Mike BradfordThe following is the monthly regulatory update from Mike Bradford of Regulatory Strategies.

The Information Commissioners Office (ICO) has made a statement in light of the recent TalkTalk data security incident:

“Any time personal data is lost there can be a risk of identity theft. There are measures you can take to guard against identity theft, for instance being vigilant around items on your credit card statements or checking your credit ratings”.

Talk Talk were subject to a security attach on 21st October. Police have arrested and bailed a 15 year old boy from Northern Ireland, a 16 year old boy from West London and a 20 year old man from Staffordshire in connection with the cyber attack.

Talk Talk’s Chief Executive Officer has said that the attack was “much smaller than originally suspected.”  Although it has been said that up to 28,000 obscured credit and debit cards and 15,000 dates of birth had been accessed by hackers.  This is the third of three separate cyber attached affecting Talk Talk in the last year. Talk Talk were criticised by the Information Commissioner’s Office for taking more than 24 hours to notify them of the breach.

October also saw Experian in the US hacked where 15 million individuals were put at risk including T-mobile customers. US privacy groups have called for a Federal investigation.

Vodafone has stated that hackers may have accessed bank details of 2,000 customers and has notified the National Crime Agency, Ofcom and the Information Commissioner’s Office.

The Royal Bank of Scotland has been accused of ‘falsifying’ customer information by editing customer emails and call recordings. RBS are complying with the ICO.

European / US Safe Harbor Agreement:

The European Court of Justice (ECJ) ruled that Safe Harbor – a pact between the US and the EU that has been in place for 15 years – was invalid in the 6th October.  The UK Information Commissioner’s Office has commented further about the concern and interest this has caused. Safe Harbor has been used to give businesses the assurance that, should they transfer date to the US from the EU, that data would be adequately

protected therefore helping to ensure that obligations under the 8th Data Protection Principle were met.

Regulatory StrategiesPlease read the full story by downloading Regulatory Strategies latest Newsletter: OCT15-newsletter

Source: Regulatory Strategies