|
From: | Hendrik Visage |
Subject: | [Sks-devel] Exploiting GDPR (Re: The pool is shrinking) |
Date: | Thu, 15 Aug 2019 20:56:59 +0200 |
And then reading Cryptogram this month: Exploiting GDPR to Get Private Information [2019.08.13] A researcher abused the GDPR to get information on his fiancee: It is one of the first tests of its kind to exploit the EU's General Data Protection Regulation (GDPR), which came into force in May 2018. The law shortened the time organisations had to respond to data requests, added new types of information they have to provide, and increased the potential penalty for non-compliance. "Generally if it was an extremely large company -- especially tech ones -- they tended to do really well," he told the BBC. "Small companies tended to ignore me. "But the kind of mid-sized businesses that knew about GDPR, but maybe didn't have much of a specialised process [to handle requests], failed." He declined to identify the organisations that had mishandled the requests, but said they had included: a UK hotel chain that shared a complete record of his partner's overnight stays two UK rail companies that provided records of all the journeys she had taken with them over several years a US-based educational company that handed over her high school grades, mother's maiden name and the results of a criminal background check survey.
--- Hendrik Visage HeViS.Co Systems Pty Ltd
T/A Envisage Systems / Envisage Cloud Solutions +27-84-612-5345 or +27-21-945-1192 address@hidden |
signature.asc
Description: Message signed with OpenPGP
[Prev in Thread] | Current Thread | [Next in Thread] |