Standard Post with Image

US NIST revises its Special Publication 800-53

The National Institute of Standards and Technology (NIST) published the fifth revision of the SP 800-53. The document has been drafted by a task force of representatives from the civil, defense and intelligence communities to create a common information security framework for the federal government. This last draft goes beyond previous versions of the same document, addressing all kinds of organizations that can store security and privacy related materials in their systems

The NIST draft is available here
Standard Post with Image

Uber implements a privacy program to settle a FTC complaint

Uber Technologies has agreed to implement a privacy program and to permit regular and independent audits, to settle the Federal Trade Commission (FTC) charges for not having protected its consumers personal data.  The FTC alleged Uber had rarely monitored internal access to personal information of users and drivers, gave false assurances on the safety of its database, and did not take reasonable and low-cost measures to prevent possible data breaches.  For these reasons, the FTC settlement agreement further prohibits Uber from “misrepresenting how it monitors internal access to consumers personal information and misrepresenting how it protects and secures that data”.

The related press release is available on the FTC website here
Standard Post with Image

LinkedIn cannot avoid its public profiles scraping

The U.S. Federal Judge Edward Chen has ruled against LinkedIn’s measures adopted to prevent its public profiles’ scraping. In the debated case, the HiQ Company was scraping data from public LinkedIn profiles.  In response LinkedIn enacted some counter-measures to prevent such activity and sent a letter to HiQ asking to interrupt the scraping.  HiQ Labs replied by filing a lawsuit against LinkedIn, considering its counter-measures as a violation of the antitrust law.  The Federal Court Judge has now granted HiQ request, ordering LinkedIn to remove all the mentioned barriers.  The Microsoft-owned social network has announced its intention to challenge the decision.

Find the related news published by Reuters here
Standard Post with Image

Irish DPC publishes guidance to identify DPOs necessary qualifications

The Data Protection Commissioner (DPC) of Ireland has released a document establishing the qualifications needed by data protection officers.  While the GDPR does not establish a specific set of requirements for DPOs, allowing organisations to appoint DPOs by their own, the DPC has decided to set minimum requirements.  They will have to be evaluated in light of the qualification and knowledge of the expert considering the personal data processing operations to be carried out, the complexity and scale of data processing, the sensitivity of the data processed and the protection required for the data being processed.  Therefore, DPOs requested expertise may vary from case to case.  The Irish Commissioner recommends respecting a non-exhaustive list of factors when choosing the most suitable DPO training programme to form DPOs consisting in:

- the content and means of the training and related assessment;

- whether or not certification is required;

- the credentials of the accrediting body; and

- whether or not the training and certification is recognised internationally.

The Irish DPC guidance is available here
Standard Post with Image

Accenture publishes a report on biometrics role in public services data security

The Accenture Company published a report analyzing the possible role of emerging technologies on the public services.  In its results, the report states that the biometric data and advanced analytics are going to increase their role between government institutions and public service agencies in the field of data security and privacy.  The report indicates that 73 % of its participants has recognised data security and privacy protection improvements as the most important advantages of emerging technologies’ investments.

The report is available at the Accenture website here