Organizations voluntarily creating big public data breaches are rare. Recently it became widely known that the Public Transport Victoria (PTV) published a dataset of possibly over 15 million users. It was “anonymized”, but PTV may now still face a $336,000 data protection fine. How did this happen? Data Science Read More
It is not often when a major product used by millions rolls out changes reducing the privacy posture. Google Chrome is a recent example. The newly released version 69 automatically signs-in users into the browser whenever the user logs into a Google Service (e.g. Gmail); the change also makes Read More
It is surprisingly difficult to find realistic, interesting and creative privacy case studies. It is perhaps even more difficult in the case of major software. There are no proper motivations for making this kind of work public (employees often paid to do some kind of work in-house; their compensation typically Read More
By now everyone should be familiar with the phenomenon of massive data breaches. It’s no longer news when you can read about private data leaks and breaches in daily press on a regular basis. It’s a trend that one must accept. It just happens. But I find it Read More
Data Protection Impact Assessment (DPIA) is a useful tool that can help organizations to understand the risks related to processed data. DPIA helps to find the right balance and proportions, identify risks, assess the necessity and proportionality and generally help with risk management. Due to the European General Data Protection Read More
Users of public transportation are mainly interested in one thing: getting to the right place conveniently and fast. So do I. Public transportation systems around the world struggle with maintaining their systems as efficient as possible. Transports for London (TfL) is perhaps in the avant-garde here. They are on the Read More
When is Privacy Impact Assessment (PIA) or Data Protection Impact Assessment (DPIA) necessary and mandatory according to the General Data Protection Regulation (GDPR)? So far there has been a lot of ambiguity surrounding the issue. I previously wrote about the DPIA guidelines (and its challenges) suggested by the Privacy Commission Read More
One of the most important cultural change companies and organisations are beginning to face is the need of systematic inclusion of privacy and data protection in technical and organisational frameworks. A crucial aspect of these changes is the need of conducting Privacy Impact Assessments (PIA) and Data Protection Impact Assessments Read More