Macay Fischer discusses the wake of the 2021 hack of Facebook user data, which highlighted yet again how critical it is that a massive public company like Facebook requires robust risk management practices integrated through all levels of the business. The author identifies potential risk mitigation opportunities—including increasing the effectiveness of existing internal controls—that Facebook could implement going forward to reduce its risks in these areas.
Read MoreData Security
GDPR Enforcement and Google’s €50 Million Fine
Alex Osuch discusses the enforcement of the European Union’s (EU) General Data Protection Regulation (GDPR). This paper specifically looks at the case of Google incurring a record-setting €50 million fine from CNIL, the French Data Protection Authority, for failing to properly acquire consumer consent during the Android phone activation process. The implications of this ruling suggest thorny design issues with which all information organizations operating within the EU must contend.
Read MorePrivacy and Security: The Largest Data Breach in the History of the Internet
Dominik Żmuda discusses the risks and fallout associated with Yahoo announcing in September 2016 that in late 2014, data associated with more than 500 million user accounts had been stolen. Virtually all possible events associated with risk exposure arose from the biggest data breach in the history of the Internet.
Read MoreAshley Madison and Managing a Risky Business
Kevin Rawls discusses some of the heightened levels of internal and external risks faced by a business that operates in a legally sound but morally compromised space.The website AshleyMadison.com is a now notorious website built around enabling married people to have extramarital affairs, that in 2015 experienced a very severe data breach of its customers’ data.
Read More