Germany/BW: LfDI BW: FAQ zu Cookies und Tracking
ULD: Datenschutz im Bereich Social Customer Relationship Management
BakerHostetler on cyber liability caps in contracts.
..using numbers from their annual Data Security Incident Report.
https://www.dataprivacymonitor.com/data-security-incident-response/security-incident-mitigation-strategy-effective-negotiation-of-technology-contract-limitations-of-liability/Common security attributes for Microsoft Azure Services
An overview over all the Azure services and security attributes in the following areas:
- Preventative
- Network segmentation
- Detection
- Identity and access management support
- Audit trail
- Access controls (if used)
- Configuration management (if used)
(This is work in process and currently “only” hosts a set of the first four ring 0 services but more will be coming.)
https://docs.microsoft.com/en-us/azure/security/common-security-attributes
France/CNIL – Data breach – The French Conseil d’Etat lowers the amount of a fine imposed by the French Data Protection Authority
In a decision dated 17 April 2019, the Conseil d’Etat (the Supreme Administrative Court) confirmed a decision of sanction issued by the French Data Protection Authority (the CNIL) but reduced the amount of the sanction from €250,000 to €200,000.
This decision gives precious guidance: in case of a data breach, the implementation of corrective measures is an argument to obtain a reduction of a fine in case of further prosecution by the CNIL.
CNIL – Toolkit for software developers
https://www.cnil.fr/fr/kit-developpeur
Covers various technical and organizational measures (TOM) in context of software development (SDLC)
GDPR certification criteria from Luxemburg
https://cnpd.public.lu/dam-assets/fr/actualites/national/2018/GDPR-CARPA-Criteria-v10.pdf
” This document was prepared by the Commission Nationale Pour la Protection des Données (‘CNPD’) in collaboration with representatives from the audit profession. It contains the criteria for the “GDPR-CARPA” certification mechanism. This document should be read in conjunction with the “GDPR-CARPA” certification mechanism document. These certification criteria are a mandatory requirement to evaluate and report on controls over organizational and technical data protection measures, to be eligible for certification. Evaluation and reporting needs to follow the ISAE 3000 standard. Certification can only be granted by certification bodies that have been accredited by CNPD. “
Synthea – a Synthetic Patient Population Simulator.
Synthea is a Synthetic Patient Population Simulator. The goal is to output synthetic, realistic (but not real), patient data and associated health records in a variety of formats.
Nice offline tool to generate synthetic patient data..
[Paper]: Calibration Fingerprint Attacks for Smartphones
Fingerprinting smartphone devices (using sensors, etc) – globally unique, survives reset
https://www.lightbluetouchpaper.org/2019/05/21/calibration-fingerprint-attacks-for-smartphones/