Privacy Transformation - Issue 111

PRIVACY

EU rules UK data protection is ‘adequate’ in boost for business

EU rules UK data protection is ‘adequate’ in boost for business

British data protection standards are “adequate”, the EU has ruled in a long-awaited decision that lets digital information continue to flow between the UK and the bloc. But Brussels warned Boris Johnson’s government the decision could be revoked “immediately” if it sees weakening UK standards.

RELATED: Commission adopts adequacy decisions for the UK

The road ahead in an uncertain world of cross-border data transfers

The road ahead in an uncertain world of cross-border data transfers

This article summarizes the legal context and answers to key questions about the road ahead for new SCCs, "Schrems II" and Privacy Shield 2.0.

NHS data sale 'an invasion of privacy'

NHS data sale 'an invasion of privacy'

An NHS trust has said it will consult patients before selling 1.1 million medical records it owns to a private firm later this year. NHS Somerset Foundation Trust struck the deal with Sensyne Health in November 2020 but is yet to transfer any information.

SECURITY & TECH

Ransomware attacks often leave companies no option but to pay up

Ransomware attacks often leave companies no option but to pay up

Hostage negotiators taught Kurtis Minder how to deal with ransomware hackers. Most of the attacks his clients deal with fall into three categories — all of which he says should be preventable.

RELATED:

Ransomware is not out of control; security teams are

Why Are There Never Enough Logs During An Incident Response?

HSE secures orders to get details of those who downloaded cyber attack information

HSE secures orders to get details of those who downloaded cyber attack information

The Irish High Court has ordered that the HSE be provided with details of people who uploaded and downloaded confidential material taken in the recent cyber attack onto a internet security’s firm’s web-service.

UK tells messaging apps not to use e2e encryption for kids’ accounts

UK tells messaging apps not to use e2e encryption for kids’ accounts

For a glimpse of the security and privacy dystopia the UK government has in store for its highly regulated ‘British Internet’, look no further than guidance put out by the Department of Digital, Media, Culture and Sport (DCMS) yesterday — aimed at social media platforms and private messaging services — which includes the suggestion that the latter should “prevent’ the use of end-to-end encryption on “child accounts”.

EA ignored domain vulnerabilities for months despite warnings and breaches

EA ignored domain vulnerabilities for months despite warnings and breaches

Gaming giant Electronic Arts is facing even more criticism from the cybersecurity industry after ignoring warnings from cybersecurity researchers in December 2020 that multiple vulnerabilities left the company severely exposed to hackers.

Google tracking cookies ban delayed until 2023

Google tracking cookies ban delayed until 2023

Google says it intends to phase out third-party cookies, which track web users' activities online.

Microsoft says new breach discovered in probe of suspected SolarWinds hackers

Microsoft says new breach discovered in probe of suspected SolarWinds hackers

Microsoft has said an attacker had won access to one of its customer-service agents and then used information from that to launch hacking attempts against customers.

DATA BREACH

LinkedIn Suffers Massive Data Breach, Personal Details of 92 Percent Users Being Sold Online

LinkedIn Suffers Massive Data Breach, Personal Details of 92 Percent Users Being Sold Online

LinkedIn has suffered a new data breach and personal data of 700 million of its users has been put up for sale on the Dark Web. The dataset includes users’ information like email addresses, full names, phone numbers, physical addresses, geolocation records, and LinkedIn username and profile URLs.

Mercedes Benz Data Leak Includes Card and Social Security Details

Mercedes Benz Data Leak Includes Card and Social Security Details

Mercedes Benz has released details of a data breach affecting customers and prospective buyers in the US. The luxury carmaker said a vendor had informed the company on June 11 that the information was “inadvertently made accessible on a cloud storage platform.” It appears that a third-party security researcher first raised the alarm.

Classified Ministry of Defence documents found at bus stop

Classified Ministry of Defence documents found at bus stop

The papers contain details about UK warship HMS Defender and the British military.

Cyber attacks resulting in data breaches on the rise

Cyber attacks resulting in data breaches on the rise

There's been a sharp rise in cyberattacks in recent weeks, often disrupting services and products that are essential to everyday lives. Electronics Arts, McDonald's, Peloton and Volkswagen were effected by data breaches in June alone.

GUIDANCE & OPINIONS

CNIL publishes guidance outlining methodology to assess data transfers outside EU

CNIL publishes guidance outlining methodology to assess data transfers outside EU

France's data protection authority has published guidance for controllers on how to identify assess data transfers outside the European Union.

[Note: Only available in French]

CONTRIBUTE

Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.