Standard Post with Image

Alibaba Cloud joins the EU Cloud CoC

The Alibaba Group’s cloud computing division has announced to have joined the Code of Conduct for Cloud Service Providers in Europe (EU Cloud CoC).  The CoC was adopted following a four-year development process involving industry and the European Commission with the Article 29 Working Party providing input to it.  Thanks to the involvement of European Commission and Member States’ Data Protection Authorities the CoC is unique and also a reliable tool to provide security to cloud users.  Many IT industries (IBM, Oracle, SalesForce among the others) have joined the CoC in order to strengthen the trust between Cloud providers and Cloud users.

The website of the Data Protection Code of Conduct for Cloud Service Providers is accessible here

The Alibaba Group press release is accessible here
Standard Post with Image

EU Commissioner for Justice, Věra Jourová, announces in Washington the joint review of the EU-US Privacy Shield

Věra Jourová, the European Union Commissioner for Justice, Consumers and Gender Equality has announced today, in her speech at the Washington based Center for Strategic and International Studies, that the joint review of the EU-US Privacy Shield will take place in September 2017.  From the EU perspective the review is aimed at closely monitoring the conditions and possibilities for governmental access to data for national security reasons, and at carefully following-up the daily implementation of the Privacy Shield by those companies that have self-certified themselves.

The transcript of Commissioner Věra Jourová speech is accessible here
Standard Post with Image

Gemalto releases findings of 2016 Breach Level Index

The release issued by Gemalto, a leading company in digital security, indicates that “the Breach Level Index is a global database that tracks data breaches and measures their severity based on multiple dimensions, including the number of records compromised, the type of data, the source of the breach, how the data was used, and whether or not the data was encrypted”.  The Index calculates that in 2016, “1,792 data breaches led to almost 1.4 billion data records being compromised worldwide during 2016, an increase of 86% compared to 2015. Identity theft was the leading type of data breach in 2016, accounting for 59% of all data breaches. In addition, 52% of the data breaches in 2016 did not disclose the number of compromised records at the time they were reported”.

You can access the Gemalto release
Standard Post with Image

Israel adopts Regulations on Data Security and Breach Notification

The Israeli Parliament, the Knesset, has adopted Regulations reforming the existing information security regulations and introduces, for the first time in Israel, an overarching data breach notification requirement.  All Israeli entities will be subject to the Regulations, that impose obligatory data security and breach notification requirements on any individual and entity in Israel that owns, manages, and/or maintains a database containing personal data.  The Regulation will enter into force on 30 March and foresees a period of 12 months for data handlers to implement it.

Standard Post with Image

33.7 mln US accounts, many of which from government departments, leaked from a commercial corporate database

Dun & Bradstreet is one of the many business services firms that sells databases to marketers that send targeted email campaigns.  The leaked data were acquired by Dun & Bradstreet from NetProspex in 2015, in a deal worth $ 125 mln.  The data concerned government departments and large corporate among which: the Department of Defense, with 101,013 employee records, followed closely by the US Postal Service, The US Army, Air Force, and Department of Veterans Affairs, AT&T, Boeing, Dell, FedEx, IBM, Xerox, Wal-Mart, CVS, The Ohio State University, Citigroup, Wells Fargo Bank National Association, and the Kaiser Foundation Hospitals.  The data breach can be dangerous for targeted phishing.  Dun & Bradstreet has minimized the event issuing just a media release stating: “We’ve carefully evaluated the information that was shared with us and it is of a type and in a format that we deliver to customers every day. Based on our analysis, it was not accessed or exposed through a Dun & Bradstreet system […]”.