Privacy Transformation - Issue 107

PRIVACY

HSE cyber attack latest: Sensitive data of 520 patients has been put online by hackers, HSE reveals

HSE cyber attack latest: Sensitive data of 520 patients has been put online by hackers, HSE reveals

HSE data relating to around 520 patients, as well as some corporate documents, have been released on to the internet following the cyber-attack, the HSE revealed today.

RELATED:

How to negotiate with ransomware hackers

Lead cyber crime garda issues advice to public struck by data leak from HSE ransomware attack

Government did not breach data protection laws with Public Services Card database

Government did not breach data protection laws with Public Services Card database

The Data Protection Commission (DPC) has ruled that a Government department did not breach data protection law in ordering an amendment to its privacy statement regarding the Public Services Card database.

RELATED:

DPC Summary Decision: Department of Employment Affairs and Social Protection May 2021

DPC Full Decision: Department of Employment Affairs and Social Protection May 2021

Digital rights group targets Irish companies over cookie consents

Max Schrems-backed group has sent 560 GDPR-related complaints over cookie banners.

RELATED:

noyb aims to end “cookie banner terror” and issues more than 500 GDPR complaints

The Guardian view on medical records: NHS data grab needs explaining

In England, ministers’ plans to suck up GP records need to be scrapped and restarted with a proper debate about their use and privacy implications

GDPR is being used as a bureaucratic dodge to avoid public scrutiny

GDPR is being used as a bureaucratic dodge to avoid public scrutiny

Although it is European legislation, the GDPR’s impact has been global. Once in place, it established a high data protection bar for Europeans, and not just for EU-based organisations. As of May 25th, 2018, any entity anywhere has had to comply with the GDPR if it wants to do business with the people within one of the world’s largest economic markets.

SECURITY & TECH

A rogue killer drone 'hunted down' a human target without being instructed to, UN report says

A rogue killer drone 'hunted down' a human target without being instructed to, UN report says

The Kargu-2, a deadly attack drone, autonomously attacked a person during a conflict in Libya, according to a UN report seen by the New Scientist.

'Apple is eating our lunch': Google employees admit in lawsuit that the company made it nearly impossible for users to keep their location private

'Apple is eating our lunch': Google employees admit in lawsuit that the company made it nearly impossible for users to keep their location private

Google misled phone makers into hiding privacy settings users liked in order to collect more location data, according to newly unredacted documents.

Codes of conduct approved for the cloud industry

Codes of conduct approved for the cloud industry

The two recently approved Codes of Conduct for the cloud industry, which will be open to everyone willing to subscribe, could foster the uptake of a technology at the heart of the digital economy, following a green light from the European Data Protection Board.

Irish NCSC - FluBot Advisory

The NCSC has received reports of a spyware software labeled FluBot affectingAndroid users in Ireland. FluBot is used by malicious parties to steal passwordsand sensitive data from the victims’ mobile device. It will access victims’contacts and spread the malicious application through further text messages.

UK NCSC: Weekly Threat Report

UK NCSC: Weekly Threat Report

The NCSC's weekly threat report is drawn from recent open source reporting.

DATA BREACH

Vast majority of Government data breaches were in 'highly sensitive' Departments

Vast majority of Government data breaches were in 'highly sensitive' Departments

There have been in excess of 2,000 data breaches from Government departments since 2019, figures show – the vast majority in departments with “highly sensitive” data.

PCH hit with data breach after refusing hacker ransom demands

PCH hit with data breach after refusing hacker ransom demands

The Cork manufacturing giant confirmed it was targeted by the same criminal gang that attacked the HSE.

UK Special Forces soldiers' personal data was floating around WhatsApp in a leaked Army spreadsheet

UK Special Forces soldiers' personal data was floating around WhatsApp in a leaked Army spreadsheet

An astonishing data security blunder saw the personal data of Special Forces soldiers circulating around WhatsApp in a leaked British Army spreadsheet.

Breached data at INM may have contained sensitive information

Breached data at INM may have contained sensitive information

Confidential information identifying journalistic sources may have been accessed.

ENFORCEMENT

ICO: Conservative Party fined £10,000 for sending unlawful emails

ICO: Conservative Party fined £10,000 for sending unlawful emails

The Information Commissioner’s Office (ICO) has fined the Conservative Party £10,000 for sending 51 marketing emails to people who did not want to receive them.

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

GUIDANCE & OPINIONS

DPC: When your personal data has been affected by a breach

DPC: When your personal data has been affected by a breach

This guidance shows you how to recognise and reduce the risks that can materialise as a result of your personal data being breached and what to do when you become aware that it is being used by unauthorised third parties.

EDPB Opinion 16/2021 regarding the “EU Data Protection Code of Conduct for Cloud Service Providers”

Opinion 16/2021on the draft decision of the Belgian Supervisory Authority regarding the “EU Data Protection Code of Conduct for Cloud Service Providers”submitted by Scope Europe.

CONTRIBUTE

Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.