* Posts by mark 120

84 posts • joined 19 Jun 2009


Review of IR35 is in: Quelle surprise, UK.gov will forge ahead with controversial tax reforms in the private sector

mark 120

Re: You're not supposed to kill the goose

Tell that to the care workers, the pharmacy locums, the lorry drivers who are also now deemed inside IR35.

Traffic lights worldwide set to change after Swedish engineer saw red over getting a ticket

mark 120

Wouldn’t it be better

If the timing changes so that it begins from when the opposing lights turn green rather than when others turn red? If safety is the priority it seems to me it’s more adjustable for various factors that way.

Talk about unintended consequences: GDPR is an identity thief's dream ticket to Europeans' data

mark 120

Re: Shirley

you mjight want to read what the ICO say, about Consent not being required always and, in fact, not relying on it if theres sonething else more appropriate:


mark 120

Re: Shirley

Not neccessarily. Depends on why they share the info, as for some non-marketing purposes they don't need consent. It's the legitimate business interest argument - when you apply for a mortgage, they could ask for all sorts of ID to prove your identiity, or they can choose to go off to a checking service and get the info that way. It's a more efficient way of doing it, and they don;t need consent provided they tell you that as part of the application process they''ll be doing it.

mark 120

GDPr requires that if a request is made elctronically, then it must be responded to in electronic format, unless otherwise requested. He doesnt say what format he used, but assuming he requested email then:

the response should have gone either to a secure portal to which the genuine account holder had access, or could be given access

or the response should have been sent securely, and if by email then encrypted and 2fa used to provide the genuine account holder with the password

In either case, the genuine account holder should also have been provided with an acknowledgement of the request, which would have alerted them to such a request.

Lancaster Uni data breach hits at least 12,500 wannabe students

mark 120

72 hours

72 hours to the regulator. The victims only to be notified if the breach results in 'a high risk to the rights and freedoms of individuals', with the risk level self-defined or when the ICO tells you to notify them.

Panic as panic alarms meant to keep granny and little Timmy safe prove a privacy fiasco

mark 120

Re: Hardly a surprise

Perhaps I'd bother, if my ex had custody of the kids and I wanted to know where they now resided, and when they're likely to be unattended.

Blundering London council emails unredacted version of notorious Gangs Matrix to 44 people. Data ends up on Snapchat

mark 120

Re: Thanks for the explanation

I took that to mean that it contained additional rows or columns, i.e. someone had added further information to that version and not replicated it in the original.

Earth's noggin took quite a clockin' back in the day: Now a second meteorite crater spotted under Greenland ice

mark 120

Whats that thing between the two known craters?

About halfway between them, the round thing with the smoothish edges?

Fujitsu pitched stalker-y AI that can read your social media posts as solution to Irish border, apparently

mark 120


How do they propose linking social media identities to registration numbers? Will it be a mandatory field next time you register a vehicle?

Even if the technology worked, which it doesn't, such remote coverage only lets you identify that an offence was possibly committed, and not the prevention of such offences. By the time the system has flagged that car reg 'SMUGGL3RS' has made ten trips across the border and turn right round again, there are ten smuggled loads of whatever in circulation. You can stop the 11th, and prosecute for it, but by then there's another hapless mule lined up and the crooks have made their money.

Ca-caw-caw: Pigeon poops on tot's face as tempers fray at siege of Lincoln flats

mark 120

Manchester has this covered

Perhaps ship this enterprising chap down there?


Romford Station, smile! You're in London cops' final facial recog 'trial'

mark 120

Re: How does one decline to be scanned?

if I wear a plastic bag can I claim police brutality as well?

mark 120

How does one decline to be scanned?

Do I need to provide a photograph so they can add it to a 'do not scan' database?

Six Flags fingerprinted my son without consent, says mom. Y'know, this biometric case has teeth, say state supremes...

mark 120

He's from Illinois, can't he just grow a new one afterwards?

Shift-work: Keyboards heaped in a field push North Yorks council's fly-tipping buttons

mark 120

Re: Examine them

No use to anyone though. If the keyboards are second hand, it only tells you who used them at some point in the past, not who dumped them. Even then, it only identifies that pool if their DNA is already on file, unless you're going to have a dragnet and sample everybody with at least one arm within 50 miles of Craven

First it was hashtags – now Amber Rudd gives us Brits knowledge on national ID cards

mark 120

Re: Amber Rudd

I'm fairly sure she'd float, if youre referring to the ancient test.

US voting systems: Full of holes, loaded with pop music, and 'hacked' by an 11-year-old

mark 120

Benedict Arnold

I'd just like to point out that he was a patriot, unlike that Washington bloke.

Do you really want your kids' future in the hands of Capita? Well, too bad

mark 120

Nope. Legitimate buisness interest covers it.

As GDPR draws close, ICANN suggests 12 conflicting ways to cure domain privacy pains

mark 120

There's another Article which says you can't make a service or product conditional on signing up to Marketing, and it reads like that's exactly what they're proposing to do. So they're still wrong.

UK.gov denies data processing framework is 'sinister' – but admits ICO has concerns

mark 120

Re: I'm wondering about non-working days..

GDPR wants the notification to the ICO within 72 hours, not three working days. I can't see this being different.

Sky customer dinged for livestreaming pay-per-view boxing to Facebook

mark 120

Re: I'm Guessing Russian Hackers

SKY were one of the 4000 viewers on his stream.

Merry Christmas, UK prosecutors: Here's a special gift... a slap from the privacy watchdog

mark 120

Re: Haa Haa Haa


No. GDPR comes in by May, reducing the response time to 30 days. Gov has already said we will align with GDPR, even if it means bringing in an equivalent bill. So if anything, the DoJ will be even more fucked by October unless it's got it's processes sorted oout.

Caption this: Capita staff picket a bunch o'er pickled pensions

mark 120

First photo

Capita security called into question as pen tester steals flag from under noses of of staff.

Juicy fine for Bradford firm after it blurts one million spam texts

mark 120

Re: About time fines were set as percentage of annual turnover

May next year. GDPR. 4% of turnover, or 20m euros, whichever is higher.

Russian hackers selling login credentials of UK politicians, diplomats – report

mark 120

It's an old password, but it checks out.

Payday lender Wonga admits to data breach

mark 120

Re: Cheap labour

Unfortunately the ICO can only fine them £500k, and as the card details seem to be in line with PCI that alternative is out too.

now if this had come a year later when GDPR is in effect and the maximum fine ramps up to the greater of £20m or 4% of turnover, it may have been different...

Europe's data protection rules set a high bar for consent – and UK ICO welcomes your thoughts

mark 120

Re: question

Assuming that the purpose of sharing the data is one which requires consent, and not an exemption such as for the purposes of national security or crime prevention. Or that it isn't already covered on another basis, such as being required for the fulfilment of a service contract.

What do you call a firm that leaves customer financials unencrypted on a hard drive? RSA

mark 120

I'll assume from their comment that they're also still not PCI compliant yet, either, and further, more considerable, funds may be leaving their organisation in future.

Why the UK is unlikely to get an adequacy determination post Brexit

mark 120

While they may not know that this applies to them, one would expect that they had something in place to review legislation and determine whether they are or are not in scope of it, on a regular basis.

I think that leaves two possibilities:

1) They are incompetent, and genuinely have no idea what regulations apply to them

2) They know which regulations apply to them, but wilfully ignore them.

Which is it?

Data use rules set to be loosened under new EU e-Privacy laws - report

mark 120

Re: Yay for lobbyists

That would seem to contradict the requirements of GDPR, which requires that marketing opt-ins are made by a positivie action by the user - in other words, you have to actively agree to opting in and a passive system isn't acceptable.

TfL to track Tube users in stations by their MAC addresses

mark 120

GDPR to the rescue

Recording the MAC address means it can be tied back to an individual, and is therefore personal data. They'll therefore need to gain consent for processing it.

US citizens crash Canadian immigration site after Trump victory

mark 120

Re: Any hope of crowd sourcing a Pence for president "solution"?

You didn't notice that the guy who shot Reagan was paroled a month or two back, then? Probably been on a CIA range ever since ...

Not call, Intel – not call: Chipzilla modems in iPhone 7s fall short

mark 120


Apple will have specified the performance parameters when they went to the the suppliers. If they did, and the products are within those, then there's no problem. If they didn't, or they aren't, then there's a problem. I can't see Apple making such elementary mistakes, but stranger things have happened.

Vodafone rapped with RECORD £4.6m fine for failing customers

mark 120

As of two weeks ago

nothing has changed.

Failed to collect direct debit

threatened to cut off service as a result of not collecting payment

agreed not to cut off service

sent text saying service would be cut off unless payment recieved

confirmed service wouldnt be cut off

cut off service

reinstated service

sent text saying service would be cut off unless payment recieved

confirmed service wouldnt be cut off and DD was now set up correctly

Police raid India call centre, detain 500 in fraud probe

mark 120

"Good afternon, Telephone Preference Service, how can I help you?"

Should Computer Misuse Act offences committed in UK be prosecuted in UK?

mark 120

Re: Seems simple to me

Fancy it, no. Nor would I have the right to whinge about it if that's the published consequence of the activity.

mark 120

Seems simple to me

If you break into / illegally access a server or system, then you're prosecuted in the place that the server or system resides.

To put it another way, if I co-ordinated a bank robbery in another country, where would I be tried? I'm fairly sure it wouldn't usually be in Britain.

ICO boss calls for EU-style data protection rules post-Brexit

mark 120

We'll put in place exactly the same regulation, only we'll call it the 'Great British Data Protection Regulation' so the Brexit crowd think they've taken back control.

DVLA misses out on £400m in tax after scrapping paper discs

mark 120

Re: This should be one of the easiest taxes to collect ...

ANPR camera at every petrol station. No current record, no petrol (and maybe the drive-off barriers come up for good measure).

Tupperware vehemently denies any link to storage containerisation

mark 120

Real name?

Jane More O'Ferrall? More Overall? That can't be a real name, surely?

Who'll guard your personal data post-Brexit?

mark 120

Why would you want to spend the effort, time and money drafting an equivalent law? It'd be the same thing, only it 'll say 'British Data Protection Regulation' instead of "European". Same goes for every other piece of legislation we need to replace. They already exist, and assuming we want to deal with Europe in any way then we'll have to the same in all but name, allowing for fairly minor amendments acceptable to the EU.

mark 120

Slight correction

The GDPR is in effect now, but we've got until May 2018 to become compliant with it. If organisations aren't already applying or planning to apply at least some of the principles already, then they're quite likely to run out of time. Even if we vote Leave, we won't get out for at least two years so the GDPR will be being enforced before we've managed to exit the EU.

Dyfed-Powys Police fined for publicising pervs' particulars

mark 120

Re: Why don't we have a register of all criminals?

Mp's wont pass legislation for an open list they will appear on.

TalkTalk scam-scammers still scam-scamming

mark 120

It's only half a million quid right now, but the replacement for the DPA (the EU General Data Privacy Regulation) allows for 4% of global turnover or 20 million Euros, whichever is higher. It might actrually result in companies taking their data security a bit more seriously in future.

Firms that make 'questionable use' of your data will pay... with their reputations

mark 120

Isn't this already covered under the new EU General Data Privacy Regulation? That mandates a fine of up to 4% of global turnover or 20 million euros, whichever is higher, and they have specific details around only using information for the purpose for which it was collected.

ISIS operates a crypto help desk – report

mark 120

Can it be hacked?

Update the FAQs and the help database, to give useless answers?

"If you're having trouble communicating, immediately disable ToR and try again. If that fails, send an email containing your name and address to [email protected]

TalkTalk hired BAE Systems' infosec bods before THAT hack

mark 120

Re: Hmmmm

So they were responsible for securing the intranet, yes?

Drones are dropping drugs into prisons and the US govt just doesn't know what to do

mark 120

How about...

...having guards watch the yards and pick up anything that is dropped? It can't be that hard to detect a drone and send somebody over to the rough location it went to, then remove anything on the ground, can it? Far easier than a purely blocking tactic.

TalkTalk downplays extent of breach damage, gives extra details

mark 120


If you've got an 18 digit PAN, as with some Visa issued cards, and remove the middle six, how many digits are left?

mark 120

Middle six digits removed? I hope they meant to say that only the first six and last four digits were stored, as otherwise that's a(nother) breach of PCI rules.



Biting the hand that feeds IT © 1998–2020