Hi all,
Just happened: "Login details exposed online due to Elsevier data breach" as published yesterday in our university magazinehttps://www.erasmusmagazine.nl/en/2019/03/21/login-details-exposed-online-due-to-elsevier-data-breach/?noredirect=en_US.
A few hours later, library director comes to me: Do we exchange personal information to Elsevier? Hmm, IP address based: No. Also SSO: [check] only pseudo identifier. Answer: No, non PII.
One hour later, email from DPO: Please explain what do we exchange to Elsevier? Blabla, transient identifier bla bla... "Alright, great!"
We happy, but Elsevier should be happy too! (about us at least;)
Conclusion: Security is an important topic in our recommendations too...
Have a good weekend! Jos
Thanks for this Jos; good point.
Have a nice weekend too! V.
From: FIM4L [mailto:fim4l-bounces@lists.daasi.de] On Behalf Of Jos Westerbeke Sent: vrijdag 22 maart 2019 14:16 To: fim4l@lists.daasi.de Subject: [Fim4l] security example
Hi all,
Just happened: "Login details exposed online due to Elsevier data breach" as published yesterday in our university magazinehttps://www.erasmusmagazine.nl/en/2019/03/21/login-details-exposed-online-due-to-elsevier-data-breach/?noredirect=en_US.
A few hours later, library director comes to me: Do we exchange personal information to Elsevier? Hmm, IP address based: No. Also SSO: [check] only pseudo identifier. Answer: No, non PII.
One hour later, email from DPO: Please explain what do we exchange to Elsevier? Blabla, transient identifier bla bla... "Alright, great!"
We happy, but Elsevier should be happy too! (about us at least;)
Conclusion: Security is an important topic in our recommendations too...
Have a good weekend! Jos
* Jos Westerbeke jos.westerbeke@eur.nl [2019-03-22 14:15]:
A few hours later, library director comes to me: Do we exchange personal information to Elsevier? Hmm, IP address based: No. Also SSO: [check] only pseudo identifier. Answer: No, non PII.
You may consider this a technicality but note that under GDPR *both* will be considered PII: The IP-address as well as any pseudonymous identifiers, see GDPR recital 26 or Mourby, Mackey, et al. https://doi.org/10.1016/j.clsr.2018.01.002 for a deep-dive.
-peter
Teilnehmer (3)
-
Jos Westerbeke -
Peter Schober -
Vasso Kalaitzi