Apr 01 2024

Securing privacy in the face of expanding data volumes

Category: Information Privacydisc7 @ 8:59 am

One of the primary concerns regarding data privacy is the potential for breaches and unauthorized access. Whether it’s financial records, medical histories, or personal communications, individuals have a right to control who can access their data and for what purposes.

In this Help Net Security round-up, we present parts of previously recorded videos in which security experts discuss various aspects of data privacy and protection.

Complete videos

  • Stephen Cavey, Chief Evangelist at Ground Labs, talks about how businesses and job seekers are not only prioritizing data privacy but using it as a competitive advantage in this rivalrous landscape.
  • Dana Morris, SVP Product and Engineering at Virtru, talks about privacy-preserving cryptography.
  • Kris Lahiri, CSO at Egnyte, believes data privacy violations cast a long shadow and takes a closer look at the lasting consequences.
  • Karen Schuler, Global Privacy & Data Protection Chair at BDO, discusses overconfidence in data privacy and data protection practices.
  • Romain Deslorieux, Global Director, Strategic Partnerships at Thales, discusses what companies should be planning based on current regulations and what steps they can take to prepare for the future.

Latest Titles on Data Privacy

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: data privacy


Aug 17 2023

Data Privacy Solutions

Category: Information Privacy,Security and privacy Lawdisc7 @ 10:09 am

Your data is an asset. Safeguarding it will help you comply with data protection laws and allow your business to thrive

A global leader in privacy guidance, audits, tools, training and software

IT Governance is a market leader in data privacy and cyber security solutions. Their broad suite of offerings is one of the most comprehensive in the world.

ITG affordable solutions have assisted numerous individuals and organizations in understanding the tangible aspects of data privacy. With substantial legal and technical proficiency, coupled with a 15-year history in cybersecurity risk management, ITG customers have complete confidence in entrusting us with their needs.

Speed up your compliance initiatives for GDPR, CPRA, and other regulations ISO 27701 by utilizing ITG collection of top-performing Tools, Templates and eBooks.

Templates and Tools

Training and staff awareness

Books

Checkout our ISO 27701 related posts to assess and built your PMS

Checkout our previous posts on CPRA

Checkout our previous posts on GDPR

CISSP training course

InfoSec tools | InfoSec services | InfoSec books | Follow our blog

Tags: CCPA, CPRA, data privacy, Data Privacy Solutions, gdpr, ISO 27701


May 29 2023

WANT TO OWN A TESLA OR ALREADY OWN ONE, CHECK THIS MASSIVE CONFIDENTIAL DATA BREACH OF TESLA

Category: Data BreachDISC @ 10:43 am

The research that was published in the German daily Handelsblatt said that customers of Tesla Inc. lodged over 2,400 complaints about difficulties with self-acceleration and 1,500 complaints regarding issues with brakes between the years of 2015 and March 2022.

According to reports, a big data dump that was based on a whistleblower’s breach of internal Tesla papers suggests that problems with Tesla’s autonomous driving system may be considerably more frequent than authorities and the media have suggested. This was discovered after the whistleblower gained unauthorized access to internal Tesla documents.

According to information that was taken from Tesla’s information technology (IT) system, complaints against these Full Self Driving (FSD) capabilities originated from all over the globe, including the United States of America, Europe, and Asia.

Particularly, in an article titled “My autopilot almost killed me,” Handelsblatt reported receiving 100 terabytes of data and 23,000 files. Within those files were 3,000 entries highlighting consumers’ safety concerns and tales of more than 1,000 crashes.

The publisher included a note stating that the data includes the phone numbers of customers.

According to the hundreds of clients that Handelsblatt is claimed to have contacted, the fears were quite serious.

According to one man from Michigan, his Tesla “suddenly braked hard, as hard as you can imagine.” When I was ordered to fasten my seatbelt, the vehicle was on the verge of coming to a complete halt. I was then struck by a second car.

The files were shown to the Fraunhofer Institute for Secure Information Technology by Handelsblatt. The institute concluded that there is no reason to presume that “the data set does not come from IT systems belonging to or in the environment of Tesla.”

Employees are instructed that, unless lawyers are involved, they should not deliver written comments but rather should convey them “VERBALLY to the customer.” Unless attorneys are involved, written critiques should not be given.

The post quotes the instructions as saying, “Do not copy and paste the report below into an email, text message, or leave it in a voicemail to the customer,” and it is clear that this is a requirement.

An report featured a doctor from California who said that her Tesla accelerated on its own in the autumn of 2021 and smashed into two concrete pillars. She noted that the company never sent emails and that everything was always communicated verbally.

According to the attorneys for Tesla, the news organization is required to provide a copy of the data to Tesla, and all other copies of the data must be destroyed. The attorneys for Tesla also warned legal action “for the theft of confidential and personal data.”

According to reports, the alleged papers would undoubtedly be important to current wrongful death lawsuits made against Tesla. These claims assert that the company’s technology has significant safety faults. Additionally, they may compel local, state, and federal authorities to take action.

The state’s data protection officer, Dagmar Hartge, recognized the seriousness of the allegations and pointed out that, should the allegations prove to be accurate, the data breach would have significant repercussions on a worldwide scale. The situation has been sent to privacy advocates in the Netherlands so that additional investigation might be conducted.

“Tesla takes the protection of its proprietary and confidential information, as well as the privacy of its employees and customers, very seriously.” “We intend to initiate legal proceedings against this individual for his theft of Tesla’s confidential information and employees’ personal data,” Tesla stated in a response that was reported by the publication. The statement was made in reaction to the theft of sensitive information and personal data pertaining to Tesla employees.

The Chinese regulatory authorities have already started to take action. Approximately two weeks ago, Tesla was forced to provide an emergency software update for the majority of the automobiles it has sold in China as a direct result of problems with unexpected and sudden acceleration.

Since 2016, Musk has made many claims that his self-driving vehicles would be really autonomous, but he has not delivered on those claims.

Data Privacy: A runbook for engineers

InfoSec tools | InfoSec services | InfoSec books

Tags: data privacy, TESLA, Tesla Remotely Hacked


Dec 31 2021

What is a Personal Firewall?

Category: Firewall,next generation firewallDISC @ 7:55 am

What is a Firewall?

A Firewall is the controller of incoming and outgoing traffic between your computer and internet network.

Who should use a Firewall, and for what?

  1. Those wanting to prevent unauthorized remote access.
  2. Those looking to block immoral content (such as adult sites).
  3. Online gamers – at a high risk for getting hacked in online games.
  4. Business owners and those working from home – at a high risk for getting hacked.
  5. Anyone not wanting to risk their data and privacy.

Why is a Firewall important?

A Firewall is important for several reasons:

  1. Promotes privacy
    A Firewall blocks or alerts the user about all unauthorized inbound or outbound connection attempts. It allows the user to control which programs can access the local network and internet.
  2. Stops viruses and spyware
  3. Prevents hacking
    A Firewall blocks and prevents hacking attempts and attacks.
  4. Monitors network traffic and applications
    It regulates all incoming and outgoing internet users as well as applications that are listening for incoming connections. Moreover, it tracks recent events and intrusion attempts to see who has tried to access your computer.

What’s the difference between a personal and business-grade Firewall?

• A personal Firewall usually only protects the computer on which it is installed, whereas a business-grade Firewall is normally installed on a designated interface between two or more networks (allowing for a greater number of computers to be protected).
• Personal Firewalls allows a security policy to be defined for individual computers, while a business-grade Firewall controls the policy between the networks that it connects.
• Personal Firewalls are useful in protecting computers that are moved through different networks (as the protection is per computer vs. the network). It can be used at public hotspots, allowing the user to decide the level of trust and the option to reconfigure the settings to limit traffic to and from the computer.
• Unlike business-grade Firewalls, many personal firewalls have the ability to control network traffic for programs on the secured computer. For instance, when an application needs to establish outbound connection, the personal Firewall will scan it for safety, block it if it’s blacklisted, or ask for permission to blacklist it if not known.
• Personal Firewalls may also help block intruders by allowing the software to block connectivity where it suspects an intrusion is being attempted.

Risks of not having a Firewall

  • Loss of data
  • Open access
  • Network crashes

Personal computer firewall

Tags: data privacy, data protection, Firewall, Network Security, Online Privacy, Online Safety


Nov 03 2020

Privacy-focused Brave browser grew over 130% in the past year

Category: Information Privacy,Web SecurityDISC @ 1:07 pm

Brave Browser, the privacy-focused web browser, announced today that it grew in usage by over 130% in its first year of the release of its ‘Stable’ version.

Source: Privacy-focused Brave browser grew over 130% in the past year



Brave Browser Review 2020: Should you make the switch?
httpv://www.youtube.com/watch?v=cQuTwpUFIXU&ab_channel=dottotech



Why you should download Brave Browser NOW!




Tags: data privacy, Information Privacy, loss of privacy


Aug 20 2020

5 Common Accidental Sources of Data Leaks

Category: data securityDISC @ 11:39 am

 

5 Common Accidental Sources of Data Leaks – Nightfall AI

How do bad actors gain access to a company’s data? Most of the time, well-meaning everyday people are the real source of data insecurity.

In cybersecurity and infosec, it’s common to assume that criminals are behind all data breaches and major security events. Bad actors are easy to blame for information leaks or account takeovers, because they’re the ones taking advantage of vulnerabilities in systems to worm their way in and cause massive damage. But how do they gain access in the first place? Most of the time, well-meaning everyday people are the real source of data insecurity.

A study of data from 2016 and 2017 indicated that 92% of security data incidents and 84% of confirmed data breaches were unintentional or inadvertent. Accidental data loss continues to plague IT teams, especially as more organizations are rapidly moving to the cloud. While it’s important to prioritize action against outside threats, make sure to include a strategy to minimize the damage from accidental breaches as well.

This list of five common sources of accidental data leaks will help you identify the problems that could be lurking in your systems, apps, and platforms. Use these examples to prepare tighter security controls and keep internal problems from becoming major issues across your entire organization.

Source: 5 Common Accidental Sources of Data Leaks – Nightfall AI




Tags: Data Leaks, data loss prevention, data privacy, data ptotection, data security


May 21 2019

Microsoft wants a US privacy law that puts the burden on tech companies

Category: Information PrivacyDISC @ 8:56 am

On the first anniversary of #GDPR, Microsoft calls for a similar privacy law in the US that puts the burden on the companies that collect and use sensitive data.

Europe’s privacy law went into effect nearly a year ago. It’s time for the US to catch up, the tech giant says.

Source: Microsoft wants a US privacy law that puts the burden on tech companies

 

 

 Subscribe in a reader




Tags: California Consumer Privacy Act, data privacy, GDPR Privacy


Jan 31 2019

The biggest ever data dump just hit a colossal 2.2 billion accounts

Category: data security,Security BreachDISC @ 11:12 am

  • Data Security
  • Thought Collection #1 was big? Collection #2-5 just dwarfed it

    Source: The biggest ever data dump just hit a colossal 2.2 billion accounts





    Tags: Data dump, data privacy, data security


    Sep 27 2017

    Data flow mapping under the EU GDPR

    Category: data security,GDPR,Security ComplianceDISC @ 8:56 am

    As part of an EU General Data Protection Regulation (GDPR) compliance project, organisations will need to map their data and information flows in order to assess their privacy risks. This is also an essential first step for completing a data protection impact assessment (DPIA), which is mandatory for certain types of processing.

    The key elements of data mapping

    To effectively map your data, you need to understand the information flow, describe it and identify its key elements.

    1. Understand the information flow

    An information flow is a transfer of information from one location to another, for example:

    • From inside to outside the European Union; or
    • From suppliers and sub-suppliers through to customers.

    2. Describe the information flow

    • Walk through the information lifecycle to identify unforeseen or unintended uses of data. This also helps to minimise what data is collected.
    • Make sure the people who will be using the information are consulted on the practical implications.
    • Consider the potential future uses of the information collected, even if it is not immediately necessary.

    3. Identify its key elements

    Data items

    • What kind of data is being processed (name, email, address, etc.) and what category does it fall into (health data, criminal records, location data, etc.)?

    Formats

    • In what format do you store data (hardcopy, digital, database, bring your own device, mobile phones, etc.)?

    Transfer method

    • How do you collect data (post, telephone, social media) and how do you share it internally (within your organisation) and externally (with third parties)?

    Location

    • What locations are involved within the data flow (offices, the Cloud, third parties, etc.)?

    Accountability

    • Who is accountable for the personal data? Often this changes as the data moves throughout the organisation.

    Access

    • Who has access to the data in question?

     

    The key challenges of data mapping

    • Identifying personal data Personal data can reside in a number of locations and be stored in a number of formats, such as paper, electronic and audio. Your first challenge is deciding what information you need to record and in what format.
    • Identifying appropriate technical and organizational safeguards The second challenge is likely to be identifying the appropriate technology – and the policy and procedures for its use – to protect information while also determining who controls access to it.
    • Understanding legal and regulatory obligations Your final challenge is determining what your organisation’s legal and regulatory obligations are. As well as the GDPR, this can include other compliance standards, such as the Payment Card Industry Data Security Standard (PCI DSS) and ISO 27001.Once you’ve completed these three challenges, you’ll be in a position to move forward, gaining the trust and confidence of your key stakeholders.

     

    Data flow mapping

    To help you gather the above information and consolidate it into one area, Vigilant Software, a subsidiary of IT Governance, has developed a data flow mapping tool with a specific focus on the GDPR.

     

    Order Today

     





    Tags: data flow mapping, data privacy, data security, gdpr