BRA Information Security Incident Analysis
On October 1st, 2024, the Barbados Today media company published an article indicating the Barbados Revenue Authority (BRA) and police are investigating a reported breach of the BRA vehicle registration data. The article references an official statement from BRA stating they were aware that some vehicle registration application information was circulating on the internet and social media and were actively investigating the incident. The article further quoted the official statement indicating, “[BRA] understands that restricting access to the vehicle registration portal is disruptive to Barbadians, and we regret the inconvenience that these necessary precautions have caused for the public.” The CBC Barbados X (Twitter) account posted an audio snippet from Minister of Industry, Innovation, Science and Technology, Marsha Caddle, on October 1st, 2024. The Minister indicated she is aware of the breach at BRA and, based on investigations at the time, the breach was isolated to the vehicle registration application.…
Operationalizing the Jamaica Data Protection Act: A Conversation with the Information Commissioner
Symptai Consulting Limited hosted a webinar with Jamaica’s Information Commissioner (equivalent to the role of Data Protection Commissioner under GDPR) for a very engaging conversation around the impact of the Jamaica Data Protection Act which came into effect on December 1, 2021. This marked the start of a 2 year transition period within which Data Controllers must familiarise themselves with the Act, their role and enforce practices that ensure compliance. You can view the recording of the webinar below or read a summy of the Act here.
Dear HR . . . Does data protection law affect my role in HR?
The February 9th, 2022 issue of Barbados Today had a column that discussed the impact of the Barbados Data Protection Act on HR personnel, titled “Dear HR . . . Does data protection law affect my role in HR?“. The article explained why data protection is important, outlines the role of data controllers, how HR staff are impacted and key components of the Act. You can read the entire article here.
NIST Updates Security and Privacy Control Assessment Procedures
The National Institute of Standards and Technology (NIST) has published an update to its SP 800-53A standard, “Assessing Security and Privacy Controls in Information Systems and Organizations.” The publication provides a methodology and set of procedures for conducting assessments of security and privacy controls employed within systems and organizations within an effective risk management framework. The assessment procedures, executed at various phases of the system development life cycle, are consistent with the security and privacy controls in NIST Special Publication 800-53, Revision 5. The SP 800-53A assessment procedures are flexible, provide a framework and starting point for control assessments, and can be tailored to the needs of organizations and assessors. SP 800-53A facilitates security and privacy control assessments conducted within an effective risk management framework. The revision includes new assessment procedures that address newly added and updated privacy and supply chain risk management controls in SP 800-53 Revision 5. SP…
Data Privacy Day 2021
January 28th is celebrated internationally as Data Privacy Day, when security and privacy professionals push data privacy. While not officially recognised by our government as yet, our chapter recognises its importance. Data privacy is at the heart of protecting citizens in today’s world where the internet is considered a right, and where social media, smartphones, email and IM are an integral part of our lives. In recognition of the Data Privacy Day 2021, we’ve published an article in the Barbados Today news paper. You can read the article here.