Daily Archives: February 11th, 2019

ICO Releases Top Tips for Passwords and Encryption Under the GDPR

February 11th, 2019 Posted by Uncategorised 0 comments on “ICO Releases Top Tips for Passwords and Encryption Under the GDPR”

While the GDPR has been in place for several months, the ICO kicked off the new year by updating their data protection guidance with more details in the realm of encryption and password practices. Here are the highlights:

  • All organisations should possess a proper encryption policy, detailing the use of encryption and outlining associated staff training protocol. The policy should include these standards:
    • Encryption must be included in company risk assessments.
    • The planned encryption method should meet standards such as FIPS 140-2 and FIPS 197.
    • Personal data should be transmitted within an encrypted communication channel over any untrusted networks.
  • The ICO emphasises that businesses with an effective password system possess these qualities:
    • The system needs a proper hashing algorithm. Never store passwords in plaintext.
    • All login pages require HTTPS protection. Limit available login attempts.
    • Users must create a password with more than 10 characters.
    • Two-factor or multifactor authentication should be available as needed.

Cyber Risks and Liabilities Newsletter January/February 2019

February 11th, 2019 Posted by Uncategorised 0 comments on “Cyber Risks and Liabilities Newsletter January/February 2019”

Time is limited for the UK and the EU to craft a proper withdrawal agreement before Brexit takes place on 29th March 2019, leaving room for a range of possible outcomes. Despite the uncertainty, however, it’s crucial for your business to be prepared for anything—especially in the realm of data and technology. No-deal or not, ensure your organisation remains successful and compliant during the Brexit process.

  • Transferring data—Regardless of Brexit’s impact, the GDPR is here to stay. But in terms of data transfers, it’s important for your organisation to review its current export practices. Businesses that transfer data between the UK and EU should keep in mind that this could be considered an international practice post-Brexit. This means your organisation must comply with the GDPR’s restrictions on international data transfers by creating a contractual clause.
  • Protecting your database—Currently, an EU right known as the Sui Generis right protects all EU databases. In a no-deal, UK businesses established by UK nationals may lose this right. Protect your database in this scenario by including developers with EU connections in your workforce.
  • Securing your supply chain—In the event of a no-deal, any arrangements your business has involving the circulation of technology or hardware with the EU may suffer at the hands of customs delays and potential border regulations. Be sure to revisit your supply chain and develop methods to limit your risk.
  •  Reviewing your workforce—Many UK organisations employ EU nationals within their workforce. This practice could be problematic if a no-deal takes place and changes current immigration requirements. Make sure all EU nationals have applied for ‘settled status’ to ensure they can continue working for your organisation post-Brexit.
  • Updating agreements—Finally, your business should review all contracts and agreements for material technology with Brexit in mind. Pay close attention to elements such as the territorial scope of licences, the location of personal data, rights in databases and currency changes. In addition, ensure ultimate peace of mind during Brexit by securing proper cover, such as trade
    credit insurance. For more information, contact Hamilton Leigh today.
WordPress Image Lightbox Plugin