Privacy Transformation - Issue 128

PRIVACY

Government to beef up data protection regime

Government to beef up data protection regime

The Government is considering a significant change to the Data Protection regime here by appointing additional commissioners amid controversy over how the current DPC Helen Dixon’s office is responding to the volume and pace of privacy complaints, including against tech giants like Facebook.

RELATED: Privacy experts urge Government to appoint more data protection commissioners

Employers can’t ask workers about their vaccination status

Employers can’t ask workers about their vaccination status

Employers cannot force workers to produce Covid certs as a staggered return to the office stretches ahead over the coming months.

ICO: Joint statement on global privacy expectations of Video Teleconferencing companies

Final observations have been published on foot of the conclusion of na engagement by a number of privacy authorities with the five biggest video teleconferencing companies (Microsoft, Google, Cisco and Zoom). [Read final observations here]

Opinion: EDPB to Provide Clarification on Transfers to Importers Subject to the GDPR

Opinion: EDPB to Provide Clarification on Transfers to Importers Subject to the GDPR

The European Data Protection Board recently published minutes of its last plenary meeting held in September, which sheds light on how the EDPB plans to address the biggest open issue of the new SCCs - how importers subject to the GDPR could effect a data transfer given the new SCCs only apply to data importers who are not subject to the GDPR.

SECURITY & TECH

Ransomware attacks in UK have doubled in a year, says GCHQ boss

Jeremy Fleming says ransomware is proliferating as it is ‘largely uncontested’ and highly profitable

Schools put the brakes on facial recognition scheme for kids buying lunch

Schools put the brakes on facial recognition scheme for kids buying lunch

Schools in the United Kingdom have paused the rollout of facial recognition scans in cafeterias following backlash from data watchdogs and privacy advocates.

Location Data Firm Got GPS Data From Apps Even When People Opted Out

Location Data Firm Got GPS Data From Apps Even When People Opted Out

The news around location data firm Huq shows that data companies may not even really know if they've received consent to harvest information from ordinary phones.

Your browser can tell websites how to treat your data. But companies didn’t have to listen — until now

Your browser can tell websites how to treat your data. But companies didn’t have to listen — until now

A special signal called Global Privacy Control is sending mass “do not sell” requests on consumers’ behalf.

Global Privacy and Data Protection Awards 2021: CNIL awarded for its CookieViz 2.0 software and its analyses

Global Privacy and Data Protection Awards 2021: CNIL awarded for its CookieViz 2.0 software and its analyses

CookieViz is a software developed by the CNIL's digital innovation laboratory. It allows to display the cookies stored by third party domains when browsing the Web. Its source code is freely accessible and can be enhanced by developers.

UK NCSC: Weekly Threat Report

UK NCSC: Weekly Threat Report

The NCSC's weekly threat report is drawn from recent open source reporting.

DATA BREACH

NHS Digital exposes hundreds of email addresses after BCC blunder copies in entire invite list to 'Let's talk cyber' event

NHS Digital exposes hundreds of email addresses after BCC blunder copies in entire invite list to 'Let's talk cyber' event

NHS Digital has scored a classic Mail All own-goal by dispatching not one, not two, not three, but four emails concerning an infosec breakfast briefing, each time copying the entirety of the invite list in on the messages.

Hacker steals government ID database for Argentina's entire population

Hacker steals government ID database for Argentina's entire population

The Record by Recorded Future gives exclusive, behind-the-scenes access to leaders, policymakers, researchers, and the shadows of the cyber underground.

ENFORCEMENT

ICO warning after Scottish charity reveals personal data in email error

ICO warning after Scottish charity reveals personal data in email error

The Information Commissioner’s Office (ICO) is urging organisations to revisit their bulk email practices after failures by HIV Scotland led to a £10,000 fine.

NORWEIGAN DPA FINES

Ultra-Technology AS fined on foot of complaint from a private individual who was subjected to a credit assessment without any form of customer relationship or other connection to the company. [Read More]

Høylandet Municipal Council fined due to image files containing health data about people with no connection to the municipality being accessible to staff at the health clinic. [Read More]

Waxing Palace AS fined on foot of a complaint relating to CCTV monitoring of salon premises, the Data Protection Authority concluded that the enterprise did not have a legal basis for its monitoring. Additionally, it was found that the enterprise did not satisfactorily inform visitors or employees of its CCTV monitoring. [Read More]

St. Olavs Hospital fined for a lack of access management concerning folders not related to patient records. [Read More]

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

RESOURCES

ENISA Threat Landscape 2021

ENISA Threat Landscape 2021

This is the ninth edition of the ENISA Threat Landscape (ETL) report, an annual report on the status of the cybersecurity threat landscape that identifies prime threats, major trends observed with respect to threats, threat actors and attack techniques, and also describes relevant mitigation measures.

Report: Sustainability without surveillance

Report:  Sustainability without surveillance

Tracking-based online advertising imperils fundamental rights and publisher sustainability by diverting data and revenue from publishers. It favours Big Tech and the bottom of the web at legitimate publishers' expense, and enables massive fraud and micro-targeted disinformation.

NIST: Hardware-Enabled Security and Trusted Cloud: Draft Reports Available

NIST: Hardware-Enabled Security and Trusted Cloud: Draft Reports Available

The National Cybersecurity Center of Excellence has released three new draft reports on hardware-enabled security and trusted cloud for public comment.

CONTRIBUTE

Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.