Organizations processing sensitive personal information must ensure that it is encrypted using Transport Layer Security version 1.2 or higher, Denmark’s data regulator said Wednesday.
The Danish Data Protection Agency’s statement follows its April 7 ruling criticizing the National Police for using version 1.0 of the protocol on an online gun permit application platform, which processed personal data such as names, addresses, and social security numbers. The agency said TLS versions 1.0 and 1.1 “contain known vulnerabilities that do not ensure the necessary data confidentiality and integrity,” which likely constitutes a breach of the EU’s General Data Protection Regulation, or GDPR. ...
Learn more about Bloomberg Law or Log In to keep reading:
See Breaking News in Context
Bloomberg Law provides trusted coverage of current events enhanced with legal analysis.
Already a subscriber?
Log in to keep reading or access research tools and resources.