Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Companies' 'Anonymized' Data May Violate GDPR, Privacy Regs
Newest First  |  Oldest First  |  Threaded View
tdsan
50%
50%
tdsan,
User Rank: Ninja
8/1/2019 | 7:40:42 AM
18 points that should be removed
Dataset Removal

Even if they removed these key elements, it is still easy to find a person because of facial recognition and individuals who are gatekeepers, they are on the take.


At this point, there is too much data out there on individuals that make it easy to find someone; for example, when you send an email to a site, that information can be queried on Google's search engine; if the user posts anything online or posts a picture, that is tagged and identified.


The user would have to not be online from the time they were born in order to not be online, everything is indexed and tagged now (it comes from Google, Microsoft, Amazon, Apple, Cisco, Feds, State, everyone is doing it, they use bots, data-correlation and key-word tagging).


Expert Risk Assessment

From the article posted by the writer, this image comes from the HHS Hipaa information, but what is the criteria for determing the risk (how do you know it is small or not). After all is said and done, this is going to come down to encrpypting data at rest and on the fly in order to ensure PII information does not get out or if it does, it will take countless measures to break it.


T
dauphin
50%
50%
dauphin,
User Rank: Apprentice
7/29/2019 | 4:43:37 PM
Re: Clarification on the GDPR
the researchers conclude that "even heavily sampled anonymized datasets are unlikely to satisfy the modern standards for anonymization set forth by GDPR..." The GDPR is not focusing on datasets but on each information. One can read Recital 27 of the GDPR and understands how the GDPR does not apply to anonymous information. Thus, if working with a dataset or several available databases the anonymization technique has to be applied to each piece of information making sure that none of the remaining unanonymized data does not relate to an identified or identifiable natural person.
tdsan
50%
50%
tdsan,
User Rank: Ninja
7/26/2019 | 8:17:34 PM
Isn't the police department and other federal agencies capturing our faces (facial recognition)
Ok, maybe I missed something, aren't the US police departments using tools to capture information from license plates; as well as capturing information from traffic cameras and cameras on their uniforms. Agencies are performing some sort of facial recognition when they stop you or at the airports, your informaiton is being captured and recorded in a database. Federal agencies and other organizations are capturing your information and this information is being retrieved from a centralized database. The database is called XKeyScore, so at this point nothing is private. This database creates relational tables where they determine relationships based on success rates. There are other tools but I won't go into detail (Facia, Informant, Stingray, etc).
Even if companies are anonymizing data (jumbling or encrypting the data), the user's information is found on Facebook, Linkedin (social media), public records (clerk of court, where you live and stay) and now they have added facial recognition to the equation. I don't think it is the companies that we need to focus on but the other 3 letter agencies that are using our PII data as a way of determining if we are legitimate or not.
Just something to think about.
Todd 


COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/27/2020
The Problem with Artificial Intelligence in Security
Dr. Leila Powell, Lead Security Data Scientist, Panaseer,  5/26/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11059
PUBLISHED: 2020-05-27
In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir publish and aegir build may leak secrets from environment variables in the browser bundle published to npm. This has been fixed in 21.10.1.
CVE-2020-10936
PUBLISHED: 2020-05-27
Sympa before 6.2.56 allows privilege escalation.
CVE-2020-6774
PUBLISHED: 2020-05-27
Improper Access Control in the Kiosk Mode functionality of Bosch Recording Station allows a local unauthenticated attacker to escape from the Kiosk Mode and access the underlying operating system.
CVE-2020-13633
PUBLISHED: 2020-05-27
Fork before 5.8.3 allows XSS via navigation_title or title.
CVE-2020-10945
PUBLISHED: 2020-05-27
Centreon before 19.10.7 exposes Session IDs in server responses.