Privacy Transformation - Issue 93

PRIVACY

DPC publishes 2020 Annual Report - 10% increase in data security breaches

DPC publishes 2020 Annual Report - 10% increase in data security breaches

The Data Protection Commission handled more than 10,000 cases last year, a 9% increase on the previous year.

6,628 valid data security breaches were notified to the commission over the period, up 10% on 2019, with unauthorised disclosures making up the vast majority.

Other Sources:

DPC Press Release

DPC Annual 2020 Report

The Journal - Over 6,600 data security breaches notified last year

Facebook pressed Irish ambassador to lobby US Congress members

Facebook pressed Irish ambassador to lobby US Congress members

Tech giant asked Daniel Mulhall to contact Friends of Ireland caucus over EU-US data transfers.

UK's Adequacy Decision Regarding EU and UK Data Sharing

UK's Adequacy Decision Regarding EU and UK Data Sharing

The European Union Commission issued draft adequacy decision for data flows between EU and UK. Whilst widely expected, this draft decision provides some assurance about the continuing free flow of data between the EU and UK although businesses should take heed of a few ongoing regulatory issues.

Draft Adequacy Decision available here.

Data Protection Commissioner: Transfer of Mother and Baby Homes records to Dept could be 'high risk'

Data Protection Commissioner: Transfer of Mother and Baby Homes records to Dept could be 'high risk'

The Data Protection Commissioner has warned that the Department of Children’s lack of expertise about the Mother and Baby Homes Commission’s archive could be a “high risk” when records are transferred to the government department once the commission is wound down.

Schrems II: How to protect against liability when using non-EEA vendors

Schrems II: How to protect against liability when using non-EEA vendors

This post looks at how companies can protect against liability when using non-EEA/equivalency country vendors.

VACCINE PASPORTS

Vaccine passports are an increasingly hot topic in data protection. In thisopinion piece, Eduardo Ustaran puts forward a case for how data protection can facilitate vaccine passports. With a contrary opinion, Jaap-Henk Hoepman illustrates why he considers such passports to be an 'utter waste of time and effort'.

SECURITY & TECH

UK NCSC - Weekly Threat Report 19th February 2021

UK NCSC - Weekly Threat Report 19th February 2021

The NCSC's weekly threat report is drawn from recent open source reporting.

‘Millions of people’s data is at risk’ — Amazon insiders sound alarm over security

‘Millions of people’s data is at risk’ — Amazon insiders sound alarm over security

Whistleblowers say they were forced out after flagging problems with e-commerce giant’s data security and compliance.

Irish data regulator stopped Facebook from introducing a suicide and self-harm alert service

Irish data regulator stopped Facebook from introducing a suicide and self-harm alert service

Ireland's Data Protection Commissioner (DPC) Helen Dixon stopped Facebook from introducing a new feature that would have seen the social platform contact health authorities if evidence of self-injury or suicidal ideation was seen in Facebook users’ accounts.

Microsoft wraps up SolarWinds investigation, says some code was stolen

Microsoft wraps up SolarWinds investigation, says some code was stolen

Investigation into the SolarWinds hack is now closed, but Microsoft's battle against cybersecurity threats continues.

WhatsApp to go ahead with changes despite backlash

WhatsApp to go ahead with changes despite backlash

The messaging app is making a second attempt to convince users to accept its new privacy policy.

Clubhouse confirms data spillage of its audio streams

Clubhouse confirms data spillage of its audio streams

A user has been banned for streaming audio from multiple Clubhouse chatrooms onto their website.

DATA BREACH

Thousands Of People Have Highly Personal Details Exposed In COVID-19 Vaccine Data Breach

Thousands Of People Have Highly Personal Details Exposed In COVID-19 Vaccine Data Breach

Thousands of people who have received the COVID-19 vaccine have had highly personal details exposed in a data breach, it can been revealed.

ENFORCEMENT

Spanish Data Protection Authority imposes fine of 6M EUR

Spanish Data Protection Authority imposes fine of 6M EUR

The Spanish Data Protection Authority (AEPD) imposed a total fine of 6M EUR on CAIXABANK, S.A., for unlawfully processing clients’ personal data (4M EUR) and not providing sufficient information regarding the processing of personal data (2M EUR).

Norwegian DPA issues fine to company performing credit rating without legal basis

The Norwegian Data Protection Authority has fined Aquateknikk AS EUR 10,000 for having performed a credit rating on a private individual without legal basis.

More on the latest GDPR enforcement news can be found on:

enforcementtracker.com

RESOURCES

Data Protection Commission 2020 Annual Report

Data Protection Commission 2020 Annual Report

Commissioner for Data Protection in Ireland, Helen Dixon, published the Irish Data Protection Commission’s Annual Report for 2020.

EDPS Podcast: Final Episode - Democratic Societies In the Digital Age

EDPS Podcast: Final Episode - Democratic Societies In the Digital Age

Technology is constantly evolving and every second it passes its evolving even faster and their impact on our societies is getting greater. That is why on this third and last episode of the podcast series "Democratic Societies in the Digital Age", organized by the EDPS and EDPB trainees, we look at "Emerging Technologies and Future Challenges".

One Way Tables - protecting data in relational databases

One Way Tables - protecting data in relational databases

One of the potential downsides of relational data is the ease at which data can be related in both directions. A simple search of the table below will reveal no only if a known customer has COVID but a list of all COVID positive customers.

CONTRIBUTE

Have an interesting article, book, video, podcast or other data protection or privacy resource that you would like to share with fellow privacy practitioners? Feel free to drop me a note.