Archives

Welcome!

The CIPP Guide provides reliable and accurate information to the privacy professional arena. We hope individuals seeking the Certified Information Privacy Professional designation will find further substance specifically targeted at their CIPP pursuit.
Please review the user agreement for the forums and testing services.  CIPP Guide requires registration before use of the testing services.  We hope you find this service useful, and good luck on the exam!

Share

Up in Smoke: Marijuana Dispensary Data Breach

Some Vancouver marijuana dispensary customers’ privacy went up in smoke when their medical records were publicly exposed on the dispensary’s website. Scanned medical documents, passports, prescriptions, birth certificates, mental health reports, biopsy results, and other records were unprotected on the Vancouver Pain Management Society website. The site is offline, and the Office of the Information and Privacy Commissioner of British Colombia is investigating.

Not the First Time 

Just a few days before this breach came to light, Ottawa’s biggest dispensary chain exposed customer email addresses. Magna Terra Health Services fired the employee who sent an email containing 470 medical cannabis customers’ email addresses. But this time, Canadians from several provinces are effected and the damage [...]

Share

Vendor Vulnerabilities: Is NSA Obligated to Let them Know?

Cisco’s Cloud Service Platform customers received word of exposures that could severely risk their data’s privacy. In September 2016, Cisco informed their virtual networking clients of the discovery that more than 840,000 devices are open to two serious vulnerabilities. Fortinet customers’ data were also exposed in the theft. These exploits can lead to man in the middle attacks around the globe.

Shadow Brokers 

A group identifying itself as Shadow Brokers allegedly stole exploits from Equation Group, linked to the National Security Agency three years ago. Using a Twitter account, Shadow Brokers recently announced an auction for firewall exploits they claim they found with a hacking tool used by the NSA. The group demanded Bitcoins in exchange for data with codenames such as EPICBANANA, EGREGIOUSBLUNDER, AND EXTRABACON.

EXTRABACON

One of the exploits that targets Cisco ASA, Cisco Firewall Services [...]

Share

Privacy Shield

The ways American companies and the United States government can collect, process, transfer, and store European citizens’ private data are changing. In 2015, European Union courts invalidated the US/EU privacy “Safe Harbor,” invalidating the decade-old information sharing agreement. American businesses, European citizens, and privacy advocates all over the globe have closely watched the development of Safe Harbor’s replacement policy. In the summer of 2016, Privacy Shield came to fruition and is enforced as of August 2016. This article takes a look at what Privacy Shield is and how it came to be.

Safe Harbor

Unlike in Europe, the United States does not [...]

Share

Data Obfuscation: Proceed with Caution

There are many methods of guarding private data, and oftentimes companies still need to preserve the data’s utility while doing so. This is especially crucial for enterprises that process data for business without the complexity and time it takes for cryptographics. IT professionals should be aware, in hiding data from view, they may be creating a completely different set of problems.

Data masking and obfuscation allow some parts of sensitive data to remain seen while hiding the entire value. The most widely seen use of masking shortens a Social Security number to the last four digits. Masking also takes place when [...]

Share

Privacy and Pokémon Go App

Pikachu has the ability to take a peek at you. Just days after its release, the app had more users than Facebook, Snapchat, and Tinder, and boosted Nintendo’s market value by $7.5 billion with shares up 120%. The game isn’t without controversies: the game contributed to an armed robbery, reckless driving, and pedestrian carelessness. But privacy concerns are grabbing the headlines. It turns out, the game has an incredibly broad access to user data which far exceeds what’s needed to play the game. Are Pokémon players getting played?

A Pokémon Primer

The wildly popular game which launched in July 2016, puts users [...]

Share