Privacy Transformation - Issue 111
PRIVACY
EU rules UK data protection is ‘adequate’ in boost for business
British data protection standards are “adequate”, the EU has ruled in a long-awaited decision that lets digital information continue to flow between the UK and the bloc. But Brussels warned Boris Johnson’s government the decision could be revoked “immediately” if it sees weakening UK standards.
RELATED: Commission adopts adequacy decisions for the UK
The road ahead in an uncertain world of cross-border data transfers
This article summarizes the legal context and answers to key questions about the road ahead for new SCCs, "Schrems II" and Privacy Shield 2.0.
NHS data sale 'an invasion of privacy'
An NHS trust has said it will consult patients before selling 1.1 million medical records it owns to a private firm later this year. NHS Somerset Foundation Trust struck the deal with Sensyne Health in November 2020 but is yet to transfer any information.
SECURITY & TECH
Ransomware attacks often leave companies no option but to pay up
Hostage negotiators taught Kurtis Minder how to deal with ransomware hackers. Most of the attacks his clients deal with fall into three categories — all of which he says should be preventable.
RELATED:
Ransomware is not out of control; security teams are
Why Are There Never Enough Logs During An Incident Response?
HSE secures orders to get details of those who downloaded cyber attack information
The Irish High Court has ordered that the HSE be provided with details of people who uploaded and downloaded confidential material taken in the recent cyber attack onto a internet security’s firm’s web-service.
UK tells messaging apps not to use e2e encryption for kids’ accounts
For a glimpse of the security and privacy dystopia the UK government has in store for its highly regulated ‘British Internet’, look no further than guidance put out by the Department of Digital, Media, Culture and Sport (DCMS) yesterday — aimed at social media platforms and private messaging services — which includes the suggestion that the latter should “prevent’ the use of end-to-end encryption on “child accounts”.
EA ignored domain vulnerabilities for months despite warnings and breaches
Gaming giant Electronic Arts is facing even more criticism from the cybersecurity industry after ignoring warnings from cybersecurity researchers in December 2020 that multiple vulnerabilities left the company severely exposed to hackers.
Google tracking cookies ban delayed until 2023
Google says it intends to phase out third-party cookies, which track web users' activities online.
Microsoft says new breach discovered in probe of suspected SolarWinds hackers
Microsoft has said an attacker had won access to one of its customer-service agents and then used information from that to launch hacking attempts against customers.
DATA BREACH
LinkedIn Suffers Massive Data Breach, Personal Details of 92 Percent Users Being Sold Online
LinkedIn has suffered a new data breach and personal data of 700 million of its users has been put up for sale on the Dark Web. The dataset includes users’ information like email addresses, full names, phone numbers, physical addresses, geolocation records, and LinkedIn username and profile URLs.
Mercedes Benz Data Leak Includes Card and Social Security Details
Mercedes Benz has released details of a data breach affecting customers and prospective buyers in the US. The luxury carmaker said a vendor had informed the company on June 11 that the information was “inadvertently made accessible on a cloud storage platform.” It appears that a third-party security researcher first raised the alarm.
Classified Ministry of Defence documents found at bus stop
The papers contain details about UK warship HMS Defender and the British military.
Cyber attacks resulting in data breaches on the rise
There's been a sharp rise in cyberattacks in recent weeks, often disrupting services and products that are essential to everyday lives. Electronics Arts, McDonald's, Peloton and Volkswagen were effected by data breaches in June alone.
GUIDANCE & OPINIONS
CNIL publishes guidance outlining methodology to assess data transfers outside EU
France's data protection authority has published guidance for controllers on how to identify assess data transfers outside the European Union.
[Note: Only available in French]
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.