[OSX-Users] OSX upgrade warning

Fri Sep 23 12:19:22 BST 2016

Hi Christopher

It was good to meet you earlier and outline the risks you and your associates are potentially running at.

By way of illustration there are a few links below where the Information Commissioners office has levied financial penalties and not even the Police nor Crown Prosecution Services are given any leniency.

Please note the £100,000 fine is per incident.

https://ico.org.uk/action-weve-taken/enforcement/the-crown-prosecution-service/

However that is relatively small to the forthcoming GDPR regulations where a 20 million Euro fine or 4% of global turnover for UoS whichever is the larger.

[cid:image001.png at 01D21593.A9C60B30]

[cid:image002.png at 01D21593.FD267EE0]

[cid:image003.png at 01D21594.8544FE00]

Kevin Shaw

Head of Information Security

-----Original Message-----
From: Christopher Gutteridge [mailto:cjg at ecs.soton.ac.uk]
Sent: 23 September 2016 11:38
To: List for users of Mac OS X <osx-users at ecs.soton.ac.uk>; Shaw K.C. <K.C.Shaw at soton.ac.uk>
Subject: Re: [OSX-Users] OSX upgrade warning

Hi. I've been to talk to Kevin Shaw who's responsible for iSolutions security and data protection.

We're going to try to put together some guidelines but the quick take homes were:

Office365 is far better for data protection than most other cloud solutions.

When new rules come into force, the maximum fine to the organisation will be 5% of our turnover. We are around a £550m/year business...

One thing I'd not really internalised before: In addition to fines for the organisation, those responsible can be prosecuted personally which can result in a criminal record and a maximum fine of £100,000. Eeep.

(I believe I've got these facts right, but I'll cc him to double check)

Hopefully we can produce some guidance which is reasonable to follow without absorbing huge tomes of detail, and a list of services which are recommended.

On 22/09/2016 09:48, Christopher Gutteridge wrote:

> I've written to the security manager in iSolutions. His usual approach

> is that for non legally protected data, like research etc, he'll help

> you understand the risk and you can make a choice. However with

> personal data he's (rightly) much more strict.

>

> I've asked if there's a recommended easy-to-consume page about good

> practice and any services that are recommended or that we should avoid.

>

> My current understanding is that we shouldn't send people's personal

> data to countries which do not have suitable data-protection laws.

> There are exceptions if a specific company complies to rules, but just

> shoving stuff in the cloud is reckless when it could cause harm if

> leaked.

>

> Something to think about; would you be happy with the NHS casually

> using dropbox to move patient records?

> --

Christopher Gutteridge -- http://users.ecs.soton.ac.uk/cjg

University of Southampton Open Data Service: http://data.southampton.ac.uk/ You should read our Web & Data Innovation blog: http://blogs.ecs.soton.ac.uk/webteam/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/osx-users/attachments/20160923/61541d2b/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 38492 bytes
Desc: image001.png
Url : http://mailman.ecs.soton.ac.uk/pipermail/osx-users/attachments/20160923/61541d2b/attachment-0003.png 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 34142 bytes
Desc: image002.png
Url : http://mailman.ecs.soton.ac.uk/pipermail/osx-users/attachments/20160923/61541d2b/attachment-0004.png 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 36181 bytes
Desc: image003.png
Url : http://mailman.ecs.soton.ac.uk/pipermail/osx-users/attachments/20160923/61541d2b/attachment-0005.png 