data security

Very Good Security makes data ‘unhackable’ with $8.5M from Andreessen

“You can’t hack what isn’t there,” Very Good Security co-founder Mahmoud Abdelkader tells me. His startup assumes the liability of storing sensitive data for other companies, substituting dummy credit card or Social Security numbers for the real ones. Then when the data needs to be moved or operated on, VGS injects the original info without clients having to change their code. It’s essentially a data bank that allows businesses to stop storing confidential info under their unsecured mattress. Or you could think of it as Amazon Web Services for data instead of servers. Given all the high-profile breaches of late, it’s clear that many companies can’t be trusted to house sensitive data. Andreessen Horowitz is betting that they’d rather leave it to an expert. That’s why the famous venture firm...

What can we learn from the Dixons data breach that blew up after disclosure

European consumer electronics retailer Dixons Carphone’s apologetic admission yesterday that a 2017 data breach was in fact considerably worse than it first reported suggests disclosures of major breaches could get a bit more messy — at least under the early reign of the region’s tough new data protection framework, GDPR — as organizations scramble to comply with requirements to communicate serious breaches “without undue delay”. Although, to be clear, it’s not the regulation that’s the problem. Dixons’ handling of this particular security incident has come in for sharp criticism — and is most certainly not a textbook example of how to proceed. Dixons Carphone disclosed a breach of 5.9M payment cards and 1.2M customer records in mid June, saying it had discovered the unauthorized access to...

AI spots legal problems with tech T&Cs in GDPR research project

Technology is the proverbial double-edged sword. And an experimental European research project is ensuring this axiom cuts very close to the industry’s bone indeed by applying machine learning technology to critically sift big tech’s privacy policies — to see whether AI can automatically identify violations of data protection law. The still-in-training privacy policy and contract parsing tool — which is called ‘Claudette‘: Aka (automated) clause detector — is being developed by researchers at the European University Institute in Florence. They’ve also now got support from European consumer organization BEUC — for a ‘Claudette meets GDPR‘ project — which specifically applies the tool to evaluate compliance with the EU’s General Data Protection Regulation. Early results from this project hav...

Instapaper on pause in Europe to fix GDPR compliance “issue”

Remember Instapaper? The Pinterest-owned, read-it-later bookmarking service is taking a break in Europe — apparently while it works on achieving compliance with the region’s updated privacy framework, GDPR, which will start being applied from tomorrow. Instapaper’s notification does not say how long the self-imposed outage will last. The European Union’s General Data Protection Regulation updates the bloc’s privacy framework, most notably by bringing in supersized fines for data violations, which in the most serious cases can scale up to 4% of a company’s global annual turnover. So it significantly ramps up the risk of, for example, having sloppy security, or consent flows that aren’t clear and specific enough (if indeed consent is the legal basis you’re relying on for processing people’s ...

Facebook faces fresh criticism over ad targeting of sensitive interests

Is Facebook trampling over laws that regulate the processing of sensitive categories of personal data by failing to ask people for their explicit consent before it makes sensitive inferences about their sex life, religion or political beliefs? Or is the company merely treading uncomfortably and unethically close to the line of the law? An investigation by the Guardian and the Danish Broadcasting Corporation has found that Facebook’s platform allows advertisers to target users based on interests related to political beliefs, sexuality and religion — all categories that are marked out as sensitive information under current European data protection law. And indeed under the incoming GDPR, which will apply across the bloc from May 25. The joint investigation found Facebook’s platform had made ...

UK report urges action to combat AI bias

The need for diverse development teams and truly representational data-sets to avoid biases being baked into AI algorithms is one of the core recommendations in a lengthy Lords committee report looking into the economic, ethical and social implications of artificial intelligence, and published today by the upper House of the UK parliament. “The main ways to address these kinds of biases are to ensure that developers are drawn from diverse gender, ethnic and socio-economic backgrounds, and are aware of, and adhere to, ethical codes of conduct,” the committee writes, chiming with plenty of extant commentary around algorithmic accountability. “It is essential that ethics take centre stage in AI’s development and use,” adds committee chairman, Lord Clement-Jones, in a statement. “The UK has a ...

Splunk’s data analytics gets a security boost with $350 million acquisition of Phantom Cyber

The data analytics service provider Splunk is giving itself a security upgrade with the $350 million cash and stock acquisition of the security automation technology developer, Phantom Cyber. One of the new darlings of the security industry, Phantom Cyber launched just four years ago to automate responses to digital threats. Part of a new breed of tools that use network analysis and machine learning to respond to potential security breaches, Phantom Cyber had previously raised $22.7 million in funding from investors including Kleiner Perkins Caufield & Byers, Foundation Capital, the In-Q-Tel (the investment group affiliated with the Central Intelligence Agency), according to Crunchbase. Following the acquisition, Phantom Cyber’s executive team will report in to Splunk’s head of securit...

BigID pulls in $14 million Series A to help identify private customer data across big data stores

As data privacy becomes an increasingly important notion, especially with the EU’s GDPR privacy laws coming online in May, companies need to find ways to understand their customer’s private data. BigID thinks it has a solution and it landed a $14 million Series A investment today to help grow the idea. Comcast Ventures, SAP (via SAP.io), ClearSky Security Fund and one of the company’s seed round investors, BOLDstart Ventures, all participated in the investment. The deal closed last week. Today’s investment on top of the $2.1 million seed round in 2016 brings the total raised to $16.1 million. CEO and co-founder Dimitri Sirota says before companies can do anything with their data, they have to understand what they have. The starting point therefore is creating a catalogue of private data ty...

Facebook starts polishing its privacy messaging ahead of GDPR

As the May 25 deadline for compliance with the EU’s updated privacy framework fast approaches Facebook is continuing to PR the changes it’s making to try to meet the new data protection standard — and steer away from the specter of fines that can scale as high as 4% of a company’s global turnover. Today it’s published — for the first time — what it dubs a set of “privacy principles” that it says guide its approach to handling users’ information, making grand claims like: “We give you control of your privacy“, “You own and can delete your information” and “We are accountable“. In truth it’s just cribbing chunks of the GDPR and claiming the regulation’s principles as its own. So full marks for spin there. The EU’s sharply tightening enforcement regime for data protection also explains why Fa...

WTF is GDPR?

European Union lawmakers proposed a comprehensive update to the bloc’s data protection and privacy rules in 2012. Their aim: To take account of seismic shifts in the handling of information wrought by the rise of the digital economy in the years since the prior regime was penned — all the way back in 1995 when Yahoo was the cutting edge of online cool and cookies were still just tasty biscuits. Here’s the EU’s executive body, the Commission, summing up the goal: The objective of this new set of rules is to give citizens back control over of their personal data, and to simplify the regulatory environment for business. The data protection reform is a key enabler of the Digital Single Market which the Commission has prioritised. The reform will allow European citizens and businesses to fully ...