Why would you want to spend the effort, time and money drafting an equivalent law? It'd be the same thing, only it 'll say 'British Data Protection Regulation' instead of "European". Same goes for every other piece of legislation we need to replace. They already exist, and assuming we want to deal with Europe in any way then we'll have to the same in all but name, allowing for fairly minor amendments acceptable to the EU.
44 posts • joined 19 Jun 2009
The GDPR is in effect now, but we've got until May 2018 to become compliant with it. If organisations aren't already applying or planning to apply at least some of the principles already, then they're quite likely to run out of time. Even if we vote Leave, we won't get out for at least two years so the GDPR will be being enforced before we've managed to exit the EU.
Re: Why don't we have a register of all criminals?
Mp's wont pass legislation for an open list they will appear on.
It's only half a million quid right now, but the replacement for the DPA (the EU General Data Privacy Regulation) allows for 4% of global turnover or 20 million Euros, whichever is higher. It might actrually result in companies taking their data security a bit more seriously in future.
Isn't this already covered under the new EU General Data Privacy Regulation? That mandates a fine of up to 4% of global turnover or 20 million euros, whichever is higher, and they have specific details around only using information for the purpose for which it was collected.
Can it be hacked?
Update the FAQs and the help database, to give useless answers?
"If you're having trouble communicating, immediately disable ToR and try again. If that fails, send an email containing your name and address to help@GCHQ.com
So they were responsible for securing the intranet, yes?
...having guards watch the yards and pick up anything that is dropped? It can't be that hard to detect a drone and send somebody over to the rough location it went to, then remove anything on the ground, can it? Far easier than a purely blocking tactic.
If you've got an 18 digit PAN, as with some Visa issued cards, and remove the middle six, how many digits are left?
Middle six digits removed? I hope they meant to say that only the first six and last four digits were stored, as otherwise that's a(nother) breach of PCI rules.
I've seen this before at a place I worked. Turned out the random number generator used to create the 'unique' session ID's wasn't random, and if a second user got the same ID before the caches had been cleared they could see the other persons details.
TalkTalk plays 'no legal obligation' card on encryption – fails to think of the children (read: its customers)
Re: do payment processors have an obligation to deal with talktalk?
Sadly, they've never done it yet, because it hurts their own profits. If Target didnt get their Visa / Mastercard licence withdrawn, no-one will.
Lol. Selling data on the dark web isn't as profitable as it used to be? That's only if you look at it on a price per unit basis, because the market is flooded with details stolen from companies like TT. Overall it's still very profitable.
Is it just me who thinks she needs a PR person telling her to shut up right now?
Research by the Ponemon Institute (2014 paper) says the opposite. That's the evidence opposing the HBR, and focused on UK industry too. They looked at actual breaches (and their costs) and have done for some years.
The last lot of research I saw (Ponemon Institue) said that comms companies can expect to lose about 5% of their customers following a breach, whether they were personally affected or not. Surely that possibility frightens shareholders and makes the company worth less, at least in the short term?
Hopefully not Experian though, eh?
A young Sauron was very pleased with his prototype Eye.
Shortly afterwards, Edward put a sign on the machine reading "Caution - do not look directly into machine with remaining eye".
Early adopters of Skype found the hardware requirements to be a bit more than they expected.
Their next annual review may well be beginning today, starting with a knock on the door from serious lookg audit types with forensic investigators in tow. If Talk Talk didn't tell their acquirer / Visa / Mastercard they'd been breached right away, then a very dim view will be taken.
You won't believe this dad, but Teasmaid say that in 2015 coffee will pour itself!
Coffee in 2015
The VR goggles couldn't do anything for the taste of the coffee, but at least they made the barista look attractive .
Excellent. You've fixed the HTTPS issue, now can you publish your PCI Attestation Of Compliance please? I'm sure you have one, being a merchant taking a large number of card transactions ...
As they removed the goggles and turned around, it became clear that technology really had reached the final front ear.
If they'd done this years ago, we wouldn't now have the mess that is PCI-DSS. But because America can't secure its data properly, the whole world has to suffer.
RM -R *
There they go. I *knew* dinosaurs had been a mistake.
"You are in a featureless desert. Choose a direction N S E W"
"You have been captured by pagans. Press Y to try again to successfully get your 12 tribes to the Promised Land"
That's an interesting one. Why did he do that? Was it a result of work pressure and he needed to do stuff at home, was it a way of getting a customer list for a private enterprise he wanted to set up, or something else? If the former was it sanctioned by Morgan Stanley, or at least common working practice?
Motive makes a difference. He may well have taken the data with the best intent, or he may have had nefarious purposes in mind. Ulitmately though, it seems the data went public becuase his security was about the same level as Morgan Stanleys, only he's the one left holding the can when the breach occurred.
As well as buttons being pressed while in the evidence bag, was it put in there switched on or not? And if it was in there switched on, how long was it there for and did it need charging before the buttons were accidentally pressed?
"It's a bug not a data breach"
Good luck getting that accepted by the ICO.
The Company hadn't read the contract properly before allowing Crapita to install the new web based system.
What, and dent their profits?
They won't remove a retailers ability to take card payments while they can continue to make money from those payments, and while they don't stand any losses which do occur - the latter point is the whole reason for PCI, after all.
When did they notify Visa etc / their acquirer, as required under PCI rules?
Re: Where are they shopping
Amazon doesnt require a CVV.
Re: Only 10 years to late....
PCI 1.0 came in in December 2004, and has always stated that it applies when card data is stored, processed or transmitted.
Re: Plus net phone and broadband down here for us
It's fine just up the road in Mossley.
What berk bought this without testing it outside first?
What? contacting the DVLA for info regarding horse fouling? I'm not even sure what that is, but good luck tracing me through the DVLA - no horse I've owned had a number plate, although I bet the last lot had it on their 'to do' list.
Anyone else want to predict what will happen to the wheelchair, the first time a shotgun mounted on it is fired?
Re : David Barrett
"There are a few people above commenting that ...the Decent HBOS systems are being dumped in favour of the ancient LTSB ones... I dont think (from looking at the site) that this is correct."
The few remaining people working in Halifax would tell you otherwise - HBOS kit is being dumped in favour of replacment by Lloyds. Timescale is also ridiculously short (about 2 years, last I heard)
you could see it coming
LLoyds are trying to integrate all the HBOS systems at the moment. They've taken the decision to more or less ditch the more modern HBOS systems and integrate all their functions into the ancient Lloyds systems, with inevitable comedy results.
Next version of the LHC?
LHC9000, Doom fans?
Is it just me
Who is sat here giggling at the mental image of '... the earphones transmitted the electrical current into his head."?