Privacy

6 June 2012 at 10:28am

EC Responds on Data Protection Consultation

Andrew Cormack
Breach Notification
Data Protection Regulation
Privacy
The European Commission has published its response to last year's consultation on revising European Data Protection legislation, in particular Directive 95/46/EC.
Read more
6 June 2012 at 10:26am

JRS developments: protecting privacy

Andrew Cormack
Privacy
eduroam
One of the fun parts of my job is working with colleagues to understand the technical developments they are considering and work out whether there are any legal or policy implications that we need to be working on in parallel. One advantage of doing this at an early stage is to get views from those likely to be affected, so please feel free to comment.
Read more
4 July 2012 at 4:46pm

MoJ: Data Protection Law

Andrew Cormack
Breach Notification
Data Protection Regulation
Privacy
The Ministry of Justice has been seeking evidence to inform its input into the ongoing revision of the European Data Protection Directive (95/46/EC).
Read more
6 June 2012 at 10:24am

Personal Data - yet another contradictory decision

Andrew Cormack
Data Protection Directive
Privacy
copyright
For a while there has been one pair of contradictory answers to the question of whether an IP address was personal data. Two different German courts were asked about addresses in the log of a web server: one said that was personal data, the other said it wasn't.
Read more
6 June 2012 at 10:21am

Data Protection Revision Delayed

Andrew Cormack
Data Protection Regulation
Privacy
An interesting report from the French data protection authority (CNIL) that the European Commissioner has announced a delay in the proposed revision of the European Data Protection Directive 95/46/EC. Rather than publishing a draft Directive later this year, it seems that the plan is now to publish a report this autumn with the draft expected in November next year.
Read more
6 June 2012 at 10:20am

Personal Information Online

Andrew Cormack
Data Protection Act
Privacy
The Information Commissioner has now published his Code of Practice on Personal Information Online (also available as PDF), for which we gave early input. It  seems to contain a lot of helpful and pragmatic advice.
Read more
6 June 2012 at 10:19am

Data Protection Directive Meeting

Andrew Cormack
Access Management
Data Protection Regulation
Privacy
I had an interesting day in Brussels yesterday, providing input for the Commission's revision of the 1995 Data Protection Directive. Invitations had been sent to those who responded to the consultation last year, so a wide variety of organisations were present, including banking, marketing, medical, consumer rights, content industries and telecommunications operators.
Read more
6 June 2012 at 10:18am

Pseudonymous Identifiers and the Law

Andrew Cormack
Access Management
Data Protection Act
Data Protection Regulation
Privacy
For a while I've been trying to understand how pseudonymous identifiers, such as IP addresses and the TargetedID value used in Federated Access Management, fit into privacy law. In most cases the organisation that issues such identifiers can link them to the people who use them, but other organisations who receive the identifiers can't. Indeed Access Management federations spend a lot of effort to make it as difficult as possible for the link to be made, using both technical and legal means to protect the privacy of users.
Read more
29 April 2013 at 1:10pm

DNS Logs for Incident Response

Andrew Cormack
Privacy
incident response
Domain Names
A number of talks at the FIRST conference this week have mentioned the value of Domain Name Service (DNS) logs for both detecting and investigating various types of computer misuse: from users accessing unauthorised websites to PCs infected with botnets to targeted theft of information (see, for example, Google's talk).
Read more
6 June 2012 at 10:16am

Thoughts on Data Breach Notification

Andrew Cormack
Breach Notification
Data Protection Regulation
Privacy
ePrivacy Directive
Regulators and governments are moving towards creating a requirement that anyone who suffers a security breach affecting personal data would have to report it.
Read more
Subscribe to Privacy