Category Archives: Privacy

Browsing Anonymously: Is It Really Anonymous?

can you see what site im on hero image

Privacy is top of mind for many people these days. Unclear privacy policies, rampant data collection and high-profile data breaches can lead us to second guess our information’s safety — even when it’s guarded by respected institutions. In fact, Americans reportedly trust credit card companies more than the federal government to protect their personal information. To combat this uncertainty, security experts commonly recommend using virtual private networks (VPNs) and secure browsers to keep your browsing history…

[Online Conference] Varonis Coffee Series: Unique Insights Into Data Securi...

[Online Conference] Varonis Coffee Series: Unique Insights Into Data Security and Privacy

Looking for a different take on the data security landscape? Join our multi-disciplinary team of experts as they discuss the laws, ethics, and defensive techniques behind data protection and privacy. Over four Tuesdays starting March 12, you’ll be briefed on the intersection of red team thinking and diversity, how basic pen testing ideas can change your security practices, the secret Privacy by Design ingredient in GDPR compliance, and how to bring professional ethics into the data security lifecycle.  And there will be coffee: we’re…

Right to be Forgotten: Explained

right to be forgotten hero

The “Right to be Forgotten” (RTBF) is a key element of the new EU General Data Protection Regulation (GDPR), but the concept pre-dates the latest legislation by at least five years.  It encompasses the consumers’ rights to request that all personal data held by the company —or “controller” in GDPR-speak — be removed on request.  But it goes further: the GDPR rules (see its article 17 ) says that search engines (like Google) have to…

Australian Notifiable Data Breach Scheme, Explained

Australian Notifiable Data Breach Scheme, Explained

A third time is a charm, in life and in data breach notifications laws. On February 13, 2017, the Australian government, in its third attempt, passed the Notifiable Data Breaches scheme, which finally came into effect on February 22nd of this year. While we all have a conceptual idea of what a data breach notification means, but when it comes to required action, we have to look at the nitty gritty details. Let’s start with…

Social Media Security: How Safe is Your Information?

Comparing social media privacy

In 2012 a massive cyber attack by a hacker named “Peace” exploited over 117 million LinkedIn users’ passwords. After the dust settled from the initial attack, new protocols were put in place and the breach was all but forgotten in the public eye, the same hacker reared their head again. Nearly five years later, “Peace” began releasing the stolen password information of the same LinkedIn users from the earlier hack. With millions of users’ data…

What is the CIA Triad?

What is the CIA Triad?

The CIA Triad is a security model that highlights core data security objectives and serves as a guide for organizations to keep their sensitive data protected from unauthorized access and data exfiltration. Despite the name, the CIA Triad is not connected with the Central Intelligence Agency – but is an acronym for: Confidentiality ensures that information is accessible only by authorized individuals; Integrity ensures that information is reliable; and Availability ensures that data is available and…

[Podcast] Dr. Zinaida Benenson and Secondary Defenses

[Podcast] Dr. Zinaida Benenson and Secondary Defenses

Dr. Zinaida Benenson is a researcher at the University of Erlangen-Nuremberg, where she heads the “Human Factors in Security and Privacy” group. She and her colleagues conducted a fascinating study into our spam clicking habits. Those of you who attended Black Hat last year may have heard her presentation on How to Make People Click on a Dangerous Link Despite their Security Awareness. In the second part of our interview, Benenson tells us that phishing…

[Podcast] Adam Tanner on the Dark Market in Medical Data, Transcript

[Podcast] Adam Tanner on the Dark Market in Medical Data, Transcript

Adam Tanner, author of Our Bodies, Our Data, has shed light on the dark market in medical data. In my interview with Adam, I learned that our medical records, principally drug transactions, are sold to medical data brokers who then resell this information to drug companies. How can this be legal under HIPAA without patient consent? Adam explains that if the data is anonymized then it no longer falls under HIPAA’s rules. However, the prescribing…

[Podcast] Adam Tanner on the Dark Market in Medical Data, Part II

[Podcast] Adam Tanner on the Dark Market in Medical Data, Part II

More Adam Tanner! In this second part of my interview with the author of Our Bodies, Our Data, we start exploring the implications of having massive amounts of online medical  data. There’s much to worry about. With hackers already good at stealing health insurance records, is it only a matter of time before they get into the databases of the drug prescription data brokers? My data privacy paranoia about all this came out in full…

[Podcast] Adam Tanner on the Dark Market in Medical Data, Part I

[Podcast] Adam Tanner on the Dark Market in Medical Data, Part I

In our writing about HIPAA and medical data, we’ve also covered a few of the gray areas of medical privacy, including  wearables, Facebook, and hospital discharge records. I thought both Cindy and I knew all the loopholes. And then I talked to writer Adam Tanner about his new book Our Bodies, Our Data: How Companies Make Billions Selling Our Medical Records. In the first part of my interview with Tanner, I learned how pharmacies sell our prescription drug…

[Podcast] More Dr. Ann Cavoukian: GDPR and Access Control

[Podcast] More Dr. Ann Cavoukian: GDPR and Access Control

We continue our discussion with Dr. Ann Cavoukian. She is currently Executive Director of Ryerson University’s Privacy and Big Data Institute and is best known for her leadership in the development of Privacy by Design (PbD). In this segment, Cavoukian tells us that once you’ve involved your customers in the decision making process, “You won’t believe the buy-in you will get under those conditions because then you’ve established trust and that you’re serious about their privacy.” We also…