TuneIn no longer has BBC Radio

BBC Tunein

From September 20th 2019, the TuneIn service will no longer supply streams from the BBC for any of it’s radio stations.

This means that users of Amazon Alexa might not be able to listen to BBC stations without making some changes.

The BBC made the decision to end its partnership with TuneIn in August, stating that TuneIn had no means to allow BBC users to log into their accounts, and did not provide sufficient data back to the BBC on what users were listening to.

When we make our programmes available via third parties, we ask that those platforms either allow you to sign into your BBC account – or provide us with meaningful data directly. Unfortunately, TuneIn doesn’t do either of these, so we couldn’t reach a data sharing agreement with them.

Kieran Clifton, BBC Distribution & Business Development Director
https://www.bbc.co.uk/blogs/aboutthebbc/entries/37e4e3f6-fbd2-4c14-8d72-7f7139641582

The BBC radio stations will still be available on Android and iOS via the BBC sounds, BBC iplayer and the Radioplayer app, SONOS users will still be able to user TuneIn to receive BBC stations as no easy alternative is available. Amazon Alexa users will need to use the new BBC Alexa skill to access BBC Stations.

Wi-Fi 6 is coming (did you even notice Wi-Fi 1-5?)

WiFi 6 Icon

The Wi-Fi Alliance have released details of Wi-Fi 6 certification program, meaning manufacturers of Wi-Fi devices can start to implement the new standards.

Wi-Fi 6 is the first Wi-Fi standard to use the simpler naming scheme (although this is only on the consumer side, it’s still technically IEE802.11ax)

Previous versions of the Wi-Fi standards are going to be retro-renamed Wi-Fi 5 (802.11ac) and Wi-Fi 4 (802.11n) to help consumers identify which standard devices are manufactured to.

WiFi 6 Lozenger

What will Wi-Fi 6 give me?

For the average home user, the main benefit will be speed. Wi-Fi 6 will boast speeds upto 9.6Gbps (the existing Wi-Fi 5 801.1ac is rated at a maximum of 3.5Gbps) Obviously it’s extremely unlikely that you’ll ever connect at those speeds, but we expect average connection speeds to be about 30% – 40% better than on a Wi-Fi 5 router. Remember that the average internet speed to homes in the UK is about 54.2Mbps

For busier locations such as businesses, public hotspots and so on, the benefits of Wi-Fi 6 will be much more dramatic. The main aim of Wi-Fi 6 is to increase connectivity and reliability between router and device, amd be more efficient about how it keeps you connected.

Technology designed for multiple device access such as MU-MIMO and OFDMA is included in the specification, meaning more devices can be connected and receive high bandwidth data simultaneously, and more data can be sent in a single burst. As the number of IoT (Internet Of Things) devices in our homes increase, these technologies will help keep your home Wi-Fi ‘clutter free’

Also, the new Wi-Fi 6 standard is designed to be battery efficient, meaning your mobile devices won’t heat up and drain the battery while you stream from a Wi-Fi 6 access point.

Techspot have a great article here listing the technological developments of Wi-Fi 6, including what is meant by MU-MIMO, OFDMA, QAM, OFDM and many more geeky terms!

What if my device is not Wi-Fi 6 compliant, do I need to upgrade?

Nope. As with all Wi-Fi certified devices, backwards compatibility is built in, so if you’re using a phone that’s Wi-Fi 5 compatible (nearly every recent phone will be) and you connect to a Wi-Fi 6 wireless point, the router will recognise your device’s level of compatibility and use Wi-Fi 5 instead. Likewise if your phone is one of the few Wi-Fi 6 compatible phones, it will identify the compatibility of the Wi-Fi access point and use the appropriate settings.

There are already Wi-Fi 6 compatible phones?

Yes, the Samsung Galaxy S10 was the first Wi-Fi 6 phone to hit the market, Apple’s iPhone 11 will also support the standard. To compliment those, routers from cisco, Netgear, Asus and TP-Link have also been released with Wi-Fi 6 compatibility.

Bank Transfer Fraud

tinsleyNET Fraud Awareness

The number of Authorised Push Payment Scams such as malicious redirection, where change of bank details are received from an apparently genuine sender, is on the rise.

We look at some of the common ways fraudsters use this to defraud people and businesses, and what you can do to help spot the fraud.

Bank Transfer Fraud

Compiled details from UK Finance, Which, ActionFrauf and FinanceWatch
Looking at Authorised Push Payment Fraud (APP) Malicious Redirection for 2018 only.

tinsleyNET Fraud Prevention


Number of reported APP(MR) reported :
7,544 Of which…
3,280 were against businesses.
A total of 9,898 payments were made, indicating a number of times, multiple fraudulent payments were made before the fraud was noticed.
Sum of losses:
£123,700,000 Of which…
£92,700,000 was from businesses.
£31,000,000 was from individuals.
Sum of money returned to victims:
£36,000,000 Only about 30% of the total money stolen in APP(MR) fraud is recovered.
Average Loss:
£20,750 Average loss in APP(MR) fraud directed at businesses.
Other financial frauds reported
Romance Scams £5,000,000
Impersonation Scams £22,000,000
Advance Fee Scam £6,000,000
CEO Fraud £8,000,000
Investment Scam £20,000,000

Link to more details:  https://www.ukfinance.org.uk/system/files/Fraud%20The%20Facts%202019%20-%20FINAL%20ONLINE.pdf 

Protection against Authorised Push Payment Fraud

There’s a voluntary code that banks can subscribe to, aimed at helping victims of APP fraud to get their money back if the APP was to another UK account. But that’s all, so having internal security procedures in place is essential.

Even if your bank does subscribe to this voluntary reimbursement policy, having some simple internal procedures in place can help prevent the fraud from happening in the first place. If you are still the victim of APP fraud, having documented procedures could show that you did take procedures to validate the payment first.

What to do if you’re a victim of APP Fraud?

First of all, you should gather all the documents relating to this transaction, include emails, letters and logs or telephone calls.

Next you should contact your bank. Find out if they are subscribed to the code for reimbursement, and report the fraud to them. If your bank refuses to help you or takes more than eight weeks to respond to you, you can contact the Financial Ombudsman Service via their website http://www.financial-ombudsman.org.uk/consumer/complaints.htm or by phone 0800 0234567

You should then report the fraud to the police via their Action Fraud service either on the internet at https://www.actionfraud.police.uk/ or by phone on 0300 123 2040

tinsleyNET IT Servces Consultants #WeCanHelp

#WeCanHelp

We can help you put procedures in place that will help protect you or your business from APP and other financial frauds.

Top Tips

  • Protect your information.
    Sometimes, details used to commit APP comes from details found in the bin. Make sure you shred any documents with personal details on (even your name and address) before putting them in the bin.
  • Check Statements
    With so many bank accounts being paperless now, it’s easier to forget to download a copy of your statements and check them, but put a recurring reminder in your calendar to do this. Notify your bank or credit card company if you notice any unusual transactions, however small they are.
  • Redirect Mail
    If you move house, make sure you notify all the organisations who have your details. And put a Royal Mail redirect in place to forward any missed mails to your new address.
  • Double check any changes of details
    If you’re expecting an invoice or to transfer any sum of money, especially if it’s a large sum like buying a new house, and you get a letter, email or phone call advising you of a change of bank details – double check it, always! Call the recipient on a number you know you can trust (not one in the letter or email) and ask if it’s genuine, then ask for their old bank details so you can check they match what you have.

Commodore 64

Commodore C64 Retro

The Commodore C64 was released in January 1982 and sold about 17 million units, making it one of the most successful computer models of all time.

And now it’s back!

THEC64 Logo With White Lozenge RGB

RetroGames are going to be re-releasing a full sized C64 in December 2019. The unit will be able to emulate the C64, and it’s predecessor the VIC20, but unlike the original devices that had a 320 x 200 (16 colour) raster display, the new units will support HDMI output at 720p.

In the pack you’ll get a joystick and 64 pre-installed games (no more waiting for the game cartridges to load) with the option to boot to BASIC.

C64 Boot time animation

So, who’s up for a game of Boulder Dash, Monty On The Run or Spindizzy?

Find out more and pre-order for Christmas here https://retrogames.biz/the-c64

Holiday Scams

Malta Beach

A recent report from ABTA stated that in 2018, nearly £7million was lost to holiday fraudsters from UK holidaymakers.

Common scams

Bank Transfer Fraud

Information from ABTA, Action Fraud and Get Safe Online

Sun

Number of reported holiday related scams :
Over 5,000

Average individual loss per person:
£1,380

Largest individual loss:
£425,000

Total amount lost to holiday scammers:
£7,000,000

Link to more details: https://www.abta.com/news/new-report-reveals-seven-million-pounds-lost-holiday-booking-fraud 

With holidaymakers looking to secure a cheap family holiday, the temptation to use less reputable websites offering deals to popular locations is great, and that’s where the scammers spend most of their time.

Airline Tickets

Over half of the reported scams were related to the sale of airline tickets. The largest single loss per individual was in August 2018 with an individual losing £425,000 in a scam.

While beach holidays are included in the airline ticket scams, as most people still use package holidays this is less lucrative for the scammers. Instead they target people booking just flights to visit friends and family in destinations like Africa and India.

Religious trips are a particular target with individual losses of £10,000 per person being reported.

The UK has specific regulations in place governing the sale of airline tickets, if your sales don’t comply to these regulations, it’s highly likely that they are going to be a scam.

Accomodation

A quarter of the scams reported were related to accomodation.

Professional looking websites offering up-market villas for rent in popular locations such as France, Spain and mediterranean islands use photos of genuine villas but without the permission or knowledge of the owners.

Fake Websites

Fake websites are so professional looking now that it’s difficult to tell them from genuine pages.

Check the website address your on, TUI’s website www.tui.co.uk is genuine, www.tui-ukdeals.com is not. Head over to GetSafeOnline to get more tips on identifying fake websites.

“The cost to victims is not just financial; this crime causes very real emotional distress. Fraudsters are using increasingly sophisticated methods to target destinations and times of year when demand is high and availability limited, as they know people will be looking for good deals. As victims often find out just before they travel or even in resort that they have been defrauded, it can then be very difficult and expensive to obtain a legitimate replacement booking compounding the financial costs and emotional distress suffered by victims.”

Mark Tanzer ABTA Chief Executive
https://www.abta.com/news/new-report-reveals-seven-million-pounds-lost-holiday-booking-fraud

Top Tips

  • Reviews. Do some research, don’t rely on a small handful of reviews. The scammers will often try to flood review sites with fake reviews, look for posts that appear fake.
    If it is a scam, there’s a good change other users have posted details of their experience with them.
    If you have a bad experience with a company, leave comments with honest reviews for others to read, but remember that what some people might feel is a fraud, others might accept as part and parcel of the experience.
  • ABTA. Check a company is registered on the abta website www.abta.com
  • Pay Safe. Use your credit card to pay for bookings, be wary of requests for payment by bank transfer.

Websites

Report any fraud you suffer to the Police at Action Fraud http://www.actionfraud.police.uk/

Expert advice is available at Get Safe Online: https://www.getsafeonline.org/shopping-banking/holiday-and-travel-booking/

Find more tips from ABTA: http://abta.com/fraud

FaceApp

FaceApp Icon

You can’t have helped but see the FaceApp images appearing on people’s social media, photos edited by AI to make them look older, younger or to swap genders.

You’ve probably also heard that the app is stealing your data in the background and uploading it to Russian servers.

We take a look at the app and dig into what it’s actually doing with your data.

The App

FaceAppMockup

FaceApp is available on Android and iPhone, the website is https://www.faceapp.com
Privacy policy is https://www.faceapp.com/privacy

FaceApp was first released in 2017.

The app is available as a free download, with limited functionality, and a pro version with more filters to use.

FaceApp uses AI to manipulate images, making the subject look older, younger, add a smile and so on.

Why does Russia want my data?

A tweet from an app developer suggested that FaceApp was uploading massive quantities of photos from users phones without their permission, this was later quoted in an article on 9TO5Mac and other publications, unfortunately they didn’t actually check if the facts were true.

So just to help clear things up, the app is NOT stealing your data, well not in any way that Apple and Google are already doing.

FaceApp Older

What is the app doing?

The app will upload images to their servers, but only the ones you send for the AI to edit. No background uploading takes place, and only the individual photos you select are sent.

Using cloud servers to process the images will help keep the app size down, increase the speed of the image AI processing and helps keep their AI technology away from prying eyes.

The servers your photos are sent to appear to be based in America, although the company that makes FaceApp is based in Russia. This is not uncommon, as server costs and reliability in America are likely to be better than Russian based server.

The company states that most photos are removed from their servers after 48 hours. Like many other companies, they have a term that states any images sent to their servers may be used by them, royalty-free. Some may find it worrying that their photos might be used to promote this app, but this is not an unusual term in such situations. Twitter has similar terms in their usage T&C’s for example.

It’s likely that the images you send for processing are being used to help improve the AI technology used. Some have suggested this could be used to improve facial recognition algorithms, but In a statement to the BBC the firm’s chief executive, Yaroslav Goncharov, said “No, we don’t use photos for facial recognition training, Only for editing pictures.”

A French security researcher looked into what the app did when you used it, the technical details can be read in his twitter thread here: https://twitter.com/fs0c131y/status/1151270788357603328

How accurate are the FaceApp results?

There’s an article on the BBC News website where they test the app using some well known celebrities, such as Arnold Schwarzenegger, Morgan Freeman and Sir Ian McKellen – you can judge for yourself the quality of the results.

FaceApp Younger

Strava V Relive

Combined Relive Strava Logo

What’s happened?

Early in July, users of Strava and Relive received emails from the services announcing they had broken up. Relive would no longer be able to access Strava users data.

Strava

Many of us at Strava have enjoyed using Relive over the last few years, but because of Relive’s recent updates, unfortunately we have decided to end this integration. The current version of Relive violates several of the terms that we ask of API partners. These terms are in place to safeguard your personal information, to ensure a level playing field for all our partners, and to protect what makes Strava unique. We’ve worked hard with Relive to try to fix this, but they have ultimately chosen not to make the changes needed to honor their agreement. So as of today, Strava will no longer send your activities to Relive for playback.
Rest assured, nothing’s changed about how your information is stored or the control you have over how it’s accessed by API partners. And we remain deeply committed to helping our many API partners build experiences that make your workouts and races even better. 
As always, thanks for being a part of the Strava community, 
The Strava Team

Strava Support, July 8th 2019
https://support.strava.com/hc/en-us/articles/360030429332-An-update-on-our-integration-with-Relive

‘The Strava Team’ sent out the above statement stating that due to recent updates on the Relive platform (presumably the new social media additions) they broke the rules of Strava’s API.

The API is a set of rules that allow a third party, such as Relive, to securely and legitimately access the data held in the Strava database.

They stated that, while Strava have tried to work with Relive to fix the problem, the Relive team had chosen not to make the changes needed.

In a further statement, Strava said;

“We have strict standards for how our API partners utilise our member data. We deeply respect the trust of our member community and expect our partners to do the same.

“Relive’s current use of Strava member data violates our API agreement and we have ended its integration with Strava. We are disappointed that Relive was unwilling to make the changes necessary to comply with the agreement.”  

Relive

Strava broke up with Relive 💔
 
So, this sucks… Strava decided to no longer work with us. After launching our first social features, we received a very unexpected message threatening to pull the plug.

We then tried to call, email, and talk this out with Strava. No response. It’s sad to see them suddenly go, and we’re bummed about this.

Nothing has changed about how Relive uses and protects your data, or how we use their API. We believe this is your data, and you should decide how it’s used. After all, it’s your legs doing all the work!

Email from Relive 11/07/2019

The Relieve team state that, after adding social features to their platform, Strava unexpectedly contacted them threatening to disable their access to the Strava API.

Relieve go on to say “Given our long-term partnership, we immediately rolled back the changes like they requested. We then tried to call, email, and talk this out with Strava. No response, except for new ultimatums and threats about our existing features they’ve applauded for years.

The full Relieve statement is here https://www.relive.cc/strava?hl=en

So what do we think really happened?

Obviously the two accounts given out by each side are contradictory. Each side blaming the other for not cooperating, but there are some clues as to what may have actually happened to cause this split.

ReliveStravaBlackmail

In June this year, James Quarles, the CEO of Strava, held a media event discussing the future of the Strava platform.

They have 42 million accounts, and they are looking to expand on that, they want to own the social fitness market.

Strava will start targeting non-GPS sports like yoga and fitness machines, and along with that they are looking to add more social tools to the platform.

We think Strava plays a role for people not just when they’re recording an activity but before and after, right?

You can find routes, you can find groups to join, people to go with. Then, once you post the activity, you can talk about it, post photos, tag friends, and memorialize and relive the event.

Strava wants to be the home of your active life, Strava wants to be the dashboard for tracking your fitness, a calendar for inviting friends to work out, a feed for you to follow others’ activities, a blog for your race reports and photos, and a message board to ask for recommendations on a new pair of trail-running shoes. In the process, Strava’s goal is to cement itself as “the next great sports brand of the 21st century,”

James Quarles, Strava CEO
https://www.outsideonline.com/2395489/strava-james-quarles

It’s likely that Strava are planning on rolling out more of their own social tools, making the platform much more ‘Facebook like’ and they saw the features on Relive as a threat to their own, it may even be that Strava is planning on rolling out it’s own Relive-type mapping features.

It certainly looks like Strava was using the size of its user base to try to control what and how other services operate to protect its own interests.

But why the change? Strava has a massive user base and it’s investors are more than likely looking to turn that base into a revenue stream, so expect more ‘premium features’ more advertising and more use of your data.

So did Relive break the Strava API rules? probably, but not in any malicious or dangerous way (and probably not in any way that a host of other, smaller, Strava connected apps have)

Did Strava try to cripple Relive? again, probably. If they see Relive as a threat it makes sense to nip them in the bud at the earliest opportunity.

Other Fitness Apps

Why is everyone on Strava? well they’re not, or at least not ‘just’ on Strava. It became a meeting place for users of other disconnected apps to sync their data to and compare and compete. The use of Strava segments pushed the platform forward, but it lacked so many niche features other platforms offered.

So if you’re looking to move your data away from Strava, what are the options?

Under Armour has acquired several apps that can work together or as stand alone apps, MyFitnessPal, Endomondo and MapMyFitness. The suite of apps has about three times as many users as Strava, with more finessed tools and less emphasis on social ‘chit chat’

ASICS own Runkeeper, one of the first fitness apps. It’s got 50 million users and is well established in the elite fitness area.

Garmin Connect has a user base about the same size as Strava, but is just for users of Garmin fitness products.

GoogleFit, Apple Health, MSN Fitness, Fitbit and Samsung Health are all well connected alternatives, allowing you to share your fitness data to to other platforms.

There’s a great review of some of these apps here https://www.pcmag.com/article/334976/the-best-fitness-apps-for-2019

Why was British Airways fined so much?

British Airways Logo

Last year, British Airways suffered a data breach that resulted to the details of hundreds of thousands of its online user’s details being stolen, including email details and credit card details including the 3-digit security code from the back.

Read more

GDPR 1 Year On

GDPR General Data Protection Regulation

May 25th, 2018

The GDPR came into force on the 25th May, 2018. From that point onwards, any organisation around the world processing data relating to European citizens had to comply with the new data security laws

GDPR 1st Anniversary

Information from the European Data Protection Board (EDPB) report published in February 2019

GDPR General Data Protection Regulation Logo

Total fines issued:
€55,955,871

Number of Data Breaches reported by a data controller:
64,684

Individual complaints received:
94,622

Full report: http://www.europarl.europa.eu/meetdocs/2014_2019/plmrep/COMMITTEES/LIBE/DV/2019/02-25/9_EDPB_report_EN.pdf 

GDPR vs. Global Brands

Many tech giants set their European headquarters in the Republic of Ireland. Facebook, Google, Apple, Microsoft, Twitter, Dropbox and many more fell under the GDPR as applied in Ireland.

The Irish Data Protection Commission said that in the first year of GDPR, the subject of most data investigations involved the tech giants, with Facebook and it’s brands Instagram and WhatsApp being the most investigated.

Google has already received a £44,000,000 fine from the French data regulator CNIL for it’s handling of personal data in targeted advertising, it is also facing another investigation from the Irish DPC for similar offences.

The tech giants, along with everyone else, had two years notice of the new regulations, but it appears many of them chose to make the minimal effort to adjust to the regulations.

In the USA, individuals have less robust data protection and privacy laws, and its thought that many global companies set the USA standards as the defacto standard. European GDPR sets the bar much higher and gives individuals much more control over the use of their data.

Information Commissioner’s Office

ICO Enforcement

Data taken from the ICO enforcement page May 25th 2018 – 12 February 2019

ICO

ICO Fines issued:
34 (£3,335,000)

ICO Actions Taken:
59

ICO Prosecutions against individuals:
9

Penalties issued to data controllers who have not registered:
103
  • 16 of those were for the maximum amount of £4,000
  • 18 of those were for organisations in the financial/pensions industry
  • Organisations in Construction, Manufacturers, Services and Health were also commonly fined
PECR Nuisance calls & messages reported:
51,314

…of those:
  • 26% were for accident claims
  • 15% were for broadband and telecoms services
  • 9% were for PPI
  • 8% were for computer scams
PECR Spam text messages
13,623
..of those:
  • 12% were for charities
  • 8% were for banking scams
  • 5% were for energy saving companies
  • 3% were for accident claims
PECR Automated calls:
13,623
…of those:
  • 40% were for accident claims
  • 17% were for broadband and telecoms services
  • 11% were for PPI
  • 8% were for Computer scams

Number of complaints about the use of cookies:
949

Some of these fines were a result of complaints made under the Data Protection Act 1998 before the GDPR came into force. The powers available to the ICO and the level of fines that could be issued were significantly lower under the old DPA.

 https://ico.org.uk/action-weve-taken/ 

The ICO is responsible for GDPR Compliance in the UK. If an organisation poresses personal data it is required to be registered with the ICO and to comply with the GDPR, regardless of size.

The ICO have stated that they are looking for organisations to develop on their compliance to include data security by default. This means that any changes or new functions within the organisation will include GDPR as part of the process.

Polish Data Protection Officer fines polish company €220,000 for processing the personal information of people without making them aware of the processing.

https://edpb.europa.eu/news/national-news/2019/first-fine-imposed-president-personal-data-protection-office_en

Data Protection Officers

DPO’s are a requirement for some organisations, and recommended for other smaller organisations. Organisations can make user of external third party DPO’s to help keep costs down and to being in the required experience.

Over 500,000 organisations registered DPO’s across Europe since the introduction of the GDPR

Data Protection Offices

Data taken from JAPP May 2019

GDPR General Data Protection Regulation

Estimated DPO’s:
500,000

Documented DPO’s:
375,000
  • 182,000 in Germany
  • 51,000 in France
  • 48,000 in Italy
  • 32,000 in the UK
  • 30,000 in Spain

Number of cases received by DPOs:
280,000

https://iapp.org/resources/article/gdpr-one-year-anniversary-infographic/ 

A (very quick) overview of what the GDPR is.

Personally Identifiable Data

Personally Identifiable Data is any information that can be used to identify an individual. Obvious data like someone’s name or customer reference number, and less obvious data like a photo, customer number or CCTV image.

Data Subject

The Data Subject is the individual that the personally identifiable data relates to.

Special Category Data

Some information falls under ‘special category data’ this information has extra precautions on it, such as needing explicit consent for processing it.

Special Category Data includes health, ethnic, religious, biometric and sexual information.

What is meant by ‘processing’?

How data is processed is the core of the GDPR. Processing data means any operation performed on data, such as collecting, storing, recording, organising, retrieval, transmission and so on. The data can be digital, paper based or in any other organised structure.

What consent is required?

If you’re collecting information, you need to give the data subject sufficient information about why you’re collecting the information, what you’re going to use it for and how long you’re hold onto it.

If you plan to use the data for a number of reasons (such as for sending marketing information and for processing an order) you need to give the data subject the option to select each use individually.

If you’ve acquired the data not directly from the data subject, you have a limited time to alert the data subject of how and why you received their data, where it came from, how you plan to use it and to give the data subject information on their rights.

If you’re processing special category data, you need to get explicit consent from the data subject before processing.

Not just consent

Consent is only one of a number of lawful basis for processing personally identifiable information. The GDPR give a number of alternatives that might be more appropriate for your situation.

What rights do you have?

As a Data Subject, you have the following rights to manage how your personally identifiable data is used:

  • The right to be informed
    You have the right to be informed about how and why your personally identifiable information is being processed.
  • The right of access
    You have the right to request access to any personally identifiable information any organisation holds about you.
  • The right to rectification
    You have the right to have accurate information processed. If an organisation has inaccurate information they are required to correct it.
  • The right to erasure
    You have the right to have information erased after it’s lawful processing has completed.
  • The right to restrict processing
    You have the right to restrict further processing of your personally identifiable information.
  • The right to data portability
    In some situations, you have the right to receive a portable copy of your personally identifiable information in a format that can be easily transported to a different provider.
  • The right to object
    In some situations you have the right to object to the processing of your personally identifiable data.
  • Rights in relation to automated decision making and profiling
    If data is being processed automatically and determining your eligibility for some service, you have the right to object to the automated decision making.

GDPR Myths

GDPR Prevents data sharing
This is not true, the GDPR does put security and precautions on how data can be shared, such as the type of data that can be shared, the reason for sharing, who it can be shared with and how the data subject needs to be notified. As long as the reason for sharing data is legal and legitimate and the data subject has been made aware of the share, and given the option to not have their data shared, it is fine to share the information.

American tech giants will ignore the GDPR
A lot of tech giants have their European headquarters in Ireland, the Irish DPA responsible for enforcing GDPR in Ireland is already investigating some of the big global names like Facebook and Apple. The French DPA have already issued a massive £44,000,000 fine against Google over it’s lack of transparency.

California have since released it’s own version of the GDPR, it’s the USA’s most comprehensive data protection laws, and it’s got a lot of support, there have already been calls for a GDPR like US-wide federal law protecting personally identifiable information.

Consent is required for everything
While Consent is a lawful basis for processing information, it’s not the only one. GDPR gives organisations several basis for processing personally identifiable information. You should make sure you’re using the right basis for your processing as ti can affect the rights that users have to their information.

You can’t use marketing emails
Under the GDPR, you need to make data subjects aware how you’re going to process their information. As long as the user chooses (opts IN) to receive marketing information, it’s perfectly fine to use their information in that way.

We don’t use computers, GDPR is only about digital information
The GDPR applies irrespective of the type of filing system you use. If you’re processing information that the GDPR covers, you need to be registered and compliant with the GDPR.

Other information that might be of interest.

Caldicott Report on the handling of medical information.
https://www.igt.hscic.gov.uk/Caldicott2Principles.aspx?tk=436113758099715&lnv=18&cb=3dc43b21-7fd7-4897-af04-0c027c7dd4a3

Windows 10 1903

tinsleyNET #WeCanHelp

May update

Windows 10 update 1903 has been rolling out to devices for a few weeks now, so here’s a quick insight into some of the new and changed features it provides. It’s a big update so set aside some time before installing it, and make sure your device is plugged in and charging!

More details about this update can be found here.

Read more