55 stories
·
1 follower

Why Software Won’t Eat The World

1 Share
Make no mistake. The future will not be digital. The truth is that we still live in a world of atoms, not bits and most of the value is created by making things we live in, wear, eat and ride in....

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]
Read the whole story
Share this story
Delete

Does God ever really forget us? An investigation into the right to be erased and freedom of religion

1 Share

Countless Belgians have been baptised during their childhood, yet every year around a thousand Belgian citizens decide to annul their membership to the catholic church. Many have thus found their way to the annulment of their religious membership. However, can you also demand to be completely erased from God’s memory and parish registers relying on Article 17 GDPR? This is the question to which this blogpost aims to formulate an answer.

Model withdrawal form

To leave the catholic church is easy. All you need to do is fill in a model withdrawal form and send it to the diocese of the place where you were baptised. As effortless as this seems though, God does not forget about us easily. Those who were baptised in the catholic church received a so-called ‘indelible spiritual mark’ on their soul. Strictly speaking, you cannot really leave the church because baptism is a sacrament that cannot be undone. But then what does it mean to leave the church if you cannot undo your baptism?

Annotation next to your name

If you expressed the wish to cancel your membership, the diocese will make an annotation next to your name in the parish register. Religious disaffiliation is thus nothing more than a personal and symbolic act as you will not get erased from parish registers. However, didn’t Article 17 GDPR introduce the right to erasure?

The catholic church, subject to the worldly powers of the GDPR

It should be observed from the outset that religious organisations do not benefit from a specific exclusion of EU data protection law. Although the GDPR exempts ‘purely or household activities’, the Court of Justice of the European Union (‘CJEU’) made very clear in Jehovan Todistajat, as well as in Lindqvist, that this exemption will not apply to the processing activities conducted by religious organisations. Thus, the catholic church is bound by the GDPR and can be held accountable for how it handles personal information.

General prohibition of processing special categories of personal data

The personal data processed for the accomplishment of the baptism sacrament, and later enclosed in parish registers, concern sensitive personal data. Being qualified as such, the processing of personal data revealing religious beliefs is prohibited in general unless one of the exceptions applies.

In this vein, Article 9 GDPR allows churches and other bodies with a ‘religious aim’ to process sensitive data provided it meets a few criteria. The processing of the data needs to be (i) in the course of its legitimate activities, (ii) with appropriate safeguards, (iii) on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and (iv) on condition that the data are not disclosed outside that body without the consent of the data subject.

Consent as the legal basis for processing

As the sacrament of baptism constitutes the act of admitting a person into the Christian church, it is often performed on young children and, because of their young age, they will not be able to give any informed consent. Therefore, parents need to complete a consent form for the processing of these data.

Nevertheless, one must conclude from this that the legal ground on which the processing relies, is consent as described by Article 6(1)(a) GDPR.

The right to erasure from parish registers

Because the processing of the personal data at hand relies on consent as a legal basis, one should be able to rely on Article 17 GDPR to ask for the erasure of the data concerning him or her. The consent form to be signed by the parents indicates as its purpose that it is necessary to be able to perform the sacrament of baptism, first communion, and confirmation. Because people leaving church revoke their consent and undoubtedly have no interest in undergoing other sacraments, they should in principle have the right to obtain from the catholic church the erasure of all their personal data.

The reaction of the church

Before the entry into force of the GDPR, the catholic church in Belgium stated in a FAQ that it could not be said what the right to erasure would mean in practice for the catholic church. However, when specifically asked for a reaction, the Belgian Catholic church responds by first stressing out their constitutionally protected freedom of religion.

Indeed, the right to data protection is not absolute. Most interestingly in this regard, is that the church indicates that the erasure of information enclosed in the parish register can be criminally prosecuted according to canon law. As opposed to the situation in the case of Jehovan Todistajat, in which the door-to-door proselytizing was in no way prevented by making it subject to the GDPR, to grant of a right to erasure concerning parish registers could hamper the catholic church from organising its religion.

Conclusion

To force the catholic church to grant a right to erasure could bring to the surface the interesting question whether, in this specific situation, the exercise of data protection rights amounts to an intolerable interference with the freedom of religion. One could call into question the necessity of applying the strict requirements under the GDPR and the consequences of doing so for the freedom of religion.

On the other hand, one may wonder if it is fair to not grant persons the right to erasure because of a religious law to which they cannot be bound and does not fulfill the requirement of foreseeability. Especially considering the sensitive character of the data at hand and the fact that they often did not consent themselves to the processing, but their parents.

It thus boils down to a balancing exercise between two fundamental rights, and we will have to wait for an action by an individual brought to a DPA to truly know what outcome this balancing exercise will bring.

The post Does God ever really forget us? An investigation into the right to be erased and freedom of religion appeared first on CITIP blog.

Read the whole story
Share this story
Delete

Mijn themawoord voor 2020

1 Share

Mijn themawoord voor 2020 wordt focus. Het ligt dicht bij aandacht en mindfullnes en dat wil het ook zijn: bewust kiezen waar mijn focus (doel) ligt.

Het bericht Mijn themawoord voor 2020 verscheen eerst op De Wereld van Kaat.

Read the whole story
Share this story
Delete

The Passing of a Rock Legend: Neil Peart Succumbs to Cancer at Age 67

1 Share
The Passing of a Rock Legend: Neil Peart Succumbs to Cancer at Age 67It is with profound sadness that we report the untimely passing of Neil Peart. Neil passed away on Tuesday, January 7th after a three and a half year battle with cancer.

The band made the following official statement earlier today:
It is with broken hearts and the deepest sadness that we must share the terrible news that on Tuesday our friend, soul brother and band mate of over 45 years, Neil, has lost his incredibly brave three and a half year battle with brain cancer (Glioblastoma). We ask that friends, fans, and media alike understandably respect the family’s need for privacy and peace at this extremely painful and difficult time. Those wishing to express their condolences can choose a cancer research group or charity of their choice and make a donation in Neil Peart's name.

Rest in peace brother.

Neil Peart September 12, 1952 - January 7, 2020
It is hard to fathom the enormous loss Neil's passing presents to the world of music and to the legions of Rush fans the world over. He made his mark in his short time on this earth, and he will not be soon forgotten.

Rest in Peace, Neil. Thank you for a lifetime of music that will span the ages.
Read the whole story
Share this story
Delete

Neil Peart dies of brain cancer

1 Share

"Suddenly, you were gone
From all the lives you left your mark upon"
Never were those words more true than today, when we learned of the shocking passing of Neil Peart this past Tuesday, January 7th, after a three and a half year battle with brain cancer (Glioblastom).  Always fiercely private, he kept his illness a secret to all but a few.  In one of life's ultimate cruelties ("The Stars Look Down" indeed), Neil retired from drumming in 2015 only to be diagnosed with cancer a year later.  He leaves behind his wife Carrie and daughter Olivia.   Here's a collection of news items announcing his death and those that have come out to pay tribute to his loss.
Read the whole story
Share this story
Delete

5 Strategies Healthcare Providers Are Using To Secure Networks

1 Share

5 Strategies Healthcare Providers Are Using To Secure Networks

  • Healthcare records are bestsellers on the Dark Web, ranging in price from $250 to over $1,000 per record.
  • The growing, profitable market for Protected Health Information (PHI) is attracting sophisticated cybercriminal syndicates, several of which are state-sponsored.
  •  Medical fraud is slower to detect and notify, unlike financial fraud (ex. stolen credit cards), contributing to its popularity with cybercriminals globally.
  • Cybercriminals prefer PHI data because it’s easy to sell and contains information that is harder to cancel or secure once stolen. Examples include insurance policy numbers, medical diagnoses, Social Security Numbers (SSNs), credit card, checking and savings account numbers.

These and many other insights into why healthcare provider networks are facing a cybersecurity crisis are from the recently declassified U.S. Department of Health & Human Services HC3 Intelligence Briefing Update Dark Web PHI (Protected Health Information) Marketplace presented April 11th of this year. You can download a copy of the slides here (PDF, 13 pp, no opt-in). The briefing provides a glimpse into how the dark web values the “freshness’ of healthcare data and the ease of obtaining elderly patient records, skewing stolen identities to children, and elderly patients. Protenus found that the single largest healthcare breach this year involves 20 million patent records stolen from a medical collections agency. The breach was discovered after the records were found for sale on the dark web. Please see their 2019 Mid-Year Breach Barometer Report (opt-in required) for an analysis of 240 of the reported 285 breach incidents affecting 31,611,235 patient records in the first six months of this year. Cybercriminals capitalize on medical records to drive one or more of the following strategies as defined by the HC3 Intelligence Briefing:

5 Strategies Healthcare Providers Are Using To Secure Networks

SOURCE: HEALTH & HUMAN SERVICES HC3 INTELLIGENCE BRIEFING UPDATE DARK WEB PHI (PROTECTED HEALTH INFORMATION) MARKETPLACE

Stopping A Breach Can Avert A HIPAA Meltdown

To stay in business, healthcare providers need to stay in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA provides data privacy and security provisions for safeguarding medical information. Staying in compliance with HIPAA can be a challenge given how mobile healthcare provider workforces are, and the variety of mobile devices they use to complete tasks today. 33% of healthcare employees are working outside of the office at least once a week. And with government incentives for decentralized care expected to expand mobile workforces industry-wide, this figure is expected to increase significantly. Health & Human Services provides a Breach Portal that lists all cases under investigation today. The Portal reflects the severity of healthcare providers’ cybersecurity crisis. Over 39 million medical records have been compromised this year alone, according to HHS’ records from over 340 different healthcare providers. Factoring in the costs of HIPAA fines that can range from $25,000 to $15.M per year, it’s clear that healthcare providers need to have endpoint security on their roadmaps now to avert the high costs of HIPAA non-compliance fines.

Securing endpoints across their healthcare provider networks is one of the most challenging ongoing initiatives any Chief Information Security Officer (CISO) for a healthcare provider has today. 39% of healthcare security incidents are caused by stolen or misplaced endpoints. CISOs are balancing the need their workforces have for greater device agility with the need for stronger endpoint security. CISOs are solving this paradox by taking an adaptive approach to endpoint security that capitalizes on strong asset management. “Keeping machines up to date is an IT management job, but it’s a security outcome. Knowing what devices should be on my network is an IT management problem, but it has a security outcome. And knowing what’s going on and what processes are running and what are consuming network bandwidth is an IT management problem, but it’s a security outcome “, said Nicko van Someren, Ph.D. and Chief Technology Officer at Absolute Software.

5 Strategies for Healthcare Providers Are Using To Secure Networks

Thwarting breaches to protect patients’ valuable personal health information starts with an adaptive, strong endpoint strategy. The following are five proven strategies for protecting endpoints, assuring HIPAA compliance in the process:

  1. Implementing an adaptive IT asset management program delivers endpoint security at scale. Healthcare providers prioritizing IT asset management control and visibility can better protect every endpoint on their network. Advanced features including real-time asset management to locate and secure devices, geolocation fencing so devices can only be used in a specific area and device freeze options are very effective for securing endpoints. Healthcare providers are relying more and more on remote data delete as well. The purpose of this feature is to wipe lost or stolen devices within seconds.
  2.  Improve security and IT operations with faster discovery and remediation across all endpoints. Implement strategies that enable greater remediation and resilience of every endpoint. Healthcare providers are having success with this strategy, relying on IT asset management to scale remediation and resilience to every endpoint device. Absolute’s Persistence technology is a leader in this area by providing scalable, secure endpoint resiliency. Absolute also has a proven track record of providing self-healing endpoints extending their patented firmware-embedded Persistence technology that can self-heal applications on compatible endpoint devices.
  3. Design in HIPAA & HITECH compliance and reporting to each endpoint from the first pilot. Any endpoint security strategy needs to build in ongoing compliance checks and automated reports that are audit-ready. It also needs to be able to probe for violations across all endpoints. Advanced endpoint security platforms are capable of validating patient data integrity with self-healing endpoint security. All of these factors add up to reduce time to prepare audits with ongoing compliance checks across your endpoint population.
  4. A layered security strategy that includes real-time endpoint orchestration needs to anchor any healthcare network merger or acquisition, ensuring patient data continues to be protected. Private Equity (PE) firms continue acquiring providers to create healthcare networks that open up new markets. The best breach prevention, especially in merged or acquired healthcare networks, is a comprehensive layered defense strategy that spans endpoints and networks. If one of the layers fails, there are other layers in place to ensure your organization remains protected. Healthcare providers’ success with layered security models is predicated on how successful they are achieving endpoint resiliency. Absolute’s technology is embedded in the core of laptops and other devices at the factory. Once activated, it provides healthcare providers with a reliable two-way connection so they can manage mobility, investigate potential threats, and take action if a security incident occurs.
  5. Endpoint security needs to be tamper-proof at the operating system level on the device yet still provides IT and cybersecurity teams with device visibility and access to modify protections. Healthcare providers need an endpoint visibility and control platform that provides a persistent, self-healing connection between IT, security teams, and every device, whether it is active on the network or not. Every identity is a new security perimeter. Healthcare providers’ endpoint platforms need to be able to secure all devices across different platforms, automate endpoint hygiene, speed incident detection, remediation, and reduce IT asset loss by being able to self-diagnose and repair endpoint devices on real-time.


Read the whole story
Share this story
Delete
Next Page of Stories