The ICO have issued a fine of £500,000 to Facebook in light of serious breaches of data protection law. This was the maximum fine that could be issued under the Data Protection Act that was in place at the time of the breaches, under GDPR the fines could have been considerably higher.
Facebook have been found to have processed the personal information of users unfairly, notably allowing developers access to personal information without sufficiently clear and informed consent. Access was even granted to users information who had not downloaded the app, but were friends of users who had.
Additionally, Facebook failed to make suitable checks on the apps and developers using their system. One developer was able to harvest the personal information of up to 87 million users worldwide, without their knowledge.
After the Cambridge Analytica story broke and the breach of data protection was identified, Facebook failed to manage the breached data, waiting almost 3 years before suspending some developers access to the system.
Facebook failed to sufficiently protect the privacy of its users before, during and after the unlawful processing of this data. A company of its size and expertise should have known better and it should have done better.
Elizabeth Denham Information Commissioner
General Data Protection Regulations
Data Protection Act 2018
The GDPR UK implementation and the UK Data Protection Act 2018 govern how organisations can process personally identifying information.
If your organisation needs to process personal information, it needs to be registered on the ICO database, and have a Data Protection Policy in place detailing the use of personal information.
Personal Information is any information that can identify an individual, such as employee names, customer id’s or CCTV footage.
If you need help assessing your GDPR compliance, contact us immediately for a GDPR review.
A recent survey of full-time employees highlighted the gap between company IT security policy and the awareness and effectiveness of that during day-to-day practices. Read more
There’s a growing awareness of the importance of keeping your information secure and many people are now looking at ways to protect their internet communications. With Google upping the standards on secure HTTP connections and the GDPR re-emphasising the importance of protecting information both in your care and during transport, attention has been turned to the insecure, ubiquitous, e-mail.
Facebook now say Cambridge Analytica had access to 87 million accounts
“It is reasonable to expect that if you had that [default] setting turned on, that in the last several years someone has probably accessed your public information in this way“ Mark Zuckerberg (BBC News)
Mark Zuckerberg has said that 1.1 million of the accounts improperly accessed by the political consultancy were from UK based users. He said that some malicious services had used a facility that allowed them to link the public profile of a user to an email or mobile phone number acquired elsewhere. Read more
As we roll on towards the European Union General Data Protection Regulation early next year, it’s becoming even more important for companies of all sizes to tackle data security within their structure. Small businesses may have a simpler organisational setup but lack the required skills and resources to manage their data within the new regulations framework, and medium sized enterprises might have some in-house IT skills, but a massively more complex data structure and processing setup that are adding to data security issues. Read more
Being able to plan for every eventuality would be a massive undertaking, so complex that you would spend all your time planning for the worst and not actually get anything else done.
But not planning enough could be your downfall if something unexpected goes wrong. So there needs to be a compromise, how much security and planning is enough?
Individuality
The level of security you need to take is completely unique to your business and your needs. But there’s one thing for sure, the security you need can not be bought pre-packed in an off-the-shelf solution, not if you want it to actually work.
What is security?
What do you think of when you consider the security you need?
For some it’s about personal security, either for yourself or a vulnerable relative, others might think of property security such as CCTV, dash-cams, digital door locks and remote entry systems. Then there’s digital security and that can encompass a wide range of things such as networks, documents, photos and portable devices.
Precious Data retention Keeping a secure and effective backup of your precious data, be it corporate accounts files or the irreplaceable photos on your phone, we all have precious data that needs looking after.
Company Network Security With so many data breaches being reported on the news it’s impossible to not be aware of the damage to your companies reputation a breach of data could cause.
Was the breach from outside your company or from inside?
Was the data protected under the law?
Who do you need to notify?
How can you prevent it happening again?
How can you meet expectations?
Home Network Security The security of home networks is just as vital as the security of business networks. Your home network could be breached for a number of reasons; to infect home devices with malware, to steal data and information, to take over your network connected IoT devices
Personal Device Security The security of your personal devices, such as smartphones and tablets, is even more crucial now that so much personal information is being stored on them, along with all your photos.
Identity Security Protecting your identity is key to all security, having the correct privacy settings in place on social media is only the start. You need to be aware of all the methods being used to scam users, from fake profiles to fraudulent apps, making sure you know what you’re clicking before you click is paramount.
#WeCanHelp
Whatever your security needs, we can design and deliver the solution to meet them.
From home users to corporate networks, we can supply you with the most efficient security solution to help keep you, your company and your precious data safe.
It’s no good dwelling on the fact that you should have had backups of that critical data when the hard disk drive containing the only copy has started making funny noises and is refusing to work.
Try to minimise damage
Hard disk drives have mechanical moving parts just like a needle and arm on a record player (not sure what a record player is? please don’t make us feel that old!!) so at the first sign of something going wrong, stop trying to use the disk. Immediately.
If you know how to, unplug it from the computer and handle it carefully.
Data can probably be recovered from a hard disk with a faulty actuator arm or damaged read/write heads, it can’t be recovered from a hard disk that’s had the heads repeatedly scratched all over the surface of the disk.
SSD
Modern solid state drives are a different matter, no moving parts to worry about, but also no physical medium that can be searched for missing data. That’s not to say that your data is absolutely lost, but getting the drive assessed quickly is paramount.
#WeCanHelp
If you have a hard disk that’s stopped working, unplug it if it’s external, or turn off the PC/laptop that it’s in then contact us immediately.
It could be a fault on the power side of the hard disk, and so recovery of the data should be fairly easy, but if there is damage to the internal read/write mechanism, it will need to be opened in a specialised clean room and the platters removed by professionals.
If you’ve accidentally deleted data from a device, stop using it to try to preserve the data, turn it off and then contact us.
