Writing and Blog

A collection of my writing, musings, and opinion pieces. Please check back for updates!

Hire Ross

Ross is available for technical and other writing.

Should you be interested, please get in touch!

Privacy by Design

Although its been around for a while, Privacy by Design and by Default has really come to the fore in Article 25 of the GDPR. This concept puts forward that if you are designing a process, technology, or any other item in a business, it should be designed to be secure and private by default.
read more

Special Offer – “Introduction to Data Privacy” Workshop

For the remainder of 2019, I am running a promotion on my popular "Introduction to Data Privacy" workshop - a workshop designed to upskill all staff in a company on what Data Privacy is. A while back I wrote an article on why education is important, this workshop facilitates that and so much more!
read more

Incident Response Plans and Policies

A vital part of any Data Protection strategy is that of an incident response plan and policy. Your incident response policy dictates what your company does in the event that there is an incident within the business involving data, and the incident response plan details who is responsible for what function during an incident, and how to perform any actions that need to take place.
read more

Upcoming Data Protection Brunches

Everybody needs to know about Data Protection and Privacy, particularly the C-suite and senior management. My Data Protection Brunch series is just the thing to up-skill yourself and your leadership team. These informal brunch meetings take place around the country and detail the ins and outs of Data Protection for your business.
read more

Saving Passwords – Browsers vs Managers

Recently, a bank in South Africa (FNB) drew the ire of the security and privacy communities when they disabled the use of password managers on their online banking system - resulting in people having to remember much shorter and less secure passwords as opposed to highly secure passwords generated in password managers. From their press releases, it would seem that their intention was to disable the saving of passwords in a browser, which inadvertently disabled the use of password managers too. They have since retracted the code that disabled this so that password managers can remain in use, while issuing a stern warning against saving your passwords in a browser.
read more

Events, Threats, Incidents and Breaches

Recently, a bank in South Africa (FNB) drew the ire of the security and privacy communities when they disabled the use of password managers on their online banking system - resulting in people having to remember much shorter and less secure passwords as opposed to highly secure passwords generated in password managers. From their press releases, it would seem that their intention was to disable the saving of passwords in a browser, which inadvertently disabled the use of password managers too. They have since retracted the code that disabled this so that password managers can remain in use, while issuing a stern warning against saving your passwords in a browser.
read more

How to create a Standard Operating Procedure

A trend I've seen is that executives and staff outside of the security and privacy space often refer to any event involving IT security as a "breach", not only is this incorrect, it's a dangerous word to be throwing around with some serious consequences. In this article, I'll be looking at four main terms, those of events, threats, incidents and breaches, as well as the differences between them and why a distinction is vitally important.
read more

Document Your Privacy Efforts

On a couple of occasions I've mentioned the importance of Standard Operating Procedures and how they can benefit both your business and your privacy exercises. In today's article, I'm going to show you just how easy it is to get started in mapping these out.
read more

I wrote a book!

As a small business, it's easy to fall into the trap of not documenting your privacy related efforts and activities. We get caught up in the day-to-day running of things and documentation is really the last thing on our mind. It is, however, vital to your efforts - because if anything goes wrong, you'll need to show proof of what you have done to protect data.
read more

FaceApp – is the Privacy outcry valid?

While I normally discuss matters of data protection and privacy, another topic I'm hugely passionate about is management - particularly new managers being promoted from specialist roles. When the same happened to me many years ago, it took a long time for me to learn the skills needed in order to effectively lead.
read more