Harvey Norman, the retail giant with 13 stores in the Republic and a further two stores in Northern Ireland, has admitted to customers that it suffered a data breach through a third-party tool used on its website. “We wish to alert you to a data breach that has occurred in the systems of a third-party website service provider, Typeform, which has resulted in the unauthorised access to some Harvey Norman data,” the company said earlier this week in a statement.
The flow of data between the United States and the EU may be at risk as tensions are rising around Privacy Shield. If you haven’t been living under a rock for the last two years, you will likely have heard of the GDPR – the EU data protection regulation that now fiercely protects EU citizen data, whether in the hands of a non-EU or EU-based organisation. You may have wondered, then, how companies in places like the US are still able to legally hold and process EU data without falling foul of the GDPR, and the answer is Privacy Shield. Privacy Shield is a framework that allows companies on both sides of the Atlantic to transfer data while complying with the GDPR. However, this may all soon change, with Members of the European Parliament calling for Privacy Shield to be brought up to scratch or invalidated.
Privacy Shield’s predecessor, Safe Harbour, was already invalidated in 2016 after it was ruled to be inadequate by the EU
In one of the last data breach fines to be handed down in a pre-GDPR Europe, the University of Greenwich has been ordered to pay a £120,000 fine to the Information Commissioner’s Office. The breach in question stemmed from a micro-website set up by students in 2004, and ultimately resulted in the details of 20,000 staff members and students being leaked online.
The University of Greenwich, in London, has accepted that it was responsible for the incident, and intends to pay the fine immediately.
Almost two years ago, the European Union signed the General Data Protection Regulation (better known as the GDPR) into law, allowing for a 24 month period before the regulation would become binding to allow organisations and businesses time to comply with its requirements. At the time of writing, the GDPR will come into force in just eight days, a thought which may strike fear into the hearts of many business owners who are not going to be fully compliant by the deadline. So what exactly is going to happen, come Friday the 25th of May? We’ve taken the time to compile some information and predictions to help cut through the noise and focus on what’s important.
The GDPR, which replaces the 1995 Data Protection Directive, was adopted on 14th April 2016 and will become enforceable on 25th May 2018.
Trend Micro, one of the largest cyber security firms in the world, has released their annual security roundup report, and the results show some alarming trends. With the GDPR upcoming, cyber criminals have been refining their techniques in order to increase their financial gains, moving away from exploit kits which can be an unpredictable earner, to more reliable tactics such as business email compromise, phishing and spam, ransomware, and the relatively new threat to businesses, malicious crypto-currency mining.