Privacy Transformation - Issue 176

PRIVACY

US expected to publish Privacy Shield executive order next week

US expected to publish Privacy Shield executive order next week

The White House is expected to publish its long-awaited executive order on transatlantic data transfers next week, according to three officials with knowledge of the matter. The order is designed to address European concerns over surveillance practices in the United States and may be signed by President Joe Biden and then published as early as October 3, one of the officials said.

MEPs call for independent review of Irish DPC after Dublin visit

MEPs call for independent review of Irish DPC after Dublin visit

MEP Maite Pagazaurtundúa said the delegation was concerned that Ireland’s data protection authority is ‘a bottleneck’ of GDPR enforcement.

Instagram launches High Court appeal against record €405 million fine

Instagram launches High Court appeal against record €405 million fine

The fine was issued following an investigation into the way Instagram handled teenagers’ personal data.

SECURITY & TECH

LockBit ransomware builder leaked online by “angry developer”

LockBit ransomware builder leaked online by “angry developer”

The LockBit ransomware operation has suffered a breach, with an allegedly disgruntled developer leaking the builder for the gang's newest encryptor.

Ransomware data theft tool may show a shift in extortion tactics

Ransomware data theft tool may show a shift in extortion tactics

Data exfiltration malware known as Exmatter and previously linked with the BlackMatter ransomware group is now being upgraded with data corruption functionality that may indicate a new tactic that ransomware affiliates might switch to in the future.

AI Is Probably Using Your Images and It's Not Easy to Opt Out

AI Is Probably Using Your Images and It's Not Easy to Opt Out

In one stark example of how sensitive images can end up powering these AI tools, a user found a medical image in the LAION dataset, which was used to train Stable Diffusion and Google’s Imagen.

MFA Fatigue: Hackers’ new favorite tactic in high-profile breaches

MFA Fatigue: Hackers’ new favorite tactic in high-profile breaches

Hackers are more frequently using social engineering attacks to gain access to corporate credentials and breach large networks. One component of these attacks that is becoming more popular with the rise of multi-factor authentication is a technique called MFA Fatigue.

DATA BREACH

Massive Australian data hack prompts privacy laws overhaul

Massive Australian data hack prompts privacy laws overhaul

After a massive data breach in which the personal information of up to 9.8 million users of the Optus telecom company was stolen, the Australian government has said it will overhaul privacy laws to require that affected companies notify banks.

RELATED: Optus, Australia’s second largest telco, says customer data exposed in data breach

Revolut hack exposes personal data of tens of thousands of users

Revolut hack exposes personal data of tens of thousands of users

Revolut said 0.16pc of its global customers were affected by a data breach that was detected and contained ‘within hours’.

UK NCSC: Weekly Threat Report

UK NCSC: Weekly Threat Report

The NCSC's threat report is drawn from recent open source reporting.

ENFORCEMENT

ICO: Action taken against SEVEN organisations who failed in their duty to respond to information access requests

ICO: Action taken against SEVEN organisations who failed in their duty to respond to information access requests

The Information Commissioner’s Office (ICO) has taken action against seven organisations who have failed to respond to the public when asked for personal information held about them, known as a Subject Access Request (SAR). A SAR must be responded to within one to three months.

Morgan Stanley fined $35m after hard drives sold with customer info still on them

Morgan Stanley fined $35m after hard drives sold with customer info still on them

Morgan Stanley Smith Barney has agreed to pay a paltry $35 million penalty after customers' sensitive records were left unencrypted on unwiped hard drives that were auctioned off after decommissioning.

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

RESOURCES

DPC Decision: Allianz plc - June 2022

DPC Decision: Allianz plc - June 2022

This decision arose from an own-volition inquiry commenced by the DPC pursuant to section 110 of the Data Protection Act 2018 to consider whether Allianz had complied with the GDPR in relation to its processing operations.

CONTRIBUTE

Have an interesting article, book, video, podcast or other resource that you would like to share with fellow privacy practitioners? Please do drop me a note.