Category Archives: Impact, Risk and Measures

UK institutional “data breach” … HSCIC asks for an inconsistent consent …

A recent decision of the Information Commissioner’s Office (https://ico.org.uk/) has manifested a fear that for years affected the UK (and not only) and that it is the focus of the discussions between the associations for the protection of clients/patients/data subjects. The above document states that the British “Data Controller” has experienced an anomaly related to… Read More: UK institutional “data breach” … HSCIC asks for an inconsistent… »

Cyber Crime and Compliance at Milan Politecnico

The headlines go to the Cyber Crime attacks, but ultimately the Compliance remains the main expense leverage in IT security, at least for SMEs. That’s what emerges from the 2016 Survey by the Information Security & Privacy Observatory of the Milan Politecnico School of Management, presented on 2/2 at the conference “Cyber Crime: the invisible threat… Read More: Cyber Crime and Compliance at Milan Politecnico »

Data Portability impact on healthcare facilities

The new right  to data portability (art. 20 GDPR) shall also apply to health data. This interpretation is clearly illustrated in the recent Guidelines on the right to data portability, issued by the WP 29 on December, 13 2016. At point III, the Guidelines states three necessary conditions to apply the right:  personal data concerning… Read More: Data Portability impact on healthcare facilities »

Cybersecurity Report 2016 – Public consultation

Around a year ago, following a public consultation of more than 500 contributors, the national Cyber Security framework was published, enriched through time with new support tools: http://www.cybersecurityframework.it/contenuti-di-supporto-al-framework A year later a new public enquiry was launched, concerning safety checks of Cybersecurity Report 2016, to which its is possible participating by February 3rd 2017 visiting… Read More: Cybersecurity Report 2016 – Public consultation »

Commission launched a public consultation on ENISA

“ENISA is the Agency of the European Union tasked with contributing to the enhancement of the overall level of cybersecurity of the EU and its Member States. This consultation kicks off the review of ENISA, whose current mandate will come to an end in 2020. The European Commission welcomes the views of all interested stakeholders… Read More: Commission launched a public consultation on ENISA »

GDPR guest star at Politecnico University

Aula Magna packed and great audience interest on 17/1 for the conference dedicated to GDPR by the Information Security & Privacy Observatory of Politecnico University in Milan. In his introduction Alessandro Piva (Observatory Director) has anticipated some results of the Research that will be presented on 2/2, which shows the breadth and diversity of threats,… Read More: GDPR guest star at Politecnico University »

Notification to the supervisory authority

GDPR (Privacy European Regulation) does not require “notification to the supervisory authority” for special data processings. Such notification was required by previous Directive 95/46/CE. In fact, notification of special processing processings is considered an obsolete tool and, as written in introductory clause 89, “did not in all cases contribute to improving the protection of personal… Read More: Notification to the supervisory authority »

PIA and proposals from ISO/IEC 29134 and ICO

European privacy Regulation (GDPR, Reg. UE 679/2016) requires, in article 35, that controllers carry out, in some special cases, a Data protection impact assessment (usually known as Privacy impact assessment or, shortly, PIA), that is, a document reporting a risk assessment related to processing operations. PIA is required in the case of: a systematic and… Read More: PIA and proposals from ISO/IEC 29134 and ICO »