Privacy Transformation - Issue 135

PRIVACY

Data Protection Commissioner has marked Government's card with PSC outcome 

Data Protection Commissioner has marked Government's card with PSC outcome

The dropping of the Department of Social Protection’s legal challenge to the DPC may indeed represent a seismic shift in the Government’s attitude to data protection, one of the key modern concerns for most western democracies.

RELATED:

DPC welcomes resolution of proceedings relating to the Public Services Card

Department drops appeal regarding legality of Public Services Card

'We've been totally vindicated': State admits rights of Mother & Baby Home survivors were breached

'We've been totally vindicated': State admits rights of Mother & Baby Home survivors were breached

“It’s been such a battle but we’ve been totally vindicated, that’s the most important thing. This time our voices have been heard in terms of justice.”

Dixon defends data regulator from MEPs’ attack

Dixon defends data regulator from MEPs’ attack

Data protection chief Helen Dixon dismissed claims at the weekend that her organisation lobbied EU data protection authorities to ease rules for big tech companies.

RELATED:

Comment from Norwegian DPA on relationship with DPC

EDPB Statement : EDPB cooperation on the elaboration of guidelines

Third noyb "Advent Reading" from Facebook/DPC Documents

DPC needs an overhaul of funding, structure and leadership

MEPs to back new regime to rein in power and scale of US tech giants

MEPs to back new regime to rein in power and scale of US tech giants

MEPs want to halt tech giants like Google and Facebook from snapping up smaller rivals and set extra controls on targeted ads.

Human Rights Act: UK government unveils reform proposals

Human Rights Act: UK government unveils reform proposals

The UK government has launched what it says will be "common sense" reforms to the Human Rights Act that will "restore confidence" in the legal system. The proposals commit to staying within the European Convention on Human Rights, despite pressure from some Conservatives to leave the treaty.

Data Protection chiefs feared running out of space for staff after move to new HQ was delayed

Data Protection chiefs feared running out of space for staff after move to new HQ was delayed

The Data Protection Commission (DPC) warned it would be “disastrous” if its planned move to a new €1.4m-a-year rented headquarters was blocked.

SECURITY & TECH

Opening of email attachment led to HSE cyber attack, report finds

Opening of email attachment led to HSE cyber attack, report finds

The opening of a malicious Microsoft Excel file attached to a phishing email led to the cyber attack that crippled the national health service earlier this year, according to a report on the incident published on Friday.

[See Resources Section for Cyber-Attack Report]

RELATED:

Irish health cyber-attack could have been even worse, report says

HSE hackers were in health service's computer system for eight weeks before cyber attack

Zero-day in ubiquitous Log4j tool poses a grave threat to the Internet

Zero-day in ubiquitous Log4j tool poses a grave threat to the Internet

Exploit code has been released for a serious code-execution vulnerability in Log4j, an open source logging utility that's used in countless apps, including those used by large enterprise organizations, several websites reported last Thursday.

RELATED: National body warns organisations of serious cyber security threat

Ransomware attack on Kronos could disrupt how companies pay, manage employees for weeks

Ransomware attack on Kronos could disrupt how companies pay, manage employees for weeks

A ransomware attack has hit HR management company Kronos, disrupting how major companies process payroll and manage employees.

UK NCSC: Weekly Threat Report

UK NCSC: Weekly Threat Report

The NCSC's weekly threat report is drawn from recent open source reporting.

DATA BREACH

The new PPI? Claims firms turn their fire on data breaches

The new PPI? Claims firms turn their fire on data breaches

laims companies and law firms looking for the next bonanza in payouts are targeting people who have been the victim of a data breach, with some telling those affected they could be entitled to thousands of pounds in compensation.

ENFORCEMENT

Grindr Fined €6.5m for Selling User Data Without Explicit Consent

The penalty was issued for sharing users' special category data with third parties without their explicit consent.

Polish regulator to investigate Apple's privacy policy

Polish regulator to investigate Apple's privacy policy

Apple faces an investigation in Poland over whether its new rules on privacy and personal data processing for iOS devices violate competition law, Polish antimonopoly watchdog UOKiK said on Monday.

Tax Administration fined for discriminatory and unlawful data processing

Tax Administration fined for discriminatory and unlawful data processing

The Dutch Data Protection Authority (DPA) has imposed a €2.75 million fine on the Dutch Tax Administration. The fine was imposed because for many years the Tax Administration processed data on the (dual) nationality of childcare benefit applicants in an unlawful, discriminatory and therefore improper manner.

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

GUIDANCE & OPINIONS

EDPB: Contribution to the European Commission’s evaluation of the Data Protection Law Enforcement Directive (LED) under Article 62

Contribution of the EDPB to the European Commission’s evaluation of the Data Protection Law Enforcement Directive (LED) under Article 62

RESOURCES

DPC publishes final version of Children’s “Fundamentals”

DPC publishes final version of Children’s “Fundamentals”

The Data Protection Commission (DPC) has today published the final version of its guidance “Children Front and Centre: Fundamentals for a Child-Oriented Approach to Data Processing” (the Fundamentals).

HSE publishes independent report on Conti cyber

HSE publishes independent report on Conti cyber

The HSE is today publishing the report of the independent review into the ransomware cyber-attack on its IT systems which took place earlier this year.

[Read Post Incident Review]

[Read Post Incident Review Executive Summary]

EDPB response to MEP István Ujhelyi on the alleged use of the Pegasus spyware

EDPB response to MEP István Ujhelyi on the alleged use of the Pegasus spyware

CONTRIBUTE

Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.