There's another Article which says you can't make a service or product conditional on signing up to Marketing, and it reads like that's exactly what they're proposing to do. So they're still wrong.
66 posts • joined 19 Jun 2009
Re: I'm wondering about non-working days..
GDPR wants the notification to the ICO within 72 hours, not three working days. I can't see this being different.
Re: I'm Guessing Russian Hackers
SKY were one of the 4000 viewers on his stream.
Re: Haa Haa Haa
No. GDPR comes in by May, reducing the response time to 30 days. Gov has already said we will align with GDPR, even if it means bringing in an equivalent bill. So if anything, the DoJ will be even more fucked by October unless it's got it's processes sorted oout.
Capita security called into question as pen tester steals flag from under noses of of staff.
Re: About time fines were set as percentage of annual turnover
May next year. GDPR. 4% of turnover, or 20m euros, whichever is higher.
It's an old password, but it checks out.
Re: Cheap labour
Unfortunately the ICO can only fine them £500k, and as the card details seem to be in line with PCI that alternative is out too.
now if this had come a year later when GDPR is in effect and the maximum fine ramps up to the greater of £20m or 4% of turnover, it may have been different...
Assuming that the purpose of sharing the data is one which requires consent, and not an exemption such as for the purposes of national security or crime prevention. Or that it isn't already covered on another basis, such as being required for the fulfilment of a service contract.
I'll assume from their comment that they're also still not PCI compliant yet, either, and further, more considerable, funds may be leaving their organisation in future.
While they may not know that this applies to them, one would expect that they had something in place to review legislation and determine whether they are or are not in scope of it, on a regular basis.
I think that leaves two possibilities:
1) They are incompetent, and genuinely have no idea what regulations apply to them
2) They know which regulations apply to them, but wilfully ignore them.
Which is it?
Re: Yay for lobbyists
That would seem to contradict the requirements of GDPR, which requires that marketing opt-ins are made by a positivie action by the user - in other words, you have to actively agree to opting in and a passive system isn't acceptable.
GDPR to the rescue
Recording the MAC address means it can be tied back to an individual, and is therefore personal data. They'll therefore need to gain consent for processing it.
Re: Any hope of crowd sourcing a Pence for president "solution"?
You didn't notice that the guy who shot Reagan was paroled a month or two back, then? Probably been on a CIA range ever since ...
Apple will have specified the performance parameters when they went to the the suppliers. If they did, and the products are within those, then there's no problem. If they didn't, or they aren't, then there's a problem. I can't see Apple making such elementary mistakes, but stranger things have happened.
As of two weeks ago
nothing has changed.
Failed to collect direct debit
threatened to cut off service as a result of not collecting payment
agreed not to cut off service
sent text saying service would be cut off unless payment recieved
confirmed service wouldnt be cut off
cut off service
sent text saying service would be cut off unless payment recieved
confirmed service wouldnt be cut off and DD was now set up correctly
"Good afternon, Telephone Preference Service, how can I help you?"
Re: Seems simple to me
Fancy it, no. Nor would I have the right to whinge about it if that's the published consequence of the activity.
Seems simple to me
If you break into / illegally access a server or system, then you're prosecuted in the place that the server or system resides.
To put it another way, if I co-ordinated a bank robbery in another country, where would I be tried? I'm fairly sure it wouldn't usually be in Britain.
We'll put in place exactly the same regulation, only we'll call it the 'Great British Data Protection Regulation' so the Brexit crowd think they've taken back control.
Re: This should be one of the easiest taxes to collect ...
ANPR camera at every petrol station. No current record, no petrol (and maybe the drive-off barriers come up for good measure).
Jane More O'Ferrall? More Overall? That can't be a real name, surely?
Why would you want to spend the effort, time and money drafting an equivalent law? It'd be the same thing, only it 'll say 'British Data Protection Regulation' instead of "European". Same goes for every other piece of legislation we need to replace. They already exist, and assuming we want to deal with Europe in any way then we'll have to the same in all but name, allowing for fairly minor amendments acceptable to the EU.
The GDPR is in effect now, but we've got until May 2018 to become compliant with it. If organisations aren't already applying or planning to apply at least some of the principles already, then they're quite likely to run out of time. Even if we vote Leave, we won't get out for at least two years so the GDPR will be being enforced before we've managed to exit the EU.
Re: Why don't we have a register of all criminals?
Mp's wont pass legislation for an open list they will appear on.
It's only half a million quid right now, but the replacement for the DPA (the EU General Data Privacy Regulation) allows for 4% of global turnover or 20 million Euros, whichever is higher. It might actrually result in companies taking their data security a bit more seriously in future.
Isn't this already covered under the new EU General Data Privacy Regulation? That mandates a fine of up to 4% of global turnover or 20 million euros, whichever is higher, and they have specific details around only using information for the purpose for which it was collected.
Can it be hacked?
Update the FAQs and the help database, to give useless answers?
"If you're having trouble communicating, immediately disable ToR and try again. If that fails, send an email containing your name and address to help@GCHQ.com
So they were responsible for securing the intranet, yes?
...having guards watch the yards and pick up anything that is dropped? It can't be that hard to detect a drone and send somebody over to the rough location it went to, then remove anything on the ground, can it? Far easier than a purely blocking tactic.
If you've got an 18 digit PAN, as with some Visa issued cards, and remove the middle six, how many digits are left?
Middle six digits removed? I hope they meant to say that only the first six and last four digits were stored, as otherwise that's a(nother) breach of PCI rules.
I've seen this before at a place I worked. Turned out the random number generator used to create the 'unique' session ID's wasn't random, and if a second user got the same ID before the caches had been cleared they could see the other persons details.
TalkTalk plays 'no legal obligation' card on encryption – fails to think of the children (read: its customers)
Re: do payment processors have an obligation to deal with talktalk?
Sadly, they've never done it yet, because it hurts their own profits. If Target didnt get their Visa / Mastercard licence withdrawn, no-one will.
Lol. Selling data on the dark web isn't as profitable as it used to be? That's only if you look at it on a price per unit basis, because the market is flooded with details stolen from companies like TT. Overall it's still very profitable.
Is it just me who thinks she needs a PR person telling her to shut up right now?
Research by the Ponemon Institute (2014 paper) says the opposite. That's the evidence opposing the HBR, and focused on UK industry too. They looked at actual breaches (and their costs) and have done for some years.
The last lot of research I saw (Ponemon Institue) said that comms companies can expect to lose about 5% of their customers following a breach, whether they were personally affected or not. Surely that possibility frightens shareholders and makes the company worth less, at least in the short term?
Hopefully not Experian though, eh?
A young Sauron was very pleased with his prototype Eye.
Shortly afterwards, Edward put a sign on the machine reading "Caution - do not look directly into machine with remaining eye".
Early adopters of Skype found the hardware requirements to be a bit more than they expected.
Their next annual review may well be beginning today, starting with a knock on the door from serious lookg audit types with forensic investigators in tow. If Talk Talk didn't tell their acquirer / Visa / Mastercard they'd been breached right away, then a very dim view will be taken.
You won't believe this dad, but Teasmaid say that in 2015 coffee will pour itself!
Coffee in 2015
The VR goggles couldn't do anything for the taste of the coffee, but at least they made the barista look attractive .
Excellent. You've fixed the HTTPS issue, now can you publish your PCI Attestation Of Compliance please? I'm sure you have one, being a merchant taking a large number of card transactions ...
As they removed the goggles and turned around, it became clear that technology really had reached the final front ear.
If they'd done this years ago, we wouldn't now have the mess that is PCI-DSS. But because America can't secure its data properly, the whole world has to suffer.
RM -R *
There they go. I *knew* dinosaurs had been a mistake.
"You are in a featureless desert. Choose a direction N S E W"
"You have been captured by pagans. Press Y to try again to successfully get your 12 tribes to the Promised Land"
That's an interesting one. Why did he do that? Was it a result of work pressure and he needed to do stuff at home, was it a way of getting a customer list for a private enterprise he wanted to set up, or something else? If the former was it sanctioned by Morgan Stanley, or at least common working practice?
Motive makes a difference. He may well have taken the data with the best intent, or he may have had nefarious purposes in mind. Ulitmately though, it seems the data went public becuase his security was about the same level as Morgan Stanleys, only he's the one left holding the can when the breach occurred.