NCCoE page at https://www.nccoe.nist.gov/mobile-device-security
with
- MITRE Att&ck mobile matrix at https://attack.mitre.org/matrices/mobile/
- NIST mobile threat catalog at https://pages.nist.gov/mobile-threat-catalogue/
Germany: DPAs publish checklists for web hosters as data processors
The DPA for Berlin, as well as the DPAs for Niedersachsen, Rheinland-Pfalz, Sachsen, Sachsen-Anhalt and Bayern (LDA) b, are starting a coordinated inspection on the contracts between several web hosters and their customers.
To encourage data controllers to conduct their own checks, the DPA is publishing the following material:
- Checklist – https://www.datenschutz-berlin.de/fileadmin/user_upload/pdf/themen-a-z/a/2022-BlnBDI-Checkliste_Pruefung_AVV_v1.0.pdf
- Guidance on filling out the checklist – https://www.datenschutz-berlin.de/fileadmin/user_upload/pdf/themen-a-z/a/2022-BlnBDI-Checkliste_Pruefung_AVV_v1.0_Ausfuellhinweise.pdf
Article with comments: https://www.cr-online.de/blog/2022/07/19/aufsichtsbehoerden-veroeffentlichen-checkliste-zur-pruefung-von-auftragsverarbeitungsvertraegen/
Denmark: City prohibited to use some Google services
Z-Inspection®: A process to assess trustworthy AI
.. with research paper at
https://www.research-collection.ethz.ch/handle/20.500.11850/554283
Practice guide on Blockchain (2022)
The Blockchain 2022 guide features 20 jurisdictions. The guide provides the latest legal information on decentralised finance (DeFi), updates to tax systems to consider blockchain and cryptocurrencies, non-fungible tokens (NFTs), initial coin offerings (ICOs), smart contracts, data privacy and protection, and mining and staking.
https://practiceguides.chambers.com/practice-guides/blockchain-2022
David Vasella et al: Digital Healthcare in Switzerland (article)
https://practiceguides.chambers.com/practice-guides/digital-healthcare-2022/switzerland
other countries (with other authors) are at https://practiceguides.chambers.com/practice-guides/digital-healthcare-2022
Paper: Investigating GDPR Fines in the Light of Data Flows
Marlene Sämann, Marlene; Daniel Theis, Daniel; Tobias Urban; Martin Dägeling
June 2022, Conference: Privacy Enhancing Technologies Symposium (PETS)At: SydneyVolume: 4
“… Our analysis shows that it is a combination of technical and organizational issues that are involved when a fine is imposed. ”
“Moreover, data protection authorities more often react to data subjects’ complaints when data breaches become public and when health-related data is involved..”
“.. We further show that the root causes for fined data processing lie in the early data life cycle phases (e.g., data collection). Here, organizational problems are more prevalent (601 fines) than technical issues (314 fines), while technical issues are mentioned more often in later life cycle phases (e.g., retention, access and usage). Especially mistakes in the early phases of the data collection process (e.g., lacking a legal basis) and unauthorized disclosure in later phases are fined. ..”
Germany/Sachsen-Anhalt: Häufige Ursachen von Datenschutzverletzungen und Abwehrmaßnahmen
Frequent sources of data breaches and preventive controls (in German)
Germany: Hints to data subjects affected by a data breach (Netzwerk Datenschutzexpertise)
In German, explains options for follow-up actions to data subjects affected by a data breach.
“Betroffen von #Datenschutzverstößen – Was kann ich tun? Handlungsoptionen und Erfolgsaussichten”
12-Seiten-Dokument zum Thema veröffentlicht vom Netzwerk Datenschutzexpertise
https://www.netzwerk-datenschutzexpertise.de/sites/default/files/gut_2022betroffenenr.pdf
Germany: Tätigkeitsbericht LDI NRW (in German)
https://www.ldi.nrw.de/system/files/media/document/file/27_datenschutzbericht_2022_ldi_nrw.pdf
includes page 125ff the audit questionnaire used by them for energy companies: