Public bodies must prepare for new data protection laws

Public bodies must prepare for new data protection laws now, warns the Society of Information Technology Management. The incoming General Data Protection Regulation and new EU-US Privacy Shield arrangement will introduce major changes for the management of personal data, with penalties for non-compliance.  Data subjects will be able to request for their data to be deleted, or transferred between different storage providers, and additional consent requirements will apply.  Public bodies must address these issues now to ensure that processes are in place to deal with the new obligations.

Click here to view the original article featured in Computing.co.uk.


Mossack Fonseca: Panama Papers "hacked"

Leaked data from Panamanian law firm, Mossack Fonseca, sent shockwaves across the international community earlier this week, as tax affairs of some of the world's wealthiest and most influential people were revealed.  The consequences of the breach are huge, and regulatory authorities across the globe are on the hunt for financial wrongdoing, with numerous  high-profile  figures  implicated. Iceland's  prime  minister, Sigmundur Gunnlaugsson, has resigned after his undisclosed ownership of an offshore company was exposed  and  David Cameron  was  forced to explain his tax affairs following leaked documents concerning his father's offshore funds, which were released last week .  

The cause of the leak is unclear but Ramon Fonseca, founding partner at Mossack Fonseca, has denied the existence of an internal whistleblower. He stated, "We rule out an inside job. This is not a leak. This is a hack." This recent episode once again demonstrates the enormous impact of data breaches and the fragility of privacy rights in the modern age.  The full extent of the damage to those involved, including to the business of Mossak Fonseca, is yet to be seen. Following this latest high-profile breach, and with data-breaches becoming increasingly common, all companies storing personal data must question whether the security they have in place is adequate.

Click here to view Computer Weekly's coverage.

A statement from Mossack Fonseca is available here.

Whatsapp invests in further layer of encryption to messages

Whatsapp has announced that messages, calls, images and photographs sent on its application will now benefit from end-to-end encryption. Data will only be accessible by the sender and the recipient. Third parties (whether they are law enforcement agencies, hackers or criminals) will be unable to intercept communications.  Hailed by Amnesty International as a "huge victory" for free speech, this significant development creates some interesting issues.  It will now be extremely difficult for Whatsapp to comply with any law enforcement requests to share data – as Whatsapp itself cannot access the messages. This escalates the growing tension between government surveillance and technology security. Further to this, the Investigatory Powers Bill, currently being discussed by UK parliament, could require companies to store online communications for 12 months. It has been suggested that Whatsapp could face a UK ban if it was unable to comply with the new law.

BBC News coverage of the story is available here.

Reddit deletes 'Warrant Canary' 

Privacy advocates and Reddit users have highlighted growing concerns  surrounding the recent  amendment  made to Reddit's transparency report (a statement which indicates what requests for information the company has received). The "warrant canary" paragraph, which has disappeared from the site, had stated that Reddit had not received any national security letters, which are used by the FBI to gather data without obtaining formal court approval. Invariably, national security letters are accompanied by a suppression order, restricting the information that the company can release about the request.  This creates a minefield for companies, which must strike a balance between communicating with their customers and complying with government orders: the Reddit CEO said, "I've been advised not to say anything one way or the other".

Click here to view the original article from Reuters.