I'll assume from their comment that they're also still not PCI compliant yet, either, and further, more considerable, funds may be leaving their organisation in future.
57 posts • joined 19 Jun 2009
While they may not know that this applies to them, one would expect that they had something in place to review legislation and determine whether they are or are not in scope of it, on a regular basis.
I think that leaves two possibilities:
1) They are incompetent, and genuinely have no idea what regulations apply to them
2) They know which regulations apply to them, but wilfully ignore them.
Which is it?
Re: Yay for lobbyists
That would seem to contradict the requirements of GDPR, which requires that marketing opt-ins are made by a positivie action by the user - in other words, you have to actively agree to opting in and a passive system isn't acceptable.
GDPR to the rescue
Recording the MAC address means it can be tied back to an individual, and is therefore personal data. They'll therefore need to gain consent for processing it.
Re: Any hope of crowd sourcing a Pence for president "solution"?
You didn't notice that the guy who shot Reagan was paroled a month or two back, then? Probably been on a CIA range ever since ...
Apple will have specified the performance parameters when they went to the the suppliers. If they did, and the products are within those, then there's no problem. If they didn't, or they aren't, then there's a problem. I can't see Apple making such elementary mistakes, but stranger things have happened.
As of two weeks ago
nothing has changed.
Failed to collect direct debit
threatened to cut off service as a result of not collecting payment
agreed not to cut off service
sent text saying service would be cut off unless payment recieved
confirmed service wouldnt be cut off
cut off service
sent text saying service would be cut off unless payment recieved
confirmed service wouldnt be cut off and DD was now set up correctly
"Good afternon, Telephone Preference Service, how can I help you?"
Re: Seems simple to me
Fancy it, no. Nor would I have the right to whinge about it if that's the published consequence of the activity.
Seems simple to me
If you break into / illegally access a server or system, then you're prosecuted in the place that the server or system resides.
To put it another way, if I co-ordinated a bank robbery in another country, where would I be tried? I'm fairly sure it wouldn't usually be in Britain.
We'll put in place exactly the same regulation, only we'll call it the 'Great British Data Protection Regulation' so the Brexit crowd think they've taken back control.
Re: This should be one of the easiest taxes to collect ...
ANPR camera at every petrol station. No current record, no petrol (and maybe the drive-off barriers come up for good measure).
Jane More O'Ferrall? More Overall? That can't be a real name, surely?
Why would you want to spend the effort, time and money drafting an equivalent law? It'd be the same thing, only it 'll say 'British Data Protection Regulation' instead of "European". Same goes for every other piece of legislation we need to replace. They already exist, and assuming we want to deal with Europe in any way then we'll have to the same in all but name, allowing for fairly minor amendments acceptable to the EU.
The GDPR is in effect now, but we've got until May 2018 to become compliant with it. If organisations aren't already applying or planning to apply at least some of the principles already, then they're quite likely to run out of time. Even if we vote Leave, we won't get out for at least two years so the GDPR will be being enforced before we've managed to exit the EU.
Re: Why don't we have a register of all criminals?
Mp's wont pass legislation for an open list they will appear on.
It's only half a million quid right now, but the replacement for the DPA (the EU General Data Privacy Regulation) allows for 4% of global turnover or 20 million Euros, whichever is higher. It might actrually result in companies taking their data security a bit more seriously in future.
Isn't this already covered under the new EU General Data Privacy Regulation? That mandates a fine of up to 4% of global turnover or 20 million euros, whichever is higher, and they have specific details around only using information for the purpose for which it was collected.
Can it be hacked?
Update the FAQs and the help database, to give useless answers?
"If you're having trouble communicating, immediately disable ToR and try again. If that fails, send an email containing your name and address to help@GCHQ.com
So they were responsible for securing the intranet, yes?
...having guards watch the yards and pick up anything that is dropped? It can't be that hard to detect a drone and send somebody over to the rough location it went to, then remove anything on the ground, can it? Far easier than a purely blocking tactic.
If you've got an 18 digit PAN, as with some Visa issued cards, and remove the middle six, how many digits are left?
Middle six digits removed? I hope they meant to say that only the first six and last four digits were stored, as otherwise that's a(nother) breach of PCI rules.
I've seen this before at a place I worked. Turned out the random number generator used to create the 'unique' session ID's wasn't random, and if a second user got the same ID before the caches had been cleared they could see the other persons details.
TalkTalk plays 'no legal obligation' card on encryption – fails to think of the children (read: its customers)
Re: do payment processors have an obligation to deal with talktalk?
Sadly, they've never done it yet, because it hurts their own profits. If Target didnt get their Visa / Mastercard licence withdrawn, no-one will.
Lol. Selling data on the dark web isn't as profitable as it used to be? That's only if you look at it on a price per unit basis, because the market is flooded with details stolen from companies like TT. Overall it's still very profitable.
Is it just me who thinks she needs a PR person telling her to shut up right now?
Research by the Ponemon Institute (2014 paper) says the opposite. That's the evidence opposing the HBR, and focused on UK industry too. They looked at actual breaches (and their costs) and have done for some years.
The last lot of research I saw (Ponemon Institue) said that comms companies can expect to lose about 5% of their customers following a breach, whether they were personally affected or not. Surely that possibility frightens shareholders and makes the company worth less, at least in the short term?
Hopefully not Experian though, eh?
A young Sauron was very pleased with his prototype Eye.
Shortly afterwards, Edward put a sign on the machine reading "Caution - do not look directly into machine with remaining eye".
Early adopters of Skype found the hardware requirements to be a bit more than they expected.
Their next annual review may well be beginning today, starting with a knock on the door from serious lookg audit types with forensic investigators in tow. If Talk Talk didn't tell their acquirer / Visa / Mastercard they'd been breached right away, then a very dim view will be taken.
You won't believe this dad, but Teasmaid say that in 2015 coffee will pour itself!
Coffee in 2015
The VR goggles couldn't do anything for the taste of the coffee, but at least they made the barista look attractive .
Excellent. You've fixed the HTTPS issue, now can you publish your PCI Attestation Of Compliance please? I'm sure you have one, being a merchant taking a large number of card transactions ...
As they removed the goggles and turned around, it became clear that technology really had reached the final front ear.
If they'd done this years ago, we wouldn't now have the mess that is PCI-DSS. But because America can't secure its data properly, the whole world has to suffer.
RM -R *
There they go. I *knew* dinosaurs had been a mistake.
"You are in a featureless desert. Choose a direction N S E W"
"You have been captured by pagans. Press Y to try again to successfully get your 12 tribes to the Promised Land"
That's an interesting one. Why did he do that? Was it a result of work pressure and he needed to do stuff at home, was it a way of getting a customer list for a private enterprise he wanted to set up, or something else? If the former was it sanctioned by Morgan Stanley, or at least common working practice?
Motive makes a difference. He may well have taken the data with the best intent, or he may have had nefarious purposes in mind. Ulitmately though, it seems the data went public becuase his security was about the same level as Morgan Stanleys, only he's the one left holding the can when the breach occurred.
As well as buttons being pressed while in the evidence bag, was it put in there switched on or not? And if it was in there switched on, how long was it there for and did it need charging before the buttons were accidentally pressed?
"It's a bug not a data breach"
Good luck getting that accepted by the ICO.
The Company hadn't read the contract properly before allowing Crapita to install the new web based system.
What, and dent their profits?
They won't remove a retailers ability to take card payments while they can continue to make money from those payments, and while they don't stand any losses which do occur - the latter point is the whole reason for PCI, after all.
When did they notify Visa etc / their acquirer, as required under PCI rules?
Re: Where are they shopping
Amazon doesnt require a CVV.
Re: Only 10 years to late....
PCI 1.0 came in in December 2004, and has always stated that it applies when card data is stored, processed or transmitted.
Re: Plus net phone and broadband down here for us
It's fine just up the road in Mossley.
What berk bought this without testing it outside first?