- Basic identity information such as name, address and ID numbers
- Web data such as location, IP address, cookie data and RFID tags
- Health and genetic data
- Biometric data
- Racial or ethnic data
- Political opinions
- Sexual orientation
The GDPR requirements will force U.S. companies to change the way they process, store, and protect customers’ personal data. For example, companies will be allowed to store and process personal data only when the individual consents and for “no longer than is necessary for the purposes for which the personal data are processed.” Personal data must also be portable from one company to another, and companies must erase personal data upon request.
That last item is also known as the right to be forgotten. There are some exceptions. For example, GDPR does not supersede any legal requirement that an organization maintain certain data. This would include HIPAA health record requirements.
What could be a challenging requirement is that companies must report data breaches to supervisory authorities and individuals affected by a breach within 72 hours of when the breach was detected. Another requirement, performing impact assessments, is intended to help mitigate the risk of breaches by identifying vulnerabilities and how to address them.
For a more complete description of GDPR requirements, see “What are the GDPR requirements?”.
Archive for Security
Facebook will try to guilt you into staying by showing you photos of your Facebook friends, and then asking you why you want to deactivate your account.
also if you are smart enough to find that screen, i’m pretty sure there is no way you “don’t understand how to facebook”
But what these services show us is even more alarming: US telcos appear to be selling direct, non-anonymized, real-time access to consumer telephone data to third party services?—?not just federal law enforcement officials?—?who are then selling access to that data.
Given the trivial “consent” step required by these services and unlikely audit controls, it appears that these services could be used to track or de-anonymize nearly anyone with a cell phone in the United States with potentially no oversight.
Google learned American racism and amplified it back at all of its users.
Spying software from Chinese company Shanghai Adups Technology was still present on certain Blu handsets. The software leaves users vulnerable to remote takeovers and having their text messages and call logs recorded, as well as other forms of discrete data collection.
Seems to be the only way to make money on Android phones not from Samsung.
The “Doubleswitch” social media attack: a threat to advocates in Venezuela and worldwide – Access Now
Having gained full control of the compromised account, the hijackers exploited a feature that allows Twitter to recycle unused usernames. After changing the credentials of the accounts, the hijackers registered Twitter accounts using the original usernames, which were now freely available, and connected the accounts to a new email address.
If you are making use of ATS or making a call to HTTPS please note that you are required to submit a year-end self classification report to the US government. Learn more
So I go to publish an app in the AppStore today and this ^ pops up, let that sink in for awhile
Reader has mostly languished over the past few years, but in iOS 11 and MacOS High Sierra it’s back in the spotlight, and it’s gotten a wide-reaching upgrade. You can now set Reader as the default mode for “every web article that supports it,” which will potentially turn a lot of articles into something that looks more like a PDF than graphics-laden web page. (Previously, you had to first load the site and then toggle into Reader, which at least gave ads a chance to show up before you bid them adieu.)
As for U.S. citizens, border agents can’t bar them from entering the country even if they refuse to share social media activity or other information from their phones. But they do have the power to detail Americans in “secondary inspection” and to confiscate devices.
Google has begun using billions of credit-card transaction records to prove that its online ads are prompting people to make purchases – even when they happen offline in brick-and-mortar stores
The new credit-card data enables the tech giant to connect these digital trails to real-world purchase records in a far more extensive way than was possible before. But in doing so, Google is yet again treading in territory that consumers may consider too intimate and potentially sensitive.
Privacy advocates said few people understand that their purchases are being analyzed in this way and could feel uneasy, despite assurances from Google that it has taken steps to protect the personal information of its us