Category Archives: Impact, Risk and Measures

UK institutional “data breach” … HSCIC asks for an inconsistent consent …

A recent decision of the Information Commissioner’s Office (https://ico.org.uk/) has manifested a fear that for years affected the UK (and not only) and that it is the focus of the discussions between the associations for the protection of clients/patients/data subjects. The above document states that the British “Data Controller” has experienced an anomaly related to… Read More »

Cyber Crime and Compliance at Milan Politecnico

The headlines go to the Cyber Crime attacks, but ultimately the Compliance remains the main expense leverage in IT security, at least for SMEs. That’s what emerges from the 2016 Survey by the Information Security & Privacy Observatory of the Milan Politecnico School of Management, presented on 2/2 at the conference “Cyber Crime: the invisible threat… Read More »

Cybersecurity Report 2016 – Public consultation

Around a year ago, following a public consultation of more than 500 contributors, the national Cyber Security framework was published, enriched through time with new support tools: http://www.cybersecurityframework.it/contenuti-di-supporto-al-framework A year later a new public enquiry was launched, concerning safety checks of Cybersecurity Report 2016, to which its is possible participating by February 3rd 2017 visiting… Read More »

GDPR guest star at Politecnico University

Aula Magna packed and great audience interest on 17/1 for the conference dedicated to GDPR by the Information Security & Privacy Observatory of Politecnico University in Milan. In his introduction Alessandro Piva (Observatory Director) has anticipated some results of the Research that will be presented on 2/2, which shows the breadth and diversity of threats,… Read More »

Notification to the supervisory authority

GDPR (Privacy European Regulation) does not require “notification to the supervisory authority” for special data processings. Such notification was required by previous Directive 95/46/CE. In fact, notification of special processing processings is considered an obsolete tool and, as written in introductory clause 89, “did not in all cases contribute to improving the protection of personal… Read More »