In this digital age, the lines between the virtual and the real world are increasingly blurring. We’ve all heard tales of a friend who got hacked. Perhaps, you’ve even been a victim yourself? As educators, navigating this digital world is hard enough without having to manage a cyber attack on top! Multi-Factor Authentication (MFA) is…
Read more
The right to access is a fundamental right contained within many data protection regulations globally. In particular the EU and UK General Data Protection Regulations. The right to access can often cause headaches for business. Tens of thousands of Data Subject Access Requests are made every month and sadly, many are not fulfilled properly. Many…
Read more
Data Subject Access Requests (DSARs) can be onerous at the best of times but there are some situations which send a shudder down the backs of many a Data Protection Officer. The DSAR could be from a long-standing customer of many years who has been the victim of fraud. It could come from a parent…
Read more
Normally around this time of year, I pick a nice Christmas film and write a themed piece to remind the defenders that whilst they are playing the new Call of Duty, hackers from around the world might be playing on their corporate networks. This year is different, there are many people who are struggling this…
Read more
What’s in a company name. Quite a lot. It’s a key part of an organisation’s brand. It’s how customers identify an organisation. A company’s name is sacrosanct! Organisations want their customers to think positively about their name. They want their customers to tell their friends positive things about their experiences with their brand. What organisations…
Read more
Information Classification (IC) is core to an effective security programme. After Asset Management, it’s probably the most important component of an Information Security Management System. For those already certified to the current version of 27001, your old information classification system is likely to need a revamp. The new 27002:2022 control guidelines have been updated to reflect…
Read more
It’s the beginning of the year and some bright spark in the marketing department has an idea for recycling last year’s lead-generating article. Even though none of last year’s predictions actually came true, how about we make some new predictions about what is going to happen in 2022. We can then show how our suite…
Read more
When pitching for consultancy work, many of our clients are [initially] surprised we at Fox Red Risk do not price any of our services based on a daily rate model. It seems the majority of consulting organisations, small and large, price their jobs based on some form of time-based billing. This billing approach may be…
Read more
According to the 2020/21 ICO annual report, around half of the [46% of ~40k] complaints the regulator receives are related to subject access. Fulfilling DSARs is clearly an area where Data Controllers are facing challenges with data subject satisfaction. In a previous article, I wrote about coping with DSAR volumes, suggesting methods to bring such high numbers…
Read more
Working out the lawful bases for your processing activities can be a challenge. Whilst the ICO has guidance and a useful tool to help organisations determine the lawful bases of processing, the final decision will always rest on the Controller organisation to defend. A Controller thus needs to document their lawful bases properly because if…
Read more
