia’s draft decryption legislation Continue Reading

MEPs urge Facebook to roll out election fraud prevention measures

Facebook is coming under pressure from European lawmakers to do more to prevent its user data from being misappropriated during elections Continue Reading

Detail of Dutch reaction to Russian cyber attack made public deliberately

Four Russian intelligence officials were expelled from the Netherlands after an attempted hack on the global chemical weapons watchdog. The Dutch government has been open about the detail Continue Reading

Security Think Tank: Monitoring key to outcomes-based security

What is the first step towards moving from a tick-box approach to security to one that is outcomes-based, and how can an organisation test if its security defences are delivering the desired outcome? Continue Reading

High Court blocks Google iPhone privacy lawsuit

The UK High Court has thrown out a group action lawsuit against Google for tracking iPhone browsing data, but campaign group Google You Owe Us, which brought the litigation, will appeal the decision Continue Reading

ICO hits Heathrow Airport with £120,000 data breach fine over lost USB stick

Information Commissioner’s Office fines airport after a member of the public came across a USB stick containing sensitive personal information about airport staff Continue Reading

Customers need to be at the centre of GDPR plans

Responding to a breach is not just about data, it is about taking care of, and protecting, customers Continue Reading

GDPR case work swamps Denmark’s data protection agency

The agency investigating alleged breaches of GDPR in Denmark is recruiting additional resources to cope with the increase in work Continue Reading

Security Think Tank: Use Cyber Essentials to kick-start outcomes-based security

What is the first step towards moving from a tick-box approach to security to one that is outcomes-based and how can an organisation test whether its security defences are delivering the desired outcome? Continue Reading

Facebook could face up to $1.6bn fine for data breach

Facebook is under increased pressure to demonstrate that users’ personal data is protected as it faces a potential fine of more than a billion dollars for a data breach affecting millions of users Continue Reading

EU sees eIDAS regulation come into full force

A regulation aimed at cutting red tape to enable a digital single market in Europe will soon be in full force, but it could present some challenges to the UK after Brexit Continue Reading

Prepare now for quantum computers, QKD and post-quantum encryption

The predicted processing power of quantum computers is likely to make existing encryption algorithms obsolete. Quantum key distribution (QKD) is a possible solution - we investigate whether QKD is viable Continue Reading

ICO threatens fines for outstanding fees

The UK’s privacy watchdog has issued warning letters to organisations, including some NHS trusts and government organisations, for failing to pay a new data protection fee Continue Reading

Financial services firms face potential security bombshell

UK financial services are facing a security crisis over outdated services and applications, a survey shows Continue Reading

PCI DSS compliance falls despite security benefit

Despite the benefits of the payment card industry security standard, there is a concerning downward trend in compliance, a report reveals Continue Reading

Europol cyber crime report highlights emerging threats to enterprise security

Research highlights increase in sophistication of ransomware attacks, while revealing details of new and emerging threats to enterprises Continue Reading

Printing, document capture and compliance risk in the GDPR era

Printers, scanners and mobile devices that capture data from documents all store data in some way or other. How can you be sure to be compliant with GDPR with regard to that data? Continue Reading

No Deal Brexit may hinder free flow of personal data from EU to UK

The government’s No Deal Brexit planning document on data protection warns free flow of personal data from EU isn’t guaranteed, and organisations must take action to ensure they will still be able receive data from Europe Continue Reading

GCHQ mass surveillance regime was in breach of human rights law, European court rules

The European Court of Human Rights in Strasbourg has ruled that the UK’s collection of bulk interception of communications data lacked adequate oversight and safeguards and was in breach of human rights law Continue Reading

FCA warns it cannot manage financial crime risks without sharing data with EU

FCA admits it will be unable to manage financial crime effectively if it cannot share data with EU authorities. Continue Reading

British Airways data breach: Security researchers name suspects and query attack timeline

Security researchers claim to have pinpointed the cause and perpetrators of the British Airways data breach, and also claim the attackers may have had access to its customer data for far longer than previously thought Continue Reading

Cyber criminals outspend businesses in cyber security battle

Cybercriminals are flexing their financial might and UK organisations are facing more attacks as a result Continue Reading

BA praised for swift GDPR-aligned action on data breach

British Airways has been praised for its swift response to a customer data breach, which could be the first test case under the EU’s GDPR and new UK GDPR-aligned data protection laws Continue Reading

Majority of UK firms not insured for data breaches

Many UK firms are not insured against information security breaches and data loss, and would have to spend £1m on average to recover from a breach, a report reveals Continue Reading

Blockchain gains foothold in Australia

A number of blockchain projects are under way in Australia, but questions remain about whether the technology is wanted Continue Reading

Improving security is top driver for ISO 27001

Organisations are implementing the ISO 27001 standard in recognition of the fact that cyber attacks are increasingly inevitable and that it is best to be well-prepared to fend off attacks and mitigate their effect Continue Reading

Challenge to anti-GDPR immigration exemption in DPA to go ahead

Two human rights groups are challenging a controversial clause in new UK data protection legislation that they say is in conflict with the EU’s Charter of Fundamental Rights and undermines the General Data Protection Regulation Continue Reading

Australian government agency trials secure cloud service

The Digital Transformation Agency has become the first government agency in Australia to test the use of Microsoft Office 365 in a secure cloud environment Continue Reading

Nearly a third of organisations still not GDPR ready

As the UK and other states implement the EU’s GDPR, many organisations admit they are still not fully compliant, but most claim to be able to respond to data subject access requests Continue Reading

Better the data you know – how GDPR is affecting UK tech companies

As the dust settles from the General Data Protection Regulation, the implications for technology firms in the UK are becoming clearer Continue Reading

Superdrug denies data breach

Superdrug has warned online customers it believes may have had personal details exposed, but claims its systems were not compromised, in what could be the first GDPR-related extortion attempt Continue Reading

New Zealand to run national cyber security exercise

The island-nation will test the resilience of its critical infrastructure in November 2018, bringing together multiple agencies to protect assets of national significance Continue Reading

Malaysia’s financial sector warms up to cloud, but lacks security leadership

Almost two-thirds of Malaysia’s financial services firms are developing a cloud strategy, but not all have a security plan in place Continue Reading

Planned Australian law raises tech firms’ security concerns

A digital industry group representing some of the world’s largest tech firms is opposed to proposed Australian laws aimed at compelling them to help security agencies and police Continue Reading

Trump sparks speculation after repealing cyber attack restraints

The US president has sparked speculation about US policy on launching cyber attacks by repealing Obama-era restraints, underlining the need for international rules on cyber warfare Continue Reading

UK banks under pressure to improve downtime reporting under new FCA rules

To make it easier for customers to compare and switch between current account providers, UK banks are under pressure to improve their reporting processes for downtime and security incidents Continue Reading

ICO strengthens commitment to technology and innovation

Information Commissioner’s Office has demonstrated its commitment to technology and innovation by appointing a new executive director to focus on this area Continue Reading

UK firms concerned about cyber arms race

Continuous investment and activity are key in the cyber arms race, according to Databarracks, as research shows UK firms are worried about keeping up with security challenges Continue Reading

Over 146 billion records to be stolen over next five years

The US will bear the brunt of data exfiltration efforts by cyber criminals, though Asia-Pacific nations such as Singapore will not be spared Continue Reading

Butlin’s warns of potential personal data breach

Holiday camp chain blames cyber breach on a phishing attack, implying that attackers were able to steal user credentials to access customer data – and underlining the need for security awareness training Continue Reading

ICO fines Emma’s Diary £140,000

The UK’s privacy watchdog has fined a marketing company for illegally collecting and selling personal information for political campaigning Continue Reading

Australia calls for interventionist approach in new cyber agenda

The Australian government is forming a cyber defence network comprising security agencies and private sector partners to support a more interventionist approach towards cyber security Continue Reading

Starbucks to advise on development of bitcoin trading platform

Coffee giant Starbucks has joined a group of firms advising Intercontinental Exchange on the development of a digital assets platform Continue Reading

Security Think Tank: Outsource responsibility, not accountability

What critical security controls can be outsourced and how do organisations, SMEs in particular, maintain confidence that they are being managed effectively and appropriately? Continue Reading

Half of UK consumers to exercise GDPR rights within a year

More than half of UK consumers will exercise their General Data Protection Regulation rights within a year and almost two-thirds will retract or review data use because of the Facebook-Cambridge Analytica scandal, a study shows Continue Reading