fbpx

Download free GDPR compliance checklist!

Tag Archives for " sensitive data "

Human error reveals personal data of 18,000 Welsh Covid-19 sufferers

Public Health Wales yesterday announced a data breach involving the personally identifiable data of 18,105 people resident in Wales who had received a positive test for Covid-19.

In a statement, the health body attributed the incident to “individual human error”, whereby the data was mistakenly uploaded to a public server on 30 August, remaining searchable for 20 hours before its removal on the morning of 31 August.

Source: Human error reveals personal data of 18,000 Welsh Covid-19 sufferers

Popular fertility app Premom shared data without user consent

The popular fertility app Premom asks users to upload details about their sexual health to receive personalized, remote analysis to help predict how to get pregnant.

But Premom’s app for Android was also collecting a broad swath of data about its users and sharing it without their permission with three Chinese companies focused on advertising.

While many apps use third parties to collect analytics or target ads, IDAC researchers say Premom users had no way of opting out of this tracking by both the app and the third parties that received their data, which IDAC contends was a violation of Google’s rules.

Source: Popular fertility app Premom shared data without user consent, researchers say – The Washington Post

Cyprus DPA banns automated scoring of employee sick leaves

The Commissioner for Personal Data Protection (Cypriot SA) banned the processing and fined LGS Handling Ltd, Louis Travel Ltd and Louis Aviation Ltd (Louis Group of Companies) for a total amount of EUR 82,000.00, concerning the lack of legal basis of “Bradford Factor” tool, which was used to score sick leaves of employees.

The reasoning behind Bradford’s Factor automated system for scoring employees’ sick leave was that short, frequent, and unplanned absences lead to a higher disorganising of the company rather than longer absences.

Source: The Cypriot Supervisory Authority banned the processing of an automated tool, used for scoring sick leaves of employees, known as the “Bradford Factor’’ and subsequently fined the controller | European Data Protection Board

ICO concerned by mass health data-sharing with advertisers

The UK’s data regulator has expressed deep concerns over reports that some of the most popular health websites are sharing sensitive data with advertisers across the world.

The majority of prominent health websites embed tracking cookies in users’ browsers without explicit consent to allow third-party companies to track them while surfing the internet.

This data is then transmitted to a swathe of advertising platforms including Amazon and Facebook, with the majority of data sent to Google’s DoubleClick targeted ad platform. This includes information like medical symptoms, diagnoses, drug names and fertility information.

Source: ICO concerned by mass health data-sharing with advertisers | IT PRO

Lawmakers want to question Facebook about the privacy of groups

Lawmakers are looking to question Facebook about its privacy practices after allegations that the service revealed sensitive health information in groups.

Facebook has removed the ability to harvest that information, but it has denied that there was ever a security loophole, and has pointed to the option to create less discoverable “secret” groups. However, despite the change, personal information might be still too accessible by people within sensitive groups.

Source: Lawmakers want to question Facebook about the privacy of groups – The Verge

Businesses overconfident on how much consumers trust them to handle sensitive data

As cybersecurity concerns rise, a new report from CA Technologies reveals a disconnect between consumers and professionals when it comes to security.

Source: Businesses overconfident on how much consumers trust them to handle sensitive data – TechRepublic

Cypriot woman wins over state to hide religious record

Elena Milioti has become the first Cypriot citizen to remove her religious creed from state records. She disputed that this information was far too personal to be found on the state record and had it removed after a rigorous procedure.

Source: Cypriot woman wins over state to hide religious record | Neos Kosmos

Argentina court decision clarifies the concept of sensitive data

The Federal Court of Appeals on Civil and Commercial Matters has expanded the country’s already robust data protections by ruling that the context in which data is gathered and processed matters when determining if it should be considered sensitive data.

Read more: Argentina court decision clarifies the concept of sensitive data

The Guardian view on Grindr and data protection: don’t trade our privacy

The idea that people’s HIV status and physical location should be used by advertisers is unsurprising in the tech world and horrifying outside it. Outrage at this is justified.

Whether the users were at fault for excessive trust, or lack of imagination, or even whether they were at fault at all for submitting information that would let their potential partners make a better informed choice, as liberal ethics would demand, the next thing to scrutinise is the role of the company itself.

Source: The Guardian view on Grindr and data protection: don’t trade our privacy | Editorial | Opinion | The Guardian

Putting patient data on phones introduces new privacy and security concerns

The recent push from both Apple and the CMS to give patients more control of their own health data stands to boost patient engagement, which most in the industry consider a good thing. But moving data outside of the relatively safe confines of an electronic health record adds another layer of risk and vulnerability.

As more parties gain access to the data, more avenues for breaches open up, potentially jeopardizing not just information security but also patient privacy. Bad actors can now target not only EHR systems but also patients’ phones, where health data reside.

Source: Putting patient data on phones introduces new privacy and security concerns – Modern Healthcare

>