The Neue Zürcher Zeitung (NZZ) has addressed the Cloud Act; Conclusion: American cloud providers are not an option for companies that want to keep secrets. That’s not new, but it’s important because it’s the first time our leading business paper has informed our managers and business owners about the risks involved when using American cloud providers without additional security measures.. The recipe, however, is ineffective and diplomacy will not do
This article was published in 2011 and updated in 2017: “There are many misconceptions in computer and information security that deceive the view on reality. But to make meaningful security decisions, it is important and key to know and truly understand the misconceptions commonly found in computer and information security. In this article, we outline and discuss the misconceptions we think are most common and influential. We divide the misconceptions
Translated with www.DeepL.com/Translator What next? As shown, elementary misconceptions and inadequacies exist in the current EU data protection law. The list could be continued for a long time. One reason for this is certainly that the law was obviously drafted by the data protection lobby. This can be shown by various examples, my dearest thing is the liability of the data protection officer: this is not regulated in the law:
In October 2016 a book about Blockchain by my colleague Daniel Burgwinkel was published with a technical contribution by me on the topic “Trust and Liability”. Here is the Management Summary: Abstract: After the euphoria about the Blockchain technology follows the question of trust in this “new” technology on its feet. Technical security usually plays the smallest role. Rather, the question arises: What must be done to ensure that potential
Die DS-GVO ist ein Gesetzesmonster welches bereits bei der Publikation hoffnungslos veraltet war. Was sind die wichtigsten Fehlüberlegungen der DS-GVO und der klassischen Datenschutzansätze? Diese Artikelserie geht darauf ein.
Translated with www.DeepL.com/Translator No security or communication professional understands the motivation for the 72 hour data breach notification rule (Art. 33). The problem here is that, in practice, it is impossible to make a statement within a period of three days about the impact of the vulnerability of a system that has been exploited. This can be compared to an aircraft accident: We must inform them as quickly as possible
Translated with www.DeepL.com/Translator Are you astonished? Do you have the impression that information security is a very important topic today? Then your attitude is the same as mine. The data protection laws and above all the DS-GVO in no way reflect the importance of information security (Art. 32 has just 4 paragraphs, actually no more than a side note). Nothing has been done here and not even the old
Translated with www.DeepL.com/Translator If one reads the press reports about real or alleged data protection violations, then the discussion always moves in the direction of the “big one”, i.e. Facebook, Google and Co. One could conclude that the GDPR also has these providers in its sights, but that is far from the case. The EU legislator apparently didn’t seem to care whether the data protection law was applied to the
Sind Einwilligungen im Rahmen der Komplexität heutiger Dienste überhaupt noch möglich?