Data Breach: A lesson from TICKETMASTER

  There are many ways a company might mess up their data privacy missions. Ticketmaster, one of United Kingdom’s ticket vendors, was fined by the Information Commissioner Office (U. K.’s data protection authority) 1.5 million pounds for failing to protect customer’s payment details.   What’s worse, over six thousand customers’ bank details leaked. This singular […]

Paying attention to data subject access requests

Morayo, a former employee of Chicant IT Limited, was sacked. Some days later, he hand-delivers a letter to the reception of one of his company’s subsidiaries. He asked for a copy of all his company holds about him from the start of his job. He wants all email correspondence about him from his past three […]

Data privacy in acquisitons

Mr Chris, some weeks ago, acquired an artificial intelligence company in Nigeria through his company Chritechs Ltd. Chris is proud of his recent acquisition and plans to merge the operations with the mother company. But, before Chris made the purchase, the Chief Privacy Officer at Chritechs Ltd., in a board meeting, suggested a thorough privacy […]

Data privacy: A tale beyond regulatory compliance

Chioma shouldn’t have sent that document. At least, that’s what her mind tells her daily as she watches the news unfold about her company. She can’t tell her boss about her contribution to the current situation. Her job has been the life-sustaining machinery for her and her family. She knows that the single action she […]

Employing technical controls in information security systems

In last week’s article, I covered physical and environmental control. This week, as promised, I would cover some technical controls that companies can employ in their journey to gain a robust and secure information system. Technical controls are security controls computer system executes to provide some levels of automated protection against unauthorised access or misuse […]

Physical and environmental assessment in information security

Most Nigerian companies store information in the cloud or designated physical data centres. There needs to be a high level of monitoring of these platforms, especially the physical data centres. Yet, most companies rarely pay attention to these physical assets until something happens.   For example, as I assessed a company’s physical and environment component, […]

Incident or Breach? Meanings and responses

Good breach management and incident response systems form core aspects of a robust data protection framework. There is a wide range of ways to respond to a breach. In this week’s piece, I will highlight how to respond to breaches. First, I must state that there is a difference between a breach and an incident. […]