Category Archives: Data privacy

Facebook’s Zuckerberg ‘sorry’ over Cambridge Analytica ‘breach’

 

Facebook scandal looks a hot discussion topic this week. However the scandal looks like the vendor misbehavior instead of data breach. Anyway let’s the expert figure out the truth. Perhaps this is not a news of cyber security expert since facebook not a secure platform so far. Scam email, email plishing relies on stolen data on facebook client endpoint do the ditry tricks. Heard that the UK parliament asks Mark Zuckerberg to testify in data misuse case. Oh!

Facebook’s Zuckerberg ‘sorry’ over Cambridge Analytica ‘breach’. For more details, please refer following url for reference.

http://www.bbc.com/news/world-us-canada-43494337

 

GDPR – Art.17 GDPRRight to erasure (‘right to be forgotten’)

In effective of data protection policy on 28th May 2018. EU member countries mandatory to compliance data protection policy. It is a good news to avoid personal data misuse somewhere. Such benefits applies to all member countries citizen. Following ground of interpretation you are allow to execute following actions. For instance:

The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

But following criteria shall not apply to the extent that processing is necessary: For compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Actually there are more. For more details, please refer to

Art. 17 GDPR – Right to erasure (‘right to be forgotten’)

Enjoy!

Blockchain technology can do the magic – EU GDPR new data protection regulation

Preface:

The movie title – when harry met Sally romantic. It is a comedy film written by Nora Ephron. It gives an idea to the world all we are interconnected with fate.

GDPR – High Level Understanding

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).

GDPR principle

General Data Protection Regulation are, quite literally, data protection model. Details are shown as below:

  • Establish data privacy as a fundamental right
  • Clarify the responsibilities for EU data protection
  • Define a base line for data protection
  • Elaborate on the data protection principles
  • Increase enforcement powers

In regards to GDPR, how does blockchain technology assists?

Blockchains are secure by design.Each block typically contains a cryptographic hash of the previous block. By foundation, a blockchain is inherently resistant to modification of the data. This is exactly fulfill the GDRP mandatory requirements. Let’s take a simple understanding of the requirements of data controller.

  • (Article 24) – be accountable, demonstrate compliance
  • (Article 25) – Adopt privacy by design
  • (Article 27) – If not in the EU, appoint a representative
  • (Article 28) – Take care when using 3rd parties (Processors)
  • (Article 30) – Keep records of processing
  • (Article 32) – Do security well
  • (Article 33) – Tell the regulator if they have a breach (72 hours)
  • (Article 34) – Tell Data Subjects about some breaches
  • (Article 35 and 36) – Do privacy impact assessments
  • (Article 37,38 and 39) – appoint a Data Protection Officer where specified

Let’s see how blockchain technology addressing these subject matters

Perhaps reader not interested to read a whole bunch of words.An explicit view and explanation in below informative diagram.

Reminder – New EU GDPR will be effective in May 2018

END of discussion.

Mew Trend 2018 – Exfiltrating Data via DNS

New Trend 2018 – Exfiltrating data via DNS (see below url for reference)

https://blogs.forcepoint.com/security-labs/udpos-exfiltrating-credit-card-data-dns

Comments: A popular discussion on cyber attack topic this year focusing on DNS attack. Security expert found that threat actor transform DNS topology as a hack tool assists their goal. It show small data set with frequent connections. But the new generation of malware found today looks like a prototype. Why? The fact is that malware relies on executable file instead of hide himself in memory.

Reminder – New EU GDPR will be effective in May 2018

Are you ready for EU-GDPR new data protection regulation yet? The new GDPR established common rules across Europe and gives individuals better control over their personal data held by the organizations and will be effective on May 2018. Below details are the principle for your references. But did you confirm your inhouse strategy align with data protection?

  • Establish data privacy as a fundamental right
  • Clarify the responsibilities for EU data protection
  • Define a base line for data protection
  • Elaborate on the data protection principles
  • Increase enforcement powers

In short, your company needs to:

  • Classify data, tag them, implement encryption.
  • Modify application
  • Manage hardware and software for encryption for distributed platforms

For more details, please refer following url: https://www.eugdpr.org/

 

 

Data Privacy Day 2018 Livestream on 28th Jan 2018

In last hundred years, the record of information includes storage of information without big changes. A revolution appears enforce computer technology jump to another generation computer world with big data and digitization technology. Cyber attack wreak havoc recently. In order to avoid any mistake given by antivirus program. The antivirus vendor enforce their defensive technique. They keep track your daily activities simultaneously. Perhaps you and me do not empower to 3rd party doing similar of jobs. But what we can do today protect your personal data privacy?

The Data Privacy Day 2018-Live From LinkedIn. Data Privacy Day 2018 Livestream on 28th Jan 2018 (see below url for reference)

https://staysafeonline.org/dpd18-live/

 

 

 

Lawful interception – How’s your personal privacy value today?

Cloud computer platform looks like a fight carrier in the data world. Meanwhile, the data stored inside the cloud are under cloud protection. However different country implement different data protection law and data custodian policy. Perhaps development countries unaware this topics last decade. However big data upgrade his political position progressively. It looks that government enforcement unit not easy get the data in cloud farm easier. At least they must apply the key escrow or search warrant through official channel. Or you may say sometimes ask president approval can evade all the official channel. But how to monitor billion of mobile phones & computers? Perhaps it is not a secret, wikileak became a whistleblower since 2014 (see below url for reference). A strange issue draw my attention this year? There are more antivirus vendor detected finfisher malware this month (see attached detail in picture left hand corner).FinFisher customers include law enforcement and government agencies in the world. Do you think there is a new round of hostile country surveillance program being engaging at this year?

2014 – wikileaks SpyFiles 4

https://wikileaks.org/spyfiles4/index.html

2014 – Wikileaks releases FinFisher files to highlight government malware abuse (by theguardian.com)

https://www.theguardian.com/technology/2014/sep/16/wikileaks-finfisher-files-malware-surveillance

 

Smart City & IoT -Mandatory 3 principles for working with Big data

We frequently heard smartcity project and usage of big data. Such key terms for the 1st impression to people is that it is a advanced technique and techology trend in future. In fact it was not possible to say we are keen to enjoy the benefits of smart city and big data analytic but we just ignore the peripherals. How does a city approiate to do such setup on start from strach situation. For example HKSAR issued the smart City blue print mid of last year. But it got whole bunch of unkown answer waiting for queries(public or quires with industries)? Perhaps the objectives of smart city goal to ehance public safty and governance of the city. The career oppuntunities is the side products which carry by this project. If the key items of city not been resolve yet. For instance: population, immigation policy and land use. Even though you enforce this project it may far away from their original design objectives.

Below url is the smart city blueprint for HKSAR for your reference.

https://www.smartcity.gov.hk/blueprint/HongKongSmartCityBlueprint_e-flipbook_EN/mobile/index.html#p=30

Say Goodbye to 2017 cyber incidents

We are going to say goodbye to 2017. What is your expectation in the new year? Cyber World activities especially cyber attacks looks intensive this year. Perhaps we cannot imagine ransomware threat which contain powerful destruction power last decade.The crypto worm (WANNACRY) break the Cyber incident world records which suspended huge volume of workstations and servers operations in the world on May 2017. A shock to the world that the only way to recover your system or data is pay the ransom. Apart from that an alert to the business world is that how does the open source software provides the IT security assurance to the company. The data breach incident occurred in Equifix was awaken everybody. However the data breach incidents continuous exposed to the world caused by misconfiguration instead of vulnerabilities. It such a way discredit the cloud services provider. On the banking environment, the  ATM malwares are wreak havoc. A speculation by expert that DDOS attack will be replaced by ransomware. It looks that DDOS looks running strong this year. My opinion is that application security will be the focus of IT people next year. By the way, I wish you Happy New Year.

Layer 7 (application layer) – What is the information security key factors?

How much is your data privacy value today?

We all aware that our activities in cyber world are under surveillance. But do you alert that even though there is no any surveillance, malware to sniff your data. Your loyal and data protection guard install on your workstation and server keep track of you daily. Perhaps you have the basic understanding on how antivirus vendor make use of your data. It is so called meta data. From on going computer cyber trend, artificial intelligence and Big data analytic intend to collect the data. But take oversight over the world. It looks that there are gap of the data collection policy. For instance, we are chosen Brand A antivirus band this year. But next year, we would like to use another brand of antivirus program. As far as I know, the disclaimer of antivirus vendor do not mention in detail how they are going to disposal the meta data belongs to you. To be honest, it is hard to erase your workstation meta data in their repository. Perhaps the vendor told you no personal information will be collected on this function. They are only keep track the antivirus or malware attack behavior. If such monitor not running in 24 hours. How does the monitor and detect functions work well. You may aware that  your loyal antivirus program also keep track of your activities!