G Suite/Gmail gives an error when trying to authenticate your Office 365 email account.
Email used to be relatively simple in days of yore - configure POP3 or IMAP settings in pretty much any email client and you were good to go.
Things are a bit more complicated for many of us these days - there SPF and DKIM and DMARC to think about, two-factor authentication, encryption, SSL and TLS, different port numbers to configure etc.
Those of us who manage several domains and tenancies in Office 365 and G Suite and who have various email accounts bouncing around through forwards and collections from different email client can end up with a complex set of configurations that needs careful management not to fall apart!
Today's issue will be a relatively common scenario for many users.
Server returned an error: "334 VXNlcm5hbWU6 334 UGFzc3dvcmQ6 535 5.7.3 Authentication unsuccessful [AM6PR0402CA0015.eurprd04.prod.outlook.com] , code: 535"
The scenario is simply this: a G Suite Gmail account is configured to collect email and 'send as' from an Office 365 email account.
This was a working configuration and the password hasn't been changed recently. Logging on to Outlook online works ok.
First stop will be to check service health on the admin portal of the 365 account.
There is an Exchange Online advisory showing, but this appears to relate to accessing archive mailboxes rather than the email transport service or the Exchange Server as a whole. Since the online Outlook account tests ok sending and receiving, it looks like the 365 email service is working ok.
Next place to look will be Azure AD. I know some of the team had been testing some Multi Factor Authentication (MFA) configurations with Office 365 and Azure AD, so this is the most likely source of the problem.
To check if this was the source of the problem, we simply turned off MFA for the affected user. Since this change was being made online, the best thing now is to have a cuppa while you wait for it to take effect.
Ten minutes later, we checked the email configuration in G Suite and it validated ok. Problem solved.
Of course, you should be using two-factor authentication, but Microsoft does not recommend doing this for admin accounts (because of the difficulty of using MFA with PowerShell).
When using browser-based logons, two-factor authentication works well, but it becomes a bit trickier when using desktop applications like Outlook and Skype, where additional application passwords have to be generated.
It likely won't be long before biometric logons and other technologies replace our outdated and insecure passwords, but unfortunately, in the meantime, we'll have to live with them.
Windows 10 - Blue Screens haven't gone away...
It's been a while since we've seen the dreaded Windows 10 Blue Screen, but sadly these haven't gone away.
Often Windows blue screens would be associated with hardware changes or driver updates. This one happened a couple times this morning on a previously stable machine that hasn't had any hardware changes in some time, so we're presuming this one will down to a Windows update.
This is a Hewlett Packard machine running Windows 10 Pro 64-bit - it's a couple of years old with a reasonable spec (Intel Core i5 with 12GB RAM) and has been problem-free so far.
We're on first release for Office 365 updates and the semi-annual release for Windows 10. The HP Support Assistant runs in the background and is configured to install updates automatically.
So far this combination has worked pretty flawlessly.
Other than the odd reboot when Chrome or Edge exhausts memory with too many tabs open this machine hasn't had much in the way of problems.
Those who have worked around PCs for a while will know that current hardware and Windows 10 (in spite of well-publicised recent issues with updates) is much more reliable than even a few years ago.
So much so, in fact, that getting a Blue Screen of Death (BSOD) is something of a novelty these days.
That's not to say that it's not a real pain, but at least we get a bit more of an error message these days... Some of us can still remember having to use a flip camera to video the flash screen with an error on a machine with a terminal BSOD loop then freezing the frame to get the HEX error code to look up!
It would be difficult to get definitive stats on this, but my impression is certainly that much less time is devoted to poking around the registry, updating drivers and especially installing and configuring printers.
There are, of course, still plenty of user issues, security problems and malware/trojan/ransomware issues to deal with, but broken hardware and broken Windows is much less frequent than it used to be.
Often Windows blue screens would be associated with hardware changes or driver updates. This one happened a couple times this morning on a previously stable machine that hasn't had any hardware changes in some time, so we're presuming this one will down to a Windows update.
This is a Hewlett Packard machine running Windows 10 Pro 64-bit - it's a couple of years old with a reasonable spec (Intel Core i5 with 12GB RAM) and has been problem-free so far.
We're on first release for Office 365 updates and the semi-annual release for Windows 10. The HP Support Assistant runs in the background and is configured to install updates automatically.
So far this combination has worked pretty flawlessly.
Other than the odd reboot when Chrome or Edge exhausts memory with too many tabs open this machine hasn't had much in the way of problems.
Those who have worked around PCs for a while will know that current hardware and Windows 10 (in spite of well-publicised recent issues with updates) is much more reliable than even a few years ago.
So much so, in fact, that getting a Blue Screen of Death (BSOD) is something of a novelty these days.
That's not to say that it's not a real pain, but at least we get a bit more of an error message these days... Some of us can still remember having to use a flip camera to video the flash screen with an error on a machine with a terminal BSOD loop then freezing the frame to get the HEX error code to look up!
It would be difficult to get definitive stats on this, but my impression is certainly that much less time is devoted to poking around the registry, updating drivers and especially installing and configuring printers.
There are, of course, still plenty of user issues, security problems and malware/trojan/ransomware issues to deal with, but broken hardware and broken Windows is much less frequent than it used to be.
Google Hire Revisited
At the beginning of the year, we took a look at Google Hire - Google's answer to the recruiting process - an Applicant Tracking System (ATS) that integrates with its existing G Suite tools - Gmail and Calendar - and leverages the power of Google Search to simplify and speed up the recruiting process.
At the time, Google Hire had been released in the US, but not yet in the UK. Now that Hire (and Google Search for Jobs) is available in the UK, we thought it would be time to revisit Hire to see how it is doing and how it fits in the ATS landscape for UK businesses and recruiting agencies.
Some Background
It's no surprise that Google has targeted the recruiting industry - it is big business and they reckon the market just isn't working very well - for job seekers or employers.There are around 160m workers in the US (US Bureau of Labor) and Google reckons at any given time around 5.5 million businesses in the US are hiring.
According to Google, it takes on average 43 days to find a new job and 83% of job seekers rate the recruitment process as poor.
That's a pretty poor indictment on both internal HR recruiting teams and agency recruiters, and if true, the industry has only itself to blame for new competitors entering the market.
What does Google know about Recruiting?
Google is a search company, right? So what do they know about recruiting?Google's stock in trade is data - and anyone who follows Google also knows that they are obsessed with measuring everything they can, and that includes their own hiring processes. From the very beginning, Google has taken a systematic approach to the hiring process, tried different approaches and - most importantly - measured the results. Consequently, Google has refined its recruitment process over the years and you can be pretty sure that what they have arrived at is probably as good as it gets.
With Alphabet (as the Google parent is now known) reporting over 73,000 full-time employees in 2017, they know all the recruiting problems around rapid growth, attracting candidates in very competitive sectors, and dealing with high volumes of poor candidates.
If you want to know more about how Google hires and retains talent, read Laszlo Bock's excellent Work Rules! for the inside story on how Google handles recruitment and the often surprising changes in the recruitment process that have been implemented as a direct result of measuring the outcomes of their hires over many years.
For a quick overview of Google Hire and how it integrates with G Suite, check the video below from 2017 HRTech where Google's Berit Hoffman gives a ten-minute overview of the key features and how Hire supports the recruiting process.
Who is Google Hire for?
Google is targetting companies using G Suite with less than 1000 employees and was initially only made available to companies in the US, although this has been extended to other territories including the United Kingdom.Google recognises that hiring is a real issue for smaller companies with limited HR resources. Lots of time is wasted handling poor quality applications, the qualification and interview management process is inefficient and in-house teams have difficulty sourcing quality candidates in high demand sectors.
Traditional Applicant Tracking Systems (ATS) are often expensive and rarely integrate well with existing email and calendar tools. For hard-pressed HR teams, recruiting is a chore that is often done badly or outsourced to specialist recruitment agencies - with the attendant fees.
Few organisations are likely to switch to G Suite for the sake of getting access to Google Hire, but for companies already using G Suite and with ambitious growth targets, Hire makes a lot of sense. The tight integration with the familiar Gmail and Calendar apps means that there isn't a massive learning curve for either in-house recruiters or hiring managers.
Most organisations can probably take it as read that Google has a better handle on optimal recruiting workflows than they ever will so they can use Hire without too much customisation.
One key benefit is the ease with which jobs can be published to a career site - and all the jobs will be already optimised with the correct markup to appear in Google Search for Jobs.
Another big driver for adoption will be the search features built into the product. Hire appears to use Cloud Job Discovery search and machine learning capabilities. That could turn an average recruiter into a sourcing expert overnight. With an intelligent search of your own candidate database and the internet, even unskilled Hire users will be pretty much as effective as many seasoned recruiters at unearthing those difficult to find candidates.
With Hire showing enriched profiles with dynamic results from Google, LinkedIn, Behance, Facebook, etc., the perennial problem of the out of date data that is the bane of every other ATS virtually goes away.
When you compare the cost of Google Hire to that of a traditional ATS (on a per seat per month model) and throw in some potential savings on recruiting agency fees, there will be a clear business case for many G Suite users to sign up.
What Does it Cost?
Google Hire is priced based on the size of the company by employees (actually on the number of G Suite licenses, but let's assume everyone in the organisation has a G Suite license). For companies up to 100 users, Hire costs £4 per user per month; for larger numbers, you'll be able to negotiate a price with the Google Hire sales team.
In a typical business (i.e. not a recruitment or staffing agency), there probably won't be that many people engaged in recruiting and for smaller companies there likely won't be a constant requirement for recruiting.
However, when you look at the overall cost of the hiring process, setting up and running a career site and the alternative of using agency recruiters and their attendant fees, you wouldn't have to have many vacancies to fill each year to make Google Hire a pretty attractive proposition.
As Google Hire is only available to G Suite users, the target market is already familiar with Gmail and Calendar, so there isn't a great learning curve - and you can bet that Google Hire jobs will rank well in search and they are preconfigured to use the structured data that Google likes so much (and that many agency recruiters have yet to implement - but that's a story for another day).
What About Hire for Agency Recruiters?
What does Google Hire mean for Agency Recruiters? An interesting question that needs to be viewed in the light of Google's wider strategy when it comes to Jobs.When you take Google Hire, Search for Jobs and Cloud Job Discovery together, it's clear that Google wants to be the one that does the matching between candidates and jobs. That means the traditional middlemen - the job boards and the generic recruitment agency - get squeezed.
This won't happen overnight, and specialist recruitment agencies who are acknowledged experts in their niche will continue to thrive. However, Google (and Microsoft - with Dynamics and LinkedIn) do pose a threat to staffing agencies and non-specialist recruiting agencies.
Consider that clients using Google Hire will likely have a better ATS than the typical recruitment agency. They will have a great sourcing tool, effective workflows and can manage the recruitment process without things falling through the cracks. They can quickly and easily publish jobs in a search engine friendly format and they'll have great analytics to see what's working and what's not.
Agencies that want to compete will need to prove their worth in terms of quality of candidates/hires and time to fill.
There will always be a requirement for the human element in the recruiting process, but a lot of the mechanics of sourcing candidates and managing the process of qualification, interviewing, assessment and referencing can be automated. This should be a good thing for a capable recruiter as it reduces the time spent on admin and increases the opportunity for interactions with real people which is where deals are closed and fees are won.
So should an agency consider Google Hire for their next ATS? If you are already a G Suite user, there is a pretty good argument, both in terms of functionality and cost.
By adding Google Hire, you will basically be doubling your G Suite subscription spend, but look at the potential areas for saving:
- Per seat per month cost of your current ATS
- Cost of add-ons like CV Parsing (included in Hire)
- Tools to publish jobs and track responses
- Spend on promoting jobs on your website
- Spend on job boards to get your jobs showing in search
- Video interview/conference costs
- Time spent cleaning and managing your database
If you compare your current spend to a Google Hire license for all your sourcers and consultants, you might find you have a decent sum that could be redeployed to marketing, incentives, web development, events, commissions or just added to the bottom line.
Of course, the system will need some configuration and some user training, but you'll get some help with the migration.
Many agencies will have gone through at least one change of ATS in recent years as vendors have promised extra features and a user-friendly interface, only to discover that their users made no more use of the new ATS than old. The problems were those of poor quality data, poor systems and processes and lack of training.
If this describes your business environment, Google Hire won't solve all your problems, but you will have an ATS backed by a huge tech player that knows how to design a user interface and make tech work.
And - who knows? - Google Hire might be the last time you have to switch to a new ATS!
Who is using it?
When we looked at Google Hire back in January 2018, there were around 7,000 public jobs listed. By the middle of the year that had pretty much doubled and it will have doubled again before the year is out.This pales into insignificance when compared to the millions of jobs listed on Linkedin and the numbers claimed by the major job boards, but Google hasn't exactly been making a song and dance about Google Hire and if you sustain growth rates like they have been achieving, it doesn't take long to hoover up market share.
As you would expect, there are several tech companies on the roster, but other sectors are also embracing Hire. Below (in no particular order) are a few examples of early adopters:
Scality - Object and Cloud storage
CoreOS - Platform for deploying applications inside software containers
Blacksip - Digital consulting and services
Medisas - Healthcare software
Zeroday Partners - Cybersecurity search
Symphony Commerce - Commerce as a Service
Dramafever - Subtitled foreign language movie and TV content provider
Piano - Paywalls for media companies
Parliament of the Worlds Religions - Global Interfaith Movement
CompIQ - Compensation software
Calendly - Intelligent meeting scheduler
AWN Inc - Vehicle warranty claims processing
Heyokha - Talent, Culture and Innovation agency
Housecall Pro - Home services business management software
Reginelli's Pizzerias - Pizzeria chain
Thrive Causemetics - Cosmetics
Blinkist - Non-Fiction book summaries
Solana Recruitment - Recruitment Agency
Mint Dentistry - Multi site dental practice in Texas
Will Google Hire Succeed?
Google has a history of launching products into beta and then abandoning them further down the line if they don't prove profitable or there is a strategic change in direction.
However, Hire makes a huge amount of sense for Google.
- Matching jobs and candidates is a search problem - something that Google is really, really good at.
- It gives Google lots of data - all those jobs, all that search information - and there will surely be an incentive for users to expose some of their database to Google. With enough data, Google will find a way to monetise it.
- Recruitment is a massive market with lots of spend; it makes sense for companies like Google to grab a piece of the action.
- Google wants to compete with Microsoft in the corporate space. Adding line of business applications to complement the basic G Suite apps makes Google a more attractive proposition for larger companies to switch and it also means fast-growing organisations that started on G Suite don't feel they have to move to a 'corporate' platform when they reach a certain size.
- Google has plenty of cash to direct into any market it chooses; we don't expect Google to be messing around with Hire. Once they have the data and feedback from the Beta users, expect to see a really slick product that will have other ATS vendors upping their game or packing up.
There is a Hire app in the G Suite Marketplace, but Google appears a little coy about showing the number of users, which they are happy to do for competing products!
How Can We Try Google Hire?
If you are in the US, Canada or the UK and you are already using G Suite and have fewer than 1000 employees, you can request a trial at the Hire website.If you aren't already using G Suite (formerly known as Google Apps), the best way to get familiar with the product and see if it is a good fit for your business is to sign up for a free G Suite Trial. This will let you try out Gmail, Calendar, Drive (online storage), Hangouts (Video), Docs (word processor), Sheets (spreadsheet), Slides (presentation tool), Forms (surveys and questionnaires) and Sites (simple websites).
If Google Hire is abva to be available in the UK soon, so if you are in the process of looking for a first ATS or planning on changing provider over the coming months, make sure you include Hire in the mix!
Useful Links and Resources
For a deeper dive into Google Hire, the product demo video below goes into a bit more detail and highlights the key features. Runtime around 40mins.Google's official blog announcement of Hire
G Suite Version Feature Comparison
G Suite - Pricing Plans
G Suite Free Trial
Hire Website
Need to Know More About using G Suite in your Business?
If you need to talk to an expert about whether G Suite is right for your business, call +44 (0)1908 605418, email gsuite@tradeit.uk.com or connect on LinkedIn.
I'm Having Issues with Surveys
I don't suppose we should complain about surveys and questionnaires - we've produced quite a few over the years, both for ourselves and for clients.
I've even completed a few over the years - sometimes to help out a company we like or partner with, sometimes to get a copy of the results for a market we have an interest in and sometimes to give feedback.
The most likely reason these days is to give feedback to one of our partners or suppliers on their customer service when we have had occasion to use it. My reasoning is simply this: if the companies we work with provide great customer service, that makes both them and us more competitive, so we both win.
So when Microsoft sent an email asking me to complete a quick survey on a recent support incident, I was happy to take a few minutes to let them know what the experience had been like.
I clicked on the link - not something I would normally do from an email, but we had had a genuine support request and the email contained the correct case number, so if this was a phishing attack, it was a pretty sophisticated one.
Having clicked on the link, I was surprised to see that my security software (Kaspersky) had blocked the site, with the reason 'threat of data loss'
Normally I'd exit there, but a bit of further research indicated that this domain had been used for Microsoft surveys, but there were also reports of other security software blocking the site and even discussion of the securestudies.com 'virus'.
At this point, I moved on to an isolated machine we use to check anything that might be considered 'dodgy', bypassed the security warning and arrived at the following:
This might warrant further research from someone else, but for now I don't know if this was a genuine request from Microsoft with bad links, or a very plausible phishing attempt (that included a genuine, recent Microsoft case number.)
Perhaps the link would have worked in Microsoft Explorer or Edge browsers rather than the Chrome browser that I was using, but by this stage I had neither the time nor the energy to investigate any further.
If it was genuine, and this wasn't an isolated error, I'd guess Microsoft won't be getting much feedback for its customer support - something it badly needs. They also want to look at the reputation of their survey service providers.
If it wasn't a genuine email from Microsoft or one of its partners, they really need to sort out the security of their case numbers.
Maybe the answer for Microsoft would be to use Microsoft Forms embedded on a microsoft.com page. That would solve any security issues and it would give them some valuable information about using one of their own products - so less user feedback required!
BTW, if anyone does want to know about using Power BI in an on-prem environment with SQL Server and SharePoint (the original point the support call), we now have the answers!
If anyone from Microsoft wants to know what their support services are really like, do get in touch - but probably not by email!
I've even completed a few over the years - sometimes to help out a company we like or partner with, sometimes to get a copy of the results for a market we have an interest in and sometimes to give feedback.
The most likely reason these days is to give feedback to one of our partners or suppliers on their customer service when we have had occasion to use it. My reasoning is simply this: if the companies we work with provide great customer service, that makes both them and us more competitive, so we both win.
So when Microsoft sent an email asking me to complete a quick survey on a recent support incident, I was happy to take a few minutes to let them know what the experience had been like.
Normally I'd exit there, but a bit of further research indicated that this domain had been used for Microsoft surveys, but there were also reports of other security software blocking the site and even discussion of the securestudies.com 'virus'.
At this point, I moved on to an isolated machine we use to check anything that might be considered 'dodgy', bypassed the security warning and arrived at the following:
Perhaps the link would have worked in Microsoft Explorer or Edge browsers rather than the Chrome browser that I was using, but by this stage I had neither the time nor the energy to investigate any further.
If it was genuine, and this wasn't an isolated error, I'd guess Microsoft won't be getting much feedback for its customer support - something it badly needs. They also want to look at the reputation of their survey service providers.
If it wasn't a genuine email from Microsoft or one of its partners, they really need to sort out the security of their case numbers.
Maybe the answer for Microsoft would be to use Microsoft Forms embedded on a microsoft.com page. That would solve any security issues and it would give them some valuable information about using one of their own products - so less user feedback required!
BTW, if anyone does want to know about using Power BI in an on-prem environment with SQL Server and SharePoint (the original point the support call), we now have the answers!
If anyone from Microsoft wants to know what their support services are really like, do get in touch - but probably not by email!
GDPR - How will it be regulated in the UK?
With the GDPR implementation date of 25th May rapidly approaching, many organisations are making a last-minute sprint to try to address outstanding compliance issues. You only have to take a look through your inbox to see a raft of messages informing you of updated privacy policies, terms and conditions and requests for consent to remain on email marketing lists (something that should have been standard practice for any marketing department worth its salt).
Fortuitously, the ICO has a draft Regulatory Action Policy out for consultation and this document gives a pretty good indication of how the UK plans to regulate GDPR.
ICO - Draft Regulatory Action Policy Survey
EU - General Data Protection Regulation
ICO - Enforcement Action
ICO - Information Commissioner's Blog
GDPR - Cost of non-compliance
There are already several legal requirements around data privacy and protection which have been largely ignored by many organisations, so why the urgency to comply with at least some aspects of GDPR?
For a start, the potential fines run to €20m or 4% of global turnover, and the GDPR allows for member states to impose criminal penalties for breaches of the regulation. GDPR also incorporates the concept of accountability for Data Controllers and Processors, so compliance with GDPR - and the ability to demonstrate compliance - will be key to avoiding breaches in the first place and minimising penalties if a breach does occur.
What nobody really knows at this stage is how the GDPR will be regulated. Will it be a light touch, with local regulators providing guidance and best practice to help organisations comply with the rules? Or will GDPR be a tool used to extract revenue from organisations - especially the big data giants like Amazon, Apple, Facebook, Google and Microsoft?
In the UK, the Information Commissioners Office (ICO) is the body responsible for regulatory action over breaches of a variety of legislation including the Data Protection Act and the General Data Protection Regulation.
It outlines its objectives and priorities and indicates a hierarchy of regulatory action that will give organisations a pretty good idea of where the ICO will be deploying its resources and what will be required of organisations in the event of an investigation.
From a business perspective, it is encouraging to see that the ICO intends to "create an environment within which, on the one hand, data subjects are protected, while ensuring that, on the other hand, business is able to operate and innovate efficiently in the digital age."
Organisations concerned about the administrative burden of GDPR and the danger of penalties will be pleased to note that the ICO is committed to "ensuring that commercial enterprise is not constrained by red tape, or concern that sanctions will be used disproportionately."
Of course, whatever the intentions of the ICO, it remains to be seen how the legislation will be regulated and enforced in practice - not just in the UK, but across the rest of the EU.
Political and public pressure will be in play, and of course, the legal profession will be seeking opportunities from the raft of data protection and privacy legislation that is being added to the statute books.
In its draft Regulatory Action Policy, the ICO says it will be focussing on the following types of breaches:
1 - Those involving highly sensitive information
2 - Those adversely affecting large groups of individuals
3 - Those impacting vulnerable individuals
Organisations dealing with personal data on a large scale should of course already have good data security processes and privacy measures in place, so compliance with GDPR shouldn't be a particularly onerous additional burden.
Public sector bodies - in particular, those involved with social services and the NHS - may have to up their game and invest additional resources to comply with GDPR and other privacy legislation.
For commercial organisations working within the health sector - either directly or within the supply chain - should prioritise being able to demonstrate GDPR compliance, especially if they expect to be tendering for public sector contracts.
One area that is bound to attract attention from the regulator is any organisation handling personal data of minors - one easily identifiable 'vulnerable' group.
The large social media players are the obvious targets, but anyone involved in the education sector, online gaming, apps targeting children, or any activity that might require handling personal data of minors should be making data privacy a priority if it isn't already.
In addition to the key areas of focus for the regulator, the ICO's Draft Regulatory Action Policy also enumerates their priorities for the coming year, viz.:
1. Large scale data and cybersecurity breaches involving financial or sensitive information
2. AI, big data and automated decision making
3. Web and cross device tracking for marketing (including for political purposes)
4. Privacy impacts for children (including Internet of Things connected toys and social media marketing apps aimed at children)
5. Facial recognition technology applications
6. Credit reference agencies and data broking
7. Use and sharing of law enforcement data, including intelligence systems
8. Right to be forgotten/erasure applications
So at least we have some idea where the ICO will be targeting its resources and which sectors are likely to come under the spotlight.
If your compliance efforts are running behind schedule, just remember that data privacy is an ongoing process - it's not just a case of ticking boxes and producing a few policies to show to a regulator if or when you get hit by a data breach.
Data protection and data privacy are about education and culture as much as policies, procedures and physical security measures.
All the indications are that the ICO will be taking the role of guiding and advising organisations in their GDPR compliance journey. As the Information Commissioner - Elizabeth Denham - said on her official blog:
In addition to the key areas of focus for the regulator, the ICO's Draft Regulatory Action Policy also enumerates their priorities for the coming year, viz.:
1. Large scale data and cybersecurity breaches involving financial or sensitive information
2. AI, big data and automated decision making
3. Web and cross device tracking for marketing (including for political purposes)
4. Privacy impacts for children (including Internet of Things connected toys and social media marketing apps aimed at children)
5. Facial recognition technology applications
6. Credit reference agencies and data broking
7. Use and sharing of law enforcement data, including intelligence systems
8. Right to be forgotten/erasure applications
So at least we have some idea where the ICO will be targeting its resources and which sectors are likely to come under the spotlight.
If your compliance efforts are running behind schedule, just remember that data privacy is an ongoing process - it's not just a case of ticking boxes and producing a few policies to show to a regulator if or when you get hit by a data breach.
Data protection and data privacy are about education and culture as much as policies, procedures and physical security measures.
All the indications are that the ICO will be taking the role of guiding and advising organisations in their GDPR compliance journey. As the Information Commissioner - Elizabeth Denham - said on her official blog:
"...it’s scaremongering to suggest that we’ll be making early examples of organisations for minor infringements or that maximum fines will become the norm.
The ICO’s commitment to guiding, advising and educating organisations about how to comply with the law will not change under the GDPR. We have always preferred the carrot to the stick."
All indications are that if you have a regular business that isn't dealing with sensitive data on a large scale - and isn't playing fast and loose with customer data - you'll have nothing to fear from the GDPR.
Indeed, used properly, your GDPR compliance journey should forge stronger, more trusting - and therefore more profitable - relationships with your customers.
BTW - if, having read the draft Regulatory Action Policy, you'd like to contribute your thoughts on the ICO's plans for regulating GDPR and the other legislation for which it is responsible, you can complete this survey up until 28th June.
Indeed, used properly, your GDPR compliance journey should forge stronger, more trusting - and therefore more profitable - relationships with your customers.
BTW - if, having read the draft Regulatory Action Policy, you'd like to contribute your thoughts on the ICO's plans for regulating GDPR and the other legislation for which it is responsible, you can complete this survey up until 28th June.
Sources & Links
ICO - Draft Regulatory Action PolicyICO - Draft Regulatory Action Policy Survey
EU - General Data Protection Regulation
ICO - Enforcement Action
ICO - Information Commissioner's Blog
GDPR - Cost of non-compliance
GDPR in a Nutshell
As the enforcement deadline of 25th May rapidly approaches, General Data Protection Regulation (GDPR) compliance is a hot topic at many organisations - especially the ones who have left it too late!
While Data Controllers and Data Protection Officers are racing against time to compose policies, run risk assessments and get the legal department to clarify 'legitimate interest', it might be helpful to look at what GDPR actually means from a consumers point of view.
Here's our summary of what GDPR really means for a consumer:
- My personal data belongs to me, not you.
- If I give you permission, you can hold my data on your systems and process it in ways that we have agreed.
- If you want to do anything else with my data, I expect you to ask my permission.
- If you have collected my personal data from a source other than me, I expect you to tell me and ask for my permission to hold it and process it.
- I expect the personal data you hold to be accurate.
- I expect you take measures to ensure my personal data is secure.
- If I ask you what personal data you are holding, I expect you to tell me.
- If I ask you to correct personal data that you are holding - or to delete it - I expect you to comply with my request.
If GDPR compliance means cleaning up your databases, reviewing how you use personal data, beefing up your security procedures and educating your staff about data privacy, how is that a bad thing?
Smart companies will use the GDPR compliance exercise as an opportunity to re-engage with their customers and will sell their data protection measures as a competitive advantage.
Data protection shouldn't be a burden for business, but rather a pre-requisite for doing business at all.
While Data Controllers and Data Protection Officers are racing against time to compose policies, run risk assessments and get the legal department to clarify 'legitimate interest', it might be helpful to look at what GDPR actually means from a consumers point of view.
Here's our summary of what GDPR really means for a consumer:
- My personal data belongs to me, not you.
- If I give you permission, you can hold my data on your systems and process it in ways that we have agreed.
- If you want to do anything else with my data, I expect you to ask my permission.
- If you have collected my personal data from a source other than me, I expect you to tell me and ask for my permission to hold it and process it.
- I expect the personal data you hold to be accurate.
- I expect you take measures to ensure my personal data is secure.
- If I ask you what personal data you are holding, I expect you to tell me.
- If I ask you to correct personal data that you are holding - or to delete it - I expect you to comply with my request.
Is it really that hard?
When you look at the intent of GDPR regulations, is there really anything that a well-run, ethical business would have a problem with?If GDPR compliance means cleaning up your databases, reviewing how you use personal data, beefing up your security procedures and educating your staff about data privacy, how is that a bad thing?
Smart companies will use the GDPR compliance exercise as an opportunity to re-engage with their customers and will sell their data protection measures as a competitive advantage.
Data protection shouldn't be a burden for business, but rather a pre-requisite for doing business at all.
Are you one in a Million?
Facebook has started to notify users who may have had their data shared with Cambridge Analytica.
Whether or not your data was affected comes down to whether you or your Facebook 'friends' used Facebook to log on to the 'This is your Digital Life' website.
According to Facebook, in total, around 87 million users are affected, with approximately 1.1 million in the UK.
All Facebook users will be getting a message similar to the ones below. If you get the one on the right, some of your data may have been shared with Cambridge Analytica.
All Facebook users will be getting a message similar to the ones below. If you get the one on the right, some of your data may have been shared with Cambridge Analytica.
Whether or not your data was affected comes down to whether you or your Facebook 'friends' used Facebook to log on to the 'This is your Digital Life' website.
Check your Settings
All users will get a link to check which apps and websites have access to your Facebook data. If you don't check this periodically, do have a look - you might be surprised at what you find.
No need to wait for the link from Facebook - just go to the settings menu and select 'Apps and Websites' from the menu. If you see anything you don't recognise or don't trust, you can remove it or edit the properties where you can generally amend some of the settings. If you are surprised at what permissions an app has - don't be. It was probably all in the terms and conditions that you didn't read when you clicked the 'agree' box when you signed up.
As a general rule, we always advise clients not to use Facebook, Google or LinkedIn accounts to log in to other services. It might seem convenient that there is one fewer password to remember, but most users have no idea what data they are sharing as a result and where it might end up.
Even you have some basic security practices in place, bear in mind that your Facebook 'friends' may not share your privacy concerns. You have no idea what their privacy settings are like and who they might be sharing your data with.
This won't be the end of the Cambridge Analytica saga. Facebook's disclaimer published with their figures admits, "We do not know precisely what data the app shared with Cambridge Analytica or exactly how many people were impacted.”
There are some other obvious questions that arise from the Cambridge Analytica affair.
"Who else was employing similar techniques to Cambridge Analytica?"
"How long has this been going on?"
"What does Facebook itself do with users data?"
Some users simply won't care that advertisers or political consultants or data analysts have access to their Facebook data.
However many will have concerns over how social media companies are allowing others to access and analyse huge quantities of personal data.
It may not be such a big deal if global brands are paying social media companies to try to manipulate you to switch to their brand of coffee or deodorant or energy drink. But if any organisation, state or individual with the right resources can use personal data from social media to disrupt the democratic process, we should all be worried.
There are some other obvious questions that arise from the Cambridge Analytica affair.
"Who else was employing similar techniques to Cambridge Analytica?"
"How long has this been going on?"
"What does Facebook itself do with users data?"
Does it Really Matter?
Some users simply won't care that advertisers or political consultants or data analysts have access to their Facebook data.
However many will have concerns over how social media companies are allowing others to access and analyse huge quantities of personal data.
It may not be such a big deal if global brands are paying social media companies to try to manipulate you to switch to their brand of coffee or deodorant or energy drink. But if any organisation, state or individual with the right resources can use personal data from social media to disrupt the democratic process, we should all be worried.
It's worth remembering - as the not-so-old saying goes - "If you're not paying for it, you are the product!"
Links
Facebook News Release
Links
Facebook News Release
News - tech news for Business
Roundup of the latest Tech News for businesses...
How secure are your mobile workers?
 |
betanews.com
Over half (57 percent) of organizations suspect their mobile workers have been hacked,
or caused a mobile security issue, in the last 12 months according to a new study. | |
Every business gets legitimate Word documents by email - make sure you are covered for those with nasty surprises...
 |
www.computerweekly.com
Macro-less Word document attacks and zero day malware are on the rise,
according to data from WatchGuard | |
 |
www.geek.com
After a long, hard day at the office, the last thing you want is the boss interrupting your wine-sipping,
binge-watching evening with an urgent email. Which is why New York City Council member … | |
Thought your mobile was safe from viruses and malware? Think again...
 |
www.techadvisor.co.uk
A virus that piggybacks QR code apps and bombards users with ads and notifications has been
downloaded 500,000 times from the Google Play store. Does the QR code virus affect you, and what should you do next? | |
It's World Backup Day at the end of March. We're sure you have a bulletproof backup plan for your business, but there's always room for improvement... Why not schedule a review of your backup and recovery procedures?
|
www.worldbackupday.com
Don't be an April Fool. Backup your files and check your restores on March 31st.
| ||
News
Why does this matter? Acknowledgement of IP and copyright protection means the wild west days of the internet are coming to an end. Make sure you own the rights to use all your content!
http://www.ubergizmo.com/2018/02/google-removed-view-image-button-image-search/?utm_source=mainrss
Just in case you were under any illusions that you still had some privacy online...
http://www.ubergizmo.com/2018/02/google-removed-view-image-button-image-search/?utm_source=mainrss
 |
www.ubergizmo.com
For as long as I can remember, image search on Google had a “View Image” button that opened up the image in a new tab and allowed...
| |
Just in case you were under any illusions that you still had some privacy online...
http://www.huffingtonpost.co.uk/entry/weve-got-some-bad-news-turns-out-googles-incognito-mode-isnt-that-incognito_uk_5a142c99e4b0aa32975dbd46
Are those startup stock options really worth it?
https://www.wired.com/story/unicorns-are-rare-study-suggests-they-should-be-even-rarer/
Data privacy will be a hot topic in 2018 as EU GDPR rules come into force - US tech companies can expect to be targeted!
https://techcrunch.com/2018/02/19/facebooks-tracking-of-non-users-ruled-illegal-again/?ncid=rss
Anyone making traditional car keys? Not for much longer!
 |
www.huffingtonpost.co.uk
A developer for Google’s Chrome browser has finally confirmed some bad news, Incognito Mode on Chrome isn’t actually that Incognito. In fact most browsers who ...https://www.wired.com/story/unicorns-are-rare-study-suggests-they-should-be-even-rarer/
| |
Are those startup stock options really worth it?
https://www.wired.com/story/unicorns-are-rare-study-suggests-they-should-be-even-rarer/
 |
www.wired.com
For startups, achieving unicorn status is a big deal. Companies valued at more than $1 billion look more formidable to competitors, customers, and recruits—and less ...
| |
https://techcrunch.com/2018/02/19/facebooks-tracking-of-non-users-ruled-illegal-again/?ncid=rss
 |
techcrunch.com
Another blow for Facebook in Europe: Judges in Belgium have once again ruled the company broke privacy laws by deploying technology such as cookies and..
| |
https://www.cnet.com/roadshow/news/jaguar-land-rover-activity-key-sales-f-pace-velar-e-pace-hot/#ftag=CAD590a51e
Richard Branson looking beyond the West Coast Main Line with Virgin Hyperloop One...
https://www.engadget.com/2018/02/19/india-inches-ahead-in-the-race-to-build-a-hyperloop/
 |
www.cnet.com
Shoppers are ponying up for this Fitbit-like RF-based wearable tech in surprising numbers.
| |
https://www.engadget.com/2018/02/19/india-inches-ahead-in-the-race-to-build-a-hyperloop/
 |
www.engadget.com
Could India be the home of the first working Hyperloop?
| |
Subscribe to:
Posts (Atom)
-
G Suite/Gmail gives an error when trying to authenticate your Office 365 email account. Email used to be relatively simple in days of yore...
-
Hire is Google's answer to the recruiting process - an Applicant Tracking System (ATS) that integrates with its existing G Suite too... -
Facebook has started to notify users who may have had their data shared with Cambridge Analytica. According to Facebook, in total, aroun...