
Contact Us
Privacy: We will not use details provided for any purpose other than responding to your inquiry. Please see the privacy policy for more details.
Blog & Articles
Diana Initiative 2020 – Making space for security and data protection governance
I was lucky enough to get to talk at the Diana Initiative 2020 conference. One particularly bright side to complement all the compromises we have been making this year. I have wanted to speak there since friends of mine took the original diversity friendly offshoot of...
Opinion: Paying to play with our personal data – is it ok?
We’ve migrated from ‘Hot or Not?’ to being held virtually hostage by many of the digital platforms we rely on today. In the midst of that a new processing paradigm has emerged. Myriad startups want to pay to play with your personal data. Can this tackle on-going...
In AI we will blindly trust…
...and the architects, designers, data scientists, and developers will think we are nuts I've been driven back to the blog to talk about one very specific aspect of privacy, data protection and Artificial Intelligence (exchange for Machine Learning or Algorithms as...
Opinion: Morrisons, vicarious liability, and risk management reality
On the face of it organisations were just made liable for nefarious data doings of any nasty individual they might have had the misfortune to employ... or nice employees who just mess up. Even if organisations do nothing wrong and things happen in spite of...
Data Protection, Security, and the GDPR: Myths and misconceptions #2
Welcome back! This is a shamefully delayed sequel to my first instalment of security themed GDPR thoughts: Data Protection, Security, and the GDPR: A fraught and fuzzy relationship. Here I look back again over my pre-privacy IT and InfoSec career to spot things likely...
Where and to whom does the GDPR apply?
Yeah, I doubted my sanity going at this one too, but here I am, because working out whether or not the GDPR would apply in different practical and geographical circumstances is proving harder than it really should...for everyone. This regulation has been my almost...
Facebook and Cambridge Analytica – It’s Pandora’s box, it’s open, but it’s been open for a while
Anyone with any knowledge of the goings on in digital advertising, political campaign management, or (for that matter) military information operations, will have been utterly unsurprised by the news over the last few days. It's Pandora's box, it's open, but it's been...
Data Protection, Security, and the GDPR: A fuzzy and fraught relationship
There can be no security without data protection There can be no data protection without security Of course neither is true. These kind of click-baity absolutist positions are a pervasive internet blight designed to divert attention from critical detail to exploit and...
GDPR – You’ve analysed the gaps, but can you close them?
There is a critical gap for most firms: An inability to interpret and leverage gap analysis, data discovery, and mapping output to actually implement technical data processing change. This article is about the challenges most large firms are facing when trying...
GDPR – The Compliance Conundrum
There is one question related to the General Data Protection Regulation that will arguably cause more ulcers than any other: How much is enough? In some portions of the GDPR 'good' is straightforward. In many others we are asked to respect principles of fairness and...
Opinion: The role of automated data discovery in a GDPR programme
Do you have any online profiles or posts featuring those 4 magic characters: G D P R? If so, whether you are a business decision maker, IT body, security body, charity boss, employed data protection pro, or job seeking data protection pro (less and less likely), you...
Cybersecurity to Privacy via the GDPR: A personal and professional journey
I’ve been lucky enough to have a pretty successful security career and gain a modest following for my writing. Mainly stuff about Information and Cybersecurity GRC (Governance, Risk, and Compliance). Gratifyingly, my Infospectives blog also received a fair few award...
Blockchains: Embedding Integrity (a.k.a Blockchain for beginners with an InfoSec twist)
Blockchains are tackling the 'I' in the holy InfoSec CIA trinity (Confidentiality, Integrity, and Availability, not the government agency), more simply and robustly than anything that's gone before. However they are also a source of banker panic,...
Women In InfoSec – GRCers more than hackers? If so, so what? Plus bigger cultural questions
Maria Korolov, writing for CIO Online, summarised key findings from (ISC)2's recent report on Women In Security. A report informed by the their 2015 Global Information Security Workforce Study. The standout figure? Only 10% of information security professionals are...
When Business Culture Eats Cybersecurity For Breakfast – Part One
A four-part story of budget cuts, blamestorming, breaches and massive bumps in the road to mature security. Wild Speculation & IT Transformation Do you remember Nick Leeson? On February 23rd 1995 he sent a fax telling bosses at Barings Bank he was ill and wanted...
Cyber Insurers Dictating Cybersecurity Standards?
A run down of the key challenges with choosing and using cyber insurance called out in the last few months. It looks entirely possible you will have 'adequate' security dictated by your insurers, so it is your job to understand the risk based yardstick they're using...
There Is No Such Thing As Information Security Risk
Having worked in IT and Information Security for 13 years, I've come to the conclusion that there is no such thing as information security risk. There are just business risks that have one or more security or IT related causes. There is a fundamental and persistent...
Harvesting Data From Social Media – A Can Of Data Protection & Privacy Worms?
NOTE: This is a previously unpublished draft. I had completely forgotten about it. I can only assume I felt jumpy for years about depth of some of my data protection knowledge, but it does rather make my subsequent specialisation in data protection less surprising....
Musing: Personal data ownership, virtual employment, and digital symbiotes
This is a post grown from a marmite-ish predecessor. A reaction to the drive to turn our personal data into a market priced commodity. Paying to play with our personal data - is it ok? A segmented unit of product that we are supposed to share for the price of a posh...