In the light of the General Data Protection Regulation (GDPR), the challenge of proper application of pseudonymisation to personal data is gradually becoming a highly debated topic in many different communities, ranging from research and academia to justice and law enforcement and to compliance management in several organizations across Europe.
Pseudonymisation and personal data challenges
The ENISA “Pseudonymisation techniques and best practices” report, amongst other, especially discusses the parameters that may influence the choice of pseudonymisation techniques in practice, such as data protection, utility, scalability and recovery.
It also builds on specific use cases for the pseudonymisation of certain types of identifiers (IP address, email addresses, complex data sets).
There is no easy solution
One of the main outcomes of the report is that there is no single easy solution to pseudonymisation that works for all approaches in all possible scenarios.
On the contrary, it requires a high level of competence in order to apply a robust pseudonymisation process, possibly reducing the threat of discrimination or re-identification attacks, while maintaining the degree of utility necessary for the processing of pseudonymised data.
58% of surveyed businesses worldwide failed to address requests made from individuals seeking to obtain a copy of their personal data as required by GDPR within the one-month time limit set out in the regulation, reveals updated research from Talend.
GDPR compliance rate: 2018 and now
In September 2018, Talend released the results of its first GDPR research benchmark, which was aimed to assess the ability of organizations to achieve right to access and portability compliance with the European regulation. At that time, 70% of the companies surveyed reported they had failed to provide an individual’s data within one month.
One year later, Talend surveyed a new population of companies, as well as the companies which reported a failure to comply in the first benchmark, in order to map improvement. Although the overall percentage of companies who reported compliance increased to 42%, the rate remains low 18 months after the regulation came into force.
“These new results show clearly that Data Subject Access Rights is still the Achilles’ heel of most organizations,” said Jean-Michel Franco, Senior Director of Data Governance Products at Talend. “To fully comply with GDPR it is necessary to understand where the data is, how it is processed and by whom, as well as ensure that the data is trusted.”
Organizations are struggling to meet requests
The research revealed that only 29% of the public sector organizations surveyed could provide the data within the one-month limit. With an increasing use of data and new technologies – facial recognition, artificial intelligence – by the public sector to improve the citizen experience, the need for more integrated data governance is a must-have for 2020 and beyond.
The same observation applies to companies in the media and telecommunications industries. Only 32% of these organizations reported that they could provide the correct data on time.
Many firms barely reach an average success rate
Compared to last year, retail companies improved their success rate with 46% of such companies reporting they provided correct responses within the one-month limit. A greater proportion of companies in this industry started to take a customer-centric approach to both improve the experience and internal processes.
The same situation occurs with organizations in finance as well as in travel, transport, and hospitality industries. In addition, the latter are considered as the best performers as companies in that industry represent 38% of all the organizations who provided data in less than 16 days.
The lack of automation remains a barrier to success
One take-away from this new benchmark is the lack of automation in processing requests. One of the main reasons companies failed to comply was the lack of a consolidated view of data and clear internal ownership over pieces of data. In the financial services industry, for example, clients may have multiple contracts with a company that may not be located in one place making it difficult to retrieve all necessary information.
Processing the requests thus remains very manual and often Involves the business users, e.g. the insurance representatives in the case of an insurance company. In addition, processing Subject Right Requests can be very costly; according to a recent Gartner survey, companies “spend, on average, more than $1,400 to answer a single SRR.”
ID proof and requesting process should be improved
The research also highlights the lack of an ID check during the data request process of the individual requesting data. Overall, only 20% of the organizations surveyed asked for proof of identification. Moreover, of the companies surveyed that reported asking for proof of identification, very few use an online and secure way of sharing ID documents. Instead, most of the time, copies of identification were provided by email. The requesting process also remains cumbersome with reported difficulties including finding the right email address to send the request, and follow up emails because the data is incomplete or because the files can’t be opened.
With only seven months left for nations to pass laws and virtual asset service providers (VASPs) to comply with the guidelines, the majority of cryptocurrency exchanges are not equipped to handle basic KYC, let alone comply with the stringent new funds Travel Rule included in the updated Financial Action Task Force (FATF) guidance, according to CipherTrace. Inadequate KYC The research results revealed that the lion’s share — more than two-thirds — of exchanges do not … More
The post 2019 experienced massive spate of crypto crimes, $4.4 billion to date appeared first on Help Net Security.
Only 15% of organizations report having a mature approach to data privacy, 59% have yet to allocate budget to CCPA compliance, and 58% are currently using or will look to implement machine learning-driven systems to improve manual processes for data security, Egress reveals. Compliance and preparation In succession to the EU’s landmark GDPR legislation, the CCPA is set to revolutionize data privacy and security within the United States, with major penalties and litigation slated for … More
The post Most businesses have yet to allocate a CCPA compliance budget appeared first on Help Net Security.
A majority of U.S. consumers plan to do most of their holiday shopping online for the first time ever, yet a survey from F-Secure finds that most internet users remain concerned about their exposure to cybercrime. Major consumer trends The survey of shoppers highlighted 3 major trends among American consumers: Bank account hacking and data breaches are the biggest worries on the web. 62% are either worried or extremely worried about a hacker taking over … More
The post As the online shopping season begins, consumers worry about cybercrime appeared first on Help Net Security.
Perhaps the third time’s the charm: a group of Senate Democrats, following in the recent footsteps of their colleagues in both chambers, has introduced a bill that would impose sweeping reforms to the current disaster patchwork of US privacy law.
The bill (PDF), dubbed the Consumer Online Privacy Rights Act (COPRA), seeks to provide US consumers with a blanket set of privacy rights. The scope and goal of COPRA are in the same vein as Europe’s General Data Protection Regulation (GDPR), which went into effect in May 2018.
Privacy rights “should be like your Miranda rights—clear as a bell as to what they are and what constitutes a violation,” Sen. Maria Cantwell (D-Wash.), who introduced the bill, said in a statement. Senators Amy Klobuchar (D-Minn.), Ed Markey (D-Mass.), and Brian Schatz (D-Hawaii) also co-sponsored the bill.
A majority of companies are adopting a single global data protection strategy to manage evolving privacy programs, and that managing the expanding ecosystem of third parties handling data has become a top priority, a TrustArc report reveals. Evolving ecosystem of partners, customers, and vendors driving risk assessment processes Vendor and third-party risk assessments ranked first among privacy assessments globally, with 78 percent of U.S. respondents reporting that they now conduct them. That figure indicates the … More
The post Growing complexity is driving operational changes to privacy programs appeared first on Help Net Security.
In advance of the peak shopping season, a study from PCI Pal shows that millions of Americans continue to over-indulge in risky behaviors – both online and on the phone, leaving themselves open to seasonal security scares. While 49% of Americans have reportedly been the victims of cybercrime, the study concludes that fears of fraud have not done enough to significantly change consumer behaviors. The data identified the seven seasonal security ‘sins’ more likely to … More
The post Risky behavior exposes consumers to seasonal security scares appeared first on Help Net Security.
1.19 billion confidential medical images are now freely available on the internet, according to Greenbone’s research into the security of Picture Archiving and Communication Systems (PACS) servers used by health providers across the world to store images of X-rays as well as CT, MRI and other medical scans. US: 786 million medical images identified That’s a 60% increase from the finding between July and September 2019, and includes details of patient names, reason for examination, … More
The post 1.19 billion confidential medical images available on the internet appeared first on Help Net Security.
A vulnerability in the Google Camera app may have allowed attackers to surreptitiously take pictures and record videos even if the phone is locked or the screen is off, Checkmarx researchers have discovered. In addition to this, attackers would have also been able to eavesdrop on and record phone conversations, silence the camera shutter, transfer captured photos, video and data to their C&C server, and pull GPS location based on photo’s metadata. Android camera spy: … More
The post Android camera apps could be hijacked to spy on users appeared first on Help Net Security.
Mobile apps that work with Bluetooth devices have an inherent design flaw that makes them vulnerable to hacking, a research has found. Where is the issue? The problem lies in the way Bluetooth Low Energy devices communicate with the mobile apps that control them, said Zhiqiang Lin, associate professor of computer science and engineering at The Ohio State University. “There is a fundamental flaw that leaves these devices vulnerable – first when they are initially … More
The post The way Bluetooth devices ‘talk’ to apps leaves them vulnerable appeared first on Help Net Security.
Most U.S. adults say that the potential risks they face because of data collection by companies (81%) and the government (66%) outweigh the benefits, but most (>80%) feel that they have little or no control over how these entities use their personal information, a recent Pew Research Center study on USA digital privacy attitudes has revealed. Interesting discoveries on USA digital privacy attitudes The study has also shown that: 72% of respondents feel that all, … More
The post Most Americans feel powerless to prevent data collection, online tracking appeared first on Help Net Security.
A third of Americans have been a victim of information fraud or identity theft. Despite notable data breaches in 2019, when asked if they update or change passwords/PINs after a company they do business with suffers a data breach, more than a quarter (28%) say only sometimes and nearly one in 10 (9%) say they don’t update their passwords at all, according to a Shred-it survey. Safeguarding sensitive data Four in ten (41%) Americans who … More
The post Do your infosec habits make you vulnerable to fraud? appeared first on Help Net Security.
In the absence of a federal digital privacy law, Microsoft has decided to comply with the requirements of California’s Consumer Privacy Act (CCPA) throughout the U.S. The CCPA in short The CCPA goes into effect on January 1, 2020, and says that California residents (consumers) have the right to know what personal data is being collected about them and access it, to know whether their data is sold or disclosed (and to whom), to demand … More
The post Microsoft to honor California’s digital privacy law all through the U.S. appeared first on Help Net Security.
An anonymous reader quotes a report from TechCrunch: Silicon Valley is terrified. In a little over three months, California will see the widest-sweeping state-wide changes to its privacy law in years. California’s Consumer Privacy Act (CCPA) kicks in on January 1 and rolls out sweeping new privacy benefits to the state’s 40 million residents — and every tech company in Silicon Valley. California’s law is similar to Europe’s GDPR. It grants state consumers a right to know what information companies have on them, a right to have that information deleted and the right to opt-out of the sale of that information.
Since the law passed, tech giants have pulled out their last card: pushing for an overarching federal bill. In doing so, the companies would be able to control their messaging through their extensive lobbying efforts, allowing them to push for a weaker statute that would nullify some of the provisions in California’s new privacy law. In doing so, companies wouldn’t have to spend a ton on more resources to ensure their compliance with a variety of statutes in multiple states. Just this month, a group of 51 chief executives — including Amazon’s Jeff Bezos, IBM’s Ginni Rometty and SAP’s Bill McDermott — signed an open letter to senior lawmakers asking for a federal privacy bill, arguing that consumers aren’t clever enough to “understand rules that may change depending upon the state in which they reside.” Then, the Internet Association, which counts Dropbox, Facebook, Reddit, Snap, Uber (and just today ZipRecruiter) as members, also pushed for a federal privacy law. “The time to act is now,” said the industry group. If the group gets its wish before the end of the year, the California privacy law could be sunk before it kicks in. TechNet, a “national, bipartisan network of technology CEOs and senior executives,” also demanded a federal privacy law, claiming — and without providing evidence — that any privacy law should ensure “businesses can comply with the law while continuing to innovate.” Its members include major venture capital firms, including Kleiner Perkins and JC2 Ventures, as well as other big tech giants like Apple, Google, Microsoft, Oracle and Verizon
“It’s no accident that the tech industry launched this campaign right after the California legislature rejected their attempts to undermine the California Consumer Privacy Act,” Jacob Snow, a technology and civil liberties attorney at the ACLU of Northern California, told TechCrunch. “Instead of pushing for federal legislation that wipes away state privacy law, technology companies should ensure that Californians can fully exercise their privacy rights under the CCPA on January 1, 2020, as the law requires.”
Read more of this story at Slashdot.
A researcher abused the GDPR to get information on his fiancee:
It is one of the first tests of its kind to exploit the EU’s General Data Protection Regulation (GDPR), which came into force in May 2018. The law shortened the time organisations had to respond to data requests, added new types of information they have to provide, and increased the potential penalty for non-compliance.
“Generally if it was an extremely large company — especially tech ones — they tended to do really well,” he told the BBC.
“Small companies tended to ignore me.
“But the kind of mid-sized businesses that knew about GDPR, but maybe didn’t have much of a specialised process [to handle requests], failed.”
He declined to identify the organisations that had mishandled the requests, but said they had included:
- a UK hotel chain that shared a complete record of his partner’s overnight stays
- two UK rail companies that provided records of all the journeys she had taken with them over several years
- a US-based educational company that handed over her high school grades, mother’s maiden name and the results of a criminal background check survey.
UK’s Tax Authority To Delete Five Million Biometric Voice Records Because it Did Not Have Clear Consent From Its Customers
The UK’s tax authority is to delete the biometric voice records of five million people because it did not have clear consent from its customers to have those files. From a report: HM Revenue and Customs (HMRC) uses the Voice ID biometric voice security system to make it easier for callers to pass its security processes when discussing their account. It says using the system will reduce the time it takes to speak to an advisor and will help prevent anyone else accessing accounts. But the UK’s data privacy watchdog the Information Commissioners Office (ICO) said that HMRC failed to give customers sufficient information about how their biometric data would be processed and failed to give them the chance to give or withhold consent. “This is a breach of the General Data Protection Regulation,” the ICO said.
Steve Wood, Deputy Commissioner at the ICO, said: “We welcome HMRC’s prompt action to begin deleting personal data that it obtained unlawfully. Our investigation exposed a significant breach of data protection law — HMRC appears to have given little or no consideration to it with regard to its Voice ID service.” Under the GDPR, biometric data is considered special category information and is subject to stricter conditions.
Read more of this story at Slashdot.
“While it’s creepy to imagine companies are listening in to your conversations, it’s perhaps more creepy that they can predict what you’re talking about without actually listening,” writes an NBC News technology correspondent, arguing that data, not privacy, is the real danger.
Your data — the abstract portrait of who you are, and, more importantly, of who you are compared to other people — is your real vulnerability when it comes to the companies that make money offering ostensibly free services to millions of people. Not because your data will compromise your personal identity. But because it will compromise your personal autonomy. “Privacy as we normally think of it doesn’t matter,” said Aza Raskin, co-founder of the Center for Humane Technology [and a former Mozilla team leader]. “What these companies are doing is building little models, little avatars, little voodoo dolls of you. Your doll sits in the cloud, and they’ll throw 100,000 videos at it to see what’s effective to get you to stick around, or what ad with what messaging is uniquely good at getting you to do something….”
With 2.3 billion users, “Facebook has one of these models for one out of every four humans on earth. Every country, culture, behavior type, socio-economic background,” said Raskin. With those models, and endless simulations, the company can predict your interests and intentions before you even know them…. Without having to attach your name or address to your data profile, a company can nonetheless compare you to other people who have exhibited similar online behavior…
A professor at Columbia law school decries the concentrated power of social media as “a single point of failure for democracy.” But the article also warns about the dangers of health-related data collected from smartwatches. “How will people accidentally cursed with the wrong data profile get affordable insurance?”
Read more of this story at Slashdot.
Finding WiFi in a foreign country can be a hassle. You may be unsure of which WiFi network to choose or give up and switch to LTE, incurring expensive fees. Though WiFi isn’t a necessity when traveling, it does make life a lot easier. That’s why we put together a comprehensive guide on how to find WiFi anywhere you go. From using WiFi hotspot apps to taking advantage of free loyalty programs, there are many ways you can stay connected.
1. Find a Chain Establishment
Maybe you are in a foreign land and need to message a family member or take a last minute business call. Many restaurants and hotel chains around the world offer free WiFi for your convenience. Most of the time, it’s a simple login page with perhaps an ad or two. Some chains ask for an email address — we suggest providing your “spam email” or an unimportant email address.
- Apple Store
- Barnes and Noble
- Best Buy
- Gap Inc.
- Microsoft Store
- Office Depot
- Sam’s Club
- Urban Outfitters
- Whole Foods
- Boston Market
- Buffalo Wild Wings
- Burger King
- Einstein Bros.
- Jimmy John’s
- Krispy Kreme
- Peet’s Coffee
- Taco Bell
- The Coffee Bean & Tea Leaf
- Marriott (free for all rewards members)
- Hyatt (free for all guests)
- Extended Stay America
- Best Western
- Comfort Inn
- Crowne Plaza Hotels & Resorts
- Holiday Inn
- Ritz Carlton (free for reward members)
- Walt Disney Resorts
- Motel 6
2. Use WiFi Hotspot Apps
While finding free WiFi is great, many question whether the network is safe to join. While we always advise that you use a VPN when accessing free WiFi, you can also download WiFi hotspot apps. These can pinpoint WiFi locations that you can connect to, including networks that are hidden from view. The apps can also show you WiFi networks that are outside your vicinity.
This app offers free WiFi connectivity in just about every city in the world. It contains an interactive map that pinpoints all the hotspots near you. By clicking on the Free WiFi Near Me button, Wiffinity will show you how far you are from the nearest WiFi hotspot and how to get there. Users can also add WiFi networks that are not in the database.
This WiFi app stores nearly half a billion WiFi networks in its database. It also can remove all hotspots that have a fee, time limit or require you to register using a filter system. Much like other apps, this app allows users to agree whether the hotspot is free or requires a paid subscription.
The Facebook mobile app is an easy way to find quick WiFi if you have already installed the app. To find free internet on the app, open the More menu and then tap Find Wi-Fi. You may need to select See More at the bottom to show it. If you cannot find WiFi networks where you are located, you can select a different area on the map and select Search this area to look there.
This WiFi app automatically connects your device to the best network in your location. It also contains a map where it shows WiFi hotspots around you. WeFi delivers up to two times faster data transfer speeds on average in comparison to manual WiFi selection.
3. Go to a Public Shared Space
Sometimes you might not want to purchase something to gain access to free WiFi. That’s where public shared spaces come in handy. We listed some of the most popular public transit services and museums that offer free WiFi services.
Here are some popular public places that host free WiFi:
- Most U.S. public libraries
- US. Metro locations
- Art Institute of Chicago
- National Mall
- Museum of Modern Art
- Louvre (certain hot spots)
- Byzantine Museum
- British Museum
- National Museum of China
4. Rent a Travel WiFi Router
Depending on where you are headed, it may be worth it to rent travel WiFi. Free public WiFi can have slow connection speeds, unreliable security and a plethora of other travelers taking up signal. Mobile hotspots can offer reliable, fast internet that does not cause you to change your cell phone plan or purchase a travel router.
This is best for someone who will need strong, reliable WiFi that keeps data secure. It also charges in less than 3 hours and has about 6 hours of device usage. Renting travel WiFi starts at around $10 a day, but the longer you rent it for, the cheap the rate becomes. You can purchase most travel WiFi devices online.
A few of the best rent travel WiFi devices:
- TEP Wireless
- Roaming Man
- Travel WiFi
- Google Project Fi
- Always Online Wireless
5. Use Your Internet Service Provider’s Hotspots
One simple way to find travel WiFi? Use your home provider. If you’re a Comcast user, you will have access to Xfinity WiFi networks when traveling. For most ISP networks, check their WiFi page on the main site or download the hotspot app for your ISP. Find a hotspot by entering an address or form of location. Then connect to your ISP’s available hotspots.
Helpful ISP Hotspot pages:
6. Sign Up for a Loyalty Program
Maybe you are in a hotel that does not offer free WiFi or are in a store with a long line and want a quick distraction. Loyalty programs are great ways to connect to free WiFi when password-free connections are not available. Hotels like Hilton give free WiFi for those who sign up for Hilton Honors Rewards, a free service that offers discounts and a points system for members.
7. Use Your Phone As a Hotspot
When in doubt, you can always use your phone as a hotspot device (also known as tethering), although this may be a costly choice unless you have an unlimited data plan. Some carriers have restrictions or fees associated with tethering, like only being able to use a certain amount of data for tethering, so be sure to check with your provider.
- Open Settings and tap the More option under Wireless & Networks.
- Tap Tethering & portable hotspot.
- Tap Hotspot & tethering and this is where you’ll be able to configure your phone’s WiFi hotspot. You can also change its SSID and password.
- Keep the security set to WPA2 PSK.
- Click Save.
Note: iPhone must be 3G or later to support tethering.
- Go to Settings > General > Network.
- Tap the Personal Hotspot option.
- Select the WiFi password option to prevent unwanted devices from connecting.
8. Find WiFi in Your City
When you are exploring a new city or on a mission to find a location, internal city WiFi can be a big help. Many large cities around the globe offer free WiFi to those within a certain mile radius of the city’s center. These are some of the best cities on earth to pick up free WiFi.
- Malmö, Sweden
- Tel Aviv, Israel
- NYC, U.S.
- Seoul, South Korea
- Bangladore, India
- Osaka, Japan
- London, U.K.
- Dublin, Ireland
- Paris, France
- Florence, Italy
- Vienna, Austria
- Perth, Australia
- Barcelona, Spain
9. Join a Community
Lastly, before embarking on your journey, you may want to consider joining a community. With an app like Instabridge, you can find crowdsourced WiFi connections all in one place. WiFi communities help you connect with others who have been to your locations and rated the WiFi quality. This is a good way to plan ahead if you’ll need WiFi for more than a few hours.
10. Connect to a Hidden Network
You can also use tools like NetSpot. Once a hidden network is identified and you’ve located the SSID, type of security used, and password, here’s how you connect to it:
- Open Settings.
- Choose Network and Internet.
- Select WiFi from the left menu.
- Choose Manage Known Networks.
- Select Add a new network.
- Enter the SSID, select the security tape and enter the password.
- Select Connect Automatically in order to connect this network whenever available.
- Open WiFi application.
- Scroll to the bottom of the list and then click on Add WiFi.
- Add the WiFi network name from the router.
- Then select the encryption type in Security. Ie. WPA, PSKWPA2-PSK.
- Enter the password and click connect.
- Go to Settings > Wi-Fi and toggle Wi-Fi on.
- Select Other and enter the SSID in the Name bar.
- Select the Security type. Ie. WEP, WPA.
- Tap Other Network to return to the previous screen.
- Enter the network password in the password field and click Join.
- Click on the WiFi icon at the top right of your screen next to the power icon.
- Select Join Other Network near the bottom.
- Type in the hidden network SSID in the Network Name field.
- Choose the Security type.
- Select Remember This Network if you’d like your computer to connect each time.
- Click Join.
How to Stay Safe on Public WiFi
As you can see, there are a variety of ways you can find yourself free WiFi. Whether you are on vacation, traveling to see family during the holidays or on a business trip, the internet is essential to stay connected. While public WiFi may be convenient, it’s important to be cautious when connecting. One of the most foolproof ways to stay safe on public WiFi is with a VPN. A VPN encrypts your data, hides your location and allows you to surf the web anonymously.
Other ways to stay safe:
- Use HTTPS sites only
- Refrain from accessing confidential data (ex. bank account)
- Give a secondary “spam” email for sign-ups
- Avoid performing online transactions
- Cover your keyboard when entering any passwords or credentials
- Install an antivirus that includes parental controls for kids accessing public WiFi
- Always make sure paid WiFi is legitimate and use a third-party payment system
- Keep antivirus up-to-date
The Simple Dollar | PC Mag | Consumer Reports | Boost and Co | Slideshare | Netspot App | Lifewire | Profandroid.com | The Windows Club | Hilton Honors | How to Geek | PC World | CN Traveler | World of Wanderlust |