Advocate (Dr.) Prashant Mali's Blog

Brexit effect on UK  data protection Laws & GDPR The UK is coming to the end of the Brexit transition period with a resolution on the future relationship with the EU seemingly very far away. While a wide-ranging deal seems increasingly unlikely, it is still possible we will get a number of hastily organised last-minute sectoral agreements and in many ways, data protection would be a prime candidate for this kind of deal given that the UK has already made provision to continue with the current regime, at least in the short term. If, however, no deal is forthcoming, the UK will become a third country for GDPR purposes on 1 January 2021 (implementation day or ID). What does that mean? The UK data protection regime from 1 January 2021 The UK has made preparations to adopt the GDPR to work as a piece of UK legislation in conjunction with the Data Protection Act 2018 (DPA18). The  draft Data Protection, Privacy and Electronic Communications (Amendment etc.) (EU Exit) Regulations 2019  wi

  CCPA Cases 2020  Atkinson et al v. Minted, Inc. , No. 3:20-cv-03869 (N.D. Cal.) Date Filed: June 11, 2020 Cause of Action / Trigger of Claim Suit against Minted.com arising out of an April 2020 data breach that resulted in the exfiltration of 73.2 million records that included passwords, names, email addresses, and other information. Complaint alleges a violation of § 1798.150 by defendant’s failure to prevent the unauthorized access and exfiltration, theft, or disclosure of class members’ non-encrypted PII. Claims for Relief Plaintiffs and class members seek injunctive or other equitable relief to ensure the defendant safeguards customers’ PII in the future. Plaintiffs will also seek statutory damages if the defendant “cannot cure the data breach within 30 days.” Status Pleadings Alma Fidela Cercas et al v. Ambry Genetics Corp. , No. 8:20-cv-00791 (C.D. Cal.) Date Filed: April 27, 2020 Cause of Action / Trigger of Claim Suit against a clinical genomic diagnostic company arising out

 Cyber Security Threats in Online Schooling and Colleging With all the talk about washing hands, students need to also think about how to practise good cyber hygiene using encryption, VPNs, software updates and password management. Software that takes over a device can expose the user to spyware, malware or data exfiltration that can compromise health and personal information, or academic research and intellectual property in a competitive field. With more teachers and students online, particularly if they’re doing it from less controlled environments outside of the school, the attack surface of the school community is increased, Schools and Universities tend to be quite careful about doing intrusion detection, and putting up fairly sophisticated access controls. Threat from Zoom Video meetings Video-teleconferencing platform Zoom has security and privacy issues, prompting Indian Government and later even New York’s Department of Education to ban its use as a digital classroom, Singapo

Digital Wallets unawareness and greed  have created an enabling environment for fraud, the explosion of smartphones with internet and multiple modes of payment through apps. While there is enough protection built into UPI and card payments, fraudsters use various tricks to get users to part with critical information.  Methods used by tricksters range from payment requests made on the Unified Payments Interface (UPI) to sharing of QR codes on WhatsApp. Here are some common ones doing the rounds. 1.  Pre approved link fraud Fraudsters misuse the request feature on UPI by sending fake payment requests with messages like ‘Enter your UPI PIN to receive money, “Payment successful receive Rs. xxx” etc. You need to enter PIN only for sending money. Do not:  'Pay' or enter your UPI pin to receive money. 2. QR Code Fraud Fraudsters share a QR code over WhatsApp asking for the code to be scanned to receive money in their account. This QR code, a feature in some UPI apps, is in fact a col

Strategic Cybersecurity Thinking The ability to come up with effective plans in line with an organization's objectives within a particular cybersecurity situation. Strategic thinking helps cybersecurity managers review policy issues, perform long term planning, set goals and determine priorities, and identify potential risks and opportunities. Clearly, there needs to be a clear strategy as to what needs  to be done with respect to security. Such a strategy should determine the policies and  procedures. However in practice rarely a strategy for security is created. Most emphasis  is placed on policies, implementation of which is generally relegated to the lowest levels.  Rather it is assumed that most people will follow the policy that is created.  A strategic cybersecurity programme does not begin with tools and tactics, but with an articulation of one or more programme goals. Sun Tzu once said in The Art of War: “If you know the enemy and know yourself, you need not fear the resul