Conformitas Consulting

09/08/2021

Non-Conformities https://www.hkwriskmanagement.co.uk/other-interesting-information/part-2-uh-uh-we-found-a-non-conformance/
Good advice from Helen on steps to take when you have found a non-conformity

Now you’ve found a non-conformance, what do you do next?

17/02/2021

Scammers and Phishing: In the last few days I've had an automated call from 'HMRC' and emails about a new OneDrive file I need to open/download. Hung on up on the first - HMRC will send me a letter if they need to - and did not respond, blocked and deleted the emails.

You know how to spot these. Do your employees/colleagues know? Do your friends and family know?

What to do:
- take a look at the many items about phishing from the National Cyber Security Centre (NCSC) https://www.ncsc.gov.uk
- keep informed. Keep an eye on the NCSC news items and sign up to the newsletter for your local Police Regional Cyber Crime Unit.

If you need further detailed assistance we can put you in touch with one of our partners to help.

27/01/2021

It’s disgusting - please be extra cautious - question everything

You’ve probably heard about the scams that are happening around anti-virus injections. It is totally despicable that anyone would use the pandemic as a means to gain bank details and other personal details. But there are scumbags who are doing just that.

You’ve got a letter inviting you to book an injection: ring up to double check. Especially if you’re not in the groups that the government are targeting.

You get a text or email inviting you for an injection: Same as above but you can also check on the email address or number that the invite was sent from .

Train/discuss with everyone who works in your business in how to spot such emails, texts or letters. Ensure you also share with your family and other loved ones.

Be a cynic. Be extra cautious. Question everything.

Please

09/01/2021

"The Treaty agreed with the EU will allow personal data to flow freely from the EU to the UK, until adequacy decisions have been adopted."
So, what is this ‘adequacy decision’? At a very high level, it is the European Commission deciding which country has data protection legislation in place that is at least close to the EU data protection legislation. As in do they offer an adequate level of data protection. There aren’t many countries on the list. At the time of writing there are 12. The UK are hoping to be added within the next four months.

How the EU determines if a non-EU country has an adequate level of data protection.

07/01/2021

29/12/2020

Extended period for personal data flows with the EU.
From the ICO statement "The Treaty agreed with the EU will allow personal data to flow freely from the EU (and EEA) to the UK, until adequacy decisions have been adopted."
As the ICO states, this is specified as being for no more than six months.
Hopefully the decision around adequacy will be agreed within that time. As with other Brexit related deadlines it'll probably be either close to the wire or the deadline will be extended.
https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/12/ico-statement-in-response-to-uk-governments-announcement-on-the-extended-period-for-personal-data-flows-that-will-allow-time-to-complete-the-adequacy-process/?fbclid=IwAR0SlVij8ZVw5Tw1x8pbFe2XFqWfNnzmE8yAi2MrrsGD5_OVJMWB9nvdu20

The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

04/12/2020

ICO gave a webinar this morning on data flowing post the end of the UK's transition out of the EU this morning. You can watch the recording here: https://www.youtube.com/watch?v=zJeSnV2HXTI&feature=youtu.be
Lots to do for many companies.

23/10/2020

Updated guidance from the ICO around data subject access requests - DSARs - https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/10/blog-simplifying-subject-access-requests-new-detailed-sars-guidance/
which includes that you can 'stop the clock' for the period it takes to get clarification around the request

The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

17/07/2020

Do you refer to the US-EU Privacy Shield, or have a contract in place that mentions it?
Transfer of personal data with a US company cannot now rely on the US-EU Privacy Shield. Look up Shrem II if you want the full details.
Check what you say in your privacy notice/policies various and any contracts. You will need to amend and also look at getting other clauses in contracts around transfer and storage of personal data.
I hope you don't - as it predates the Privacy Shield - but do also check if you have any mention of Safe Harbor.

16/07/2020

Twitter hacked is headline news today.
What should you do?
If you missed it: many 'major' Twitter accounts were used by the hackers to post requests for money. Sadly a number of people have fallen for it and parted with money that will not be going to the causes they thought it would.
Two key things:
1) Double or even triple check any request for money (bitcoin or otherwise). Is it from someone you know? Give them a call if it is.
2) This is similar: don't respond to an email or other electronic communication around access to systems from your boss or someone else within your company without double checking with them. The current thinking is that this was how the Twitter accounts were accessed

29/06/2020

If you get an email saying "You received a Zoom meeting invitation" delete it.

Nasty folk making the most of the rise in popularity of use of Zoom.

If you made the mistake on clicking on it then I have many great IT folk I can put you in touch with to undo whatever damage has been done, seen or unseen.

27/04/2020

160,000 Nintendo accounts 'illegally accessed'. If you are a Nintendo user then according to https://www.businessinsider.com/nintendo-switch-account-breach-impact-2020-4?r=US&IR=T you will have been alerted about this via a request to reset your password. They also recommend turning on two factor authentication.
Turning on two factor authentication is always a good thing.

Got a Nintendo Switch console? Did you use your old Nintendo 3DS or Wii U login with it? Beware: Some Switch accounts are getting hacked.