Privacy Transformation - Issue 45

PRIVACY

Data privacy erosions could leave a dangerous legacy

Data privacy erosions could leave a dangerous legacy

When an image circulated on Twitter last week showing colour-coded data from more than a million smart thermometers plotted to a map of the United States, it created a sensation. Areas with fever-level readings from the thermometers, highlighted in orange and red, stood out against cooler colours for normal temperatures. Fever zones closely matched many known coronavirus clusters.  Except, dramatically, in one place: Florida... [read more]

Privacy in a time of corona

Privacy in a time of corona

The current unfolding catastrophe has the rights to privacy and data protection under siege (or in lockdown, if you prefer) because, of course, all problems in the world would be solved if only we could ditch those constraints on the use of others people’s personal data.

A Closer Look at Location Data: Privacy and Pandemics

A Closer Look at Location Data: Privacy and Pandemics

In light of COVID-19, there is heightened global interest in harnessing location data held by major tech companies to track individuals affected by the virus, better understand the effectiveness of social distancing, or send alerts to individuals who might be affected based on their previous proximity to known cases.

SECURITY & TECH

Working from home risks online security and privacy – how to stay protected

Working from home risks online security and privacy – how to stay protected

Remote working can be a blessing. More time with family, less commuting, and meetings from the comfort of your living room. But as millions across the world switch to working from home due to the COVID-19 pandemic, they may be putting the security and privacy of themselves, their families and their employers at risk.

Also relavant is this weeks resource from the DPC on Protecting Personal Data When Working Remotely.

DATA BREACH

There is a Serious Lack of Corporate Responsibility During Breach Disclosures

There is a Serious Lack of Corporate Responsibility During Breach Disclosures

Security specialist Troy Hunt speaks about the difficulties often encountered in responsibly disclosing breaches to the companies whose customers they affect.

ENFORCEMENT

Norweigan DPA - Store fined after CCTV footage is circulated

Norweigan DPA - Store fined after CCTV footage is circulated

A Norweigan store has been fined €34,800 after the store manager circulated CCTV footage after recording the video on their phone.

Croatian DPA - Bank fined for refusing Data Subject Access Request

A bank refused to fulfill data subject access requests to credit documentation relating to loan repayments and other activities. Despite the DPA ordering the bank to facilitate these requests, they failed to comply. The fine has yet to be determined, but is expected to be severe, given the banks lack of cooperation.

More on the latest GDPR enforcement notices can be found on:

enforcementtracker.com

GUIDANCE

DPC - Covid 19 and Subject Access Requests

DPC - Covid 19 and Subject Access Requests

Do the timelines for responding to GDPR data subject requests still apply where an organisation is temporarily closed or capacity to handle requests is curtailed because of COVID-19?

DPC: Protecting Personal Data When Working Remotely

DPC: Protecting Personal Data When Working Remotely

Measures to control and prevent the spread of COVID-19 will involve more people working remotely than usual. These are some tips to keep personal data safe when working away from the office.

RESOURCES

Privacy International - Tracking the Global Response to COVID-19

Privacy International have launched an initiative to monitor the various technical and operational measures taken around the world to repsond to COVID-19.

ENISA - Launch cybersecurity platform: get involved and educate yourself

ENISA - Launch cybersecurity platform: get involved and educate yourself

The new whitepaper on “Cybersecurity Skills Development in the EU” focuses on the state of the cybersecurity education system and the difficulty in attracting more students to cybersecurity studies. It looks at how we can increase the number of graduates with relevant cybersecurity knowledge and skills.