Privacy Transformation - Issue 260

Curated privacy, security & tech news, insights & resources with a focus on Irish and EU developments.


PRIVACY & SECURITY

đź’ˇ Insights: The American Privacy Rights Act's definition of covered data

In combing through a proposed or draft bill, privacy professionals naturally orient themselves by seeking out defined terms, scanning for the foundational and consequential definition of "personal data." Within the discussion draft of the latest effort to enact a national comprehensive privacy law, the American Privacy Rights Act, such a search comes up empty.

Senior HSE cybersecurity roles still not filled three years after major ransomware attack

Senior cybersecurity posts have still not been permanently filled by the HSE three years after a major ransomware attack on the health service IT infrastructure that caused lengthy delays in patient treatment and compromised the personal data of 100,000 staff and patients.

Unions seek privacy probes over Amazon’s work surveillance systems

Trade unions from 11 different European countries have written to data protection authorities across the bloc asking them to investigate Amazon’s data surveillance practices. The tech giant previously received a data protection fine in France last year for monitoring employee activity.


DATA BREACH

Dell discloses data breach of customers’ physical addresses

Technology giant Dell notified customers on Thursday that it experienced a data breach involving customers’ names and physical addresses.

European Parliament’s recruitment application compromised in data breach

The European Parliament have sent an internal notification to its staff about a data breach in the application PEOPLE, used for the recruitment of the institution’s non-permanent staff.

HSE discovers covert recording device in Sligo healthcare facility

A covert recording device was discovered at a healthcare facility in Sligo by Health Service Executive (HSE) staff last year. The incident was one of 615 data breaches in which personal or medical information relating to patients and other individuals was inadvertently exposed to third parties during 2023.


ENFORCEMENT

Finnish DPA: Administrative fine of €856K for failing to define storage period of customer data

The Finnish Supervisory Authority investigated the activities of the online retailer Verkkokauppa.com due to a complaint filed by a customer. The controller had not specified the storage period of the data collected for the customer accounts of its online shop. An administrative fine of EUR 856,000 was imposed for failing to define storage period of customer account data & the controller was ordered to specify an appropriate storage period for customer account data and rectify its practice of mandatory registration.


RESOURCES

đź“• ENISA: Foresight Cybersecurity Threats For 2030 - Update 2024: Extended report

This is the second iteration of the “ENISA Foresight Cybersecurity Threats for 2030” study that represents a comprehensive analysis and assessment of emerging cybersecurity threats projected for the year 2030. The report reassesses the previously identified top ten threats and respective trends whilst exploring the developments over the course of a year.


CONTRIBUTE
Have an interesting article, book, video, podcast or other resource that you would like to share with your fellow privacy practitioners? Please do drop me a note!