Privacy

19 January 2015 at 3:19pm
During a recent conversation about learning analytics it occurred to me that it might be helpful to analyse how universities use student data in terms of the different justifications provided by UK and European Data Protection Law.
6 January 2015 at 9:29am
Reading yet another paper on privacy and big data that concluded that processing should be based on the individual's consent, it occurred to me how much that approach limits the scope and powers of privacy regulators. When using consent to justify processing, pretty much the only question for regulators is whether the consent was fairly obtained – effectively they are reduced to just commenting and ruling on privacy notices. And, indeed, a surprising number of recent opinions and cases do seem to be about physical and digital signage.
22 December 2014 at 12:07pm
The steady growth in the use of encrypted communications seems likely to increase next year given recent announcements on both web browsers and servers. That's good news for security people worried that their users may be sending sensitive information such as passwords and credit card numbers over the Internet.
18 December 2014 at 9:11am
Although it's now almost three years since the European Commission published their proposed General Data Protection Regulation, it seems unlikely that a final text will be agreed even in 2015. That means we'll be stuck for at least another year with the 1995 Directive, whose inability to deal with the world of 2015 is becoming increasingly apparent.
15 October 2014 at 11:54am
One aspect of the Google Spain judgment I’ve not seen discussed is the incentives it creates for search engines.
10 September 2014 at 8:57am
I was invited to give a presentation on legal and ethical issues around information sharing at TERENA’s recent security services workshop. The talk highlighted the paradox that sharing information is essential to protect the privacy of our users when their accounts or computers have been compromised, but that sharing can also harm privacy if it’s not done correctly.
4 July 2014 at 3:46pm
Andrew Cormack has been asked a few times recently how to decide which data or services it's appropriate to place in the cloud. The answer, rather boringly, is the same as for almost any other security question:
1 July 2014 at 3:25pm
I've been asked a few times recently how to decide which data or services it's appropriate to place in the cloud. The answer, rather boringly, is the same as for almost any other security question:
30 June 2014 at 1:01pm
At the FIRST conference this week I've heard depressingly many incident responders saying "our lawyers won't let us...". Since incident response, done right, should actually support the law's objectives, it seems we need to be smarter, and maybe a bit more assertive, about explaining how incident response and law interact.
25 June 2014 at 4:45pm
There's no doubt that some parts of the UK Data Protection Act and the EU Data Protection Directive are badly out of date and need revising. The world they were drafted for in the early 1990s has changed.
Subscribe to Privacy