One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 4576358 |
| Date de publication | 2022-05-11 18:51:20 (vue: 2022-05-11 07:05:35) |
| Titre | AA privacy breach --> policy update? |
| Texte |  According to a Radio New Zealand news report today:"Hackers have taken names, addresses, contact details and expired credit card numbers from the AA Traveller website used between 2003 and 2018. AA travel and tourism general manager Greg Leighton said the data was taken in August last year and AA Traveller found out in March. He said a lot of the data was not needed anymore, so it should have been deleted, and the breach "could have been prevented"."The disclosure prompted the acting NZ Privacy Commissioner to opine that companies 'need a review policy':"Acting Privacy Commisioner Liz Macpherson told Midday Report that if data was not needed it should be deleted ... Companies needed a review policy in place to determine if the data stored was neccessary, or could be deleted, Macpherson said."So I've looked through our SecAware information security policies to see whether we have it covered already, and sure enough we do - well, sort-of. Our privacy compliance policy template says, in part:"IT systems, cloud services and business processes must comply fully with applicable privacy laws throughout the entire development lifecycle from initial specification though testing, release, operation, management and change, to final retirement. For example, genuine (as opposed to synthetic) personal information used during the development process (e.g. for testing) must be secured just as strongly as in production, and securely erased when no longer required."The final clause in that paragraph refers to 'secure erasure' without specifying what that really means, and 'when no longer required' is just as vague as determining whether the data remains 'necessary'. That said, the remainder of the paragraph, and in fact the rest of the policy template, covers other relevant and equally important issues - including compliance with applicable p |
| Envoyé | Oui |
| Condensat | for 0cm 0pt; 2003 2018 4pt 4pt; above according acting additional addresses adequate after all already alt:0cm although ansi any anymore appear appears applicable applies approach approaches appropriate are article associate associated august automated been between bold breach business card change checks choice clause cloud colband commisioner commissioner companies compliance comply confirms contact context continue controller controls convinced copies costly could covered covers credit customers data date dates deeper defined definitions deleted deletes deletion deliberately dependent detail details determine determining development digging direction disclosure discretion doesn doubtless during elaborating end enough ensuring entire equally erase erased erasure example existing expanding experts expired expiry explicit extended fact false family: fareast final font found from fully functions further gdpr general generic genuine give greg gte hackers have helpful however implementation important including information initial issues just language:en last law laws lawyer leave legal leighton lifecycle limited liz loaded longer looked lot macpherson management manager manual march margin:0cm; means member midday might minimum more mso msonormaltable must name: names neccessary necessary need needed new news none normal noshow:yes; not now numbers obligation one operation opine opposed originally orphan; other out padding pagination:widow para paragraph parent: part part: particular particularly period period; periodic permission personal phrase place plus policies policy practical pre prevented principal priority:99; privacy procedures process processed processes processing processor production prompted provision purposes quite radio really reasonable recital records redundant; refers regulations relating release relevant remainder remains report required requires rest restrict retirement returned returns review roman rowband said say says secaware secure secured securely security see serif; service services should size:0; size:10 sort specification specifying state statement storage stored storing strict strongly style such sure synthetic system systems table taken template templates testing think though through throughout times today: told too tourism travel traveller truly tstyle union unless update updated us; used using vague valid validation valued various website well what when whereas whether which within without wondering worth would year zealand |
| Tags | |
| Stories | |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.