Privacy Transformation - Issue 128
PRIVACY
Government to beef up data protection regime
The Government is considering a significant change to the Data Protection regime here by appointing additional commissioners amid controversy over how the current DPC Helen Dixon’s office is responding to the volume and pace of privacy complaints, including against tech giants like Facebook.
RELATED: Privacy experts urge Government to appoint more data protection commissioners
Employers can’t ask workers about their vaccination status
Employers cannot force workers to produce Covid certs as a staggered return to the office stretches ahead over the coming months.
ICO: Joint statement on global privacy expectations of Video Teleconferencing companies
Final observations have been published on foot of the conclusion of na engagement by a number of privacy authorities with the five biggest video teleconferencing companies (Microsoft, Google, Cisco and Zoom). [Read final observations here]
Opinion: EDPB to Provide Clarification on Transfers to Importers Subject to the GDPR
The European Data Protection Board recently published minutes of its last plenary meeting held in September, which sheds light on how the EDPB plans to address the biggest open issue of the new SCCs - how importers subject to the GDPR could effect a data transfer given the new SCCs only apply to data importers who are not subject to the GDPR.
SECURITY & TECH
Ransomware attacks in UK have doubled in a year, says GCHQ boss
Jeremy Fleming says ransomware is proliferating as it is ‘largely uncontested’ and highly profitable
Schools put the brakes on facial recognition scheme for kids buying lunch
Schools in the United Kingdom have paused the rollout of facial recognition scans in cafeterias following backlash from data watchdogs and privacy advocates.
Location Data Firm Got GPS Data From Apps Even When People Opted Out
The news around location data firm Huq shows that data companies may not even really know if they've received consent to harvest information from ordinary phones.
Your browser can tell websites how to treat your data. But companies didn’t have to listen — until now
A special signal called Global Privacy Control is sending mass “do not sell” requests on consumers’ behalf.
Global Privacy and Data Protection Awards 2021: CNIL awarded for its CookieViz 2.0 software and its analyses
CookieViz is a software developed by the CNIL's digital innovation laboratory. It allows to display the cookies stored by third party domains when browsing the Web. Its source code is freely accessible and can be enhanced by developers.
UK NCSC: Weekly Threat Report
The NCSC's weekly threat report is drawn from recent open source reporting.
DATA BREACH
NHS Digital exposes hundreds of email addresses after BCC blunder copies in entire invite list to 'Let's talk cyber' event
NHS Digital has scored a classic Mail All own-goal by dispatching not one, not two, not three, but four emails concerning an infosec breakfast briefing, each time copying the entirety of the invite list in on the messages.
Hacker steals government ID database for Argentina's entire population
The Record by Recorded Future gives exclusive, behind-the-scenes access to leaders, policymakers, researchers, and the shadows of the cyber underground.
ENFORCEMENT
ICO warning after Scottish charity reveals personal data in email error
The Information Commissioner’s Office (ICO) is urging organisations to revisit their bulk email practices after failures by HIV Scotland led to a £10,000 fine.
NORWEIGAN DPA FINES
Ultra-Technology AS fined on foot of complaint from a private individual who was subjected to a credit assessment without any form of customer relationship or other connection to the company. [Read More]
Høylandet Municipal Council fined due to image files containing health data about people with no connection to the municipality being accessible to staff at the health clinic. [Read More]
Waxing Palace AS fined on foot of a complaint relating to CCTV monitoring of salon premises, the Data Protection Authority concluded that the enterprise did not have a legal basis for its monitoring. Additionally, it was found that the enterprise did not satisfactorily inform visitors or employees of its CCTV monitoring. [Read More]
St. Olavs Hospital fined for a lack of access management concerning folders not related to patient records. [Read More]
More on the latest GDPR enforcement news can be found on:
RESOURCES
ENISA Threat Landscape 2021
This is the ninth edition of the ENISA Threat Landscape (ETL) report, an annual report on the status of the cybersecurity threat landscape that identifies prime threats, major trends observed with respect to threats, threat actors and attack techniques, and also describes relevant mitigation measures.
Report: Sustainability without surveillance
Tracking-based online advertising imperils fundamental rights and publisher sustainability by diverting data and revenue from publishers. It favours Big Tech and the bottom of the web at legitimate publishers' expense, and enables massive fraud and micro-targeted disinformation.
NIST: Hardware-Enabled Security and Trusted Cloud: Draft Reports Available
The National Cybersecurity Center of Excellence has released three new draft reports on hardware-enabled security and trusted cloud for public comment.
CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.