fbpx

Download free GDPR compliance checklist!

Category Archives for "Security"

EDPB Publishes Guidelines on Examples regarding Data Breach Notification

On January 18, 2021, the European Data Protection Board released draft Guidelines 01/2021 on Examples regarding Data Breach Notification.

The Guidelines aim to assist data controllers in deciding how to handle data breaches, including by identifying the factors that they must take into account when conducting risk assessments to determine whether a breach must be reported to relevant supervisory authorities and/or the affected data subjects.

Source: EDPB Publishes Guidelines on Examples regarding Data Breach Notification | Privacy & Information Security Law Blog

How Law Enforcement Gets Around Your Smartphone’s Encryption

New research indicates governments already have methods and tools that, for better or worse, let them access locked smartphones thanks to weaknesses in the security schemes of Android and iOS.

Cryptographers at Johns Hopkins University used publicly available documentation from Apple and Google as well as their own analysis to assess the robustness of Android and iOS encryption.

Full article: How Law Enforcement Gets Around Your Smartphone’s Encryption | WIRED

India just had the Biggest Medical Records Breach Ever

In a data breach unprecedented in its scale in India, a large multi-speciality private hospital in Kerala had its complete patient records from the last five years—involving hundreds of thousands of test results, scans, prescriptions, etc—leaked on the internet, all of it searchable by a unique patient ID.

This breach potentially involved several gigabytes of patient data—if not terabytes—documented in many hundreds of thousands of separate files. Most of these medical records included patient names, email addresses and/or phone numbers.

It remains unclear how many weeks or months (or years) these records remained in the public domain.

Source: Data, Privacy, Pandemic: India just had the Biggest Medical Records Breach Ever | ORF

BA facing potential ‘£800m’ lawsuit over data breach

British Airways (BA) is potentially facing the largest privacy class-action lawsuit in UK history over its mass customer data breach that affected 400,000 people, according to a law firm involved.

More than 16,000 people are now understood to have joined a case seeking compensation from the airline over the 2018 incident. PGMBM, the law firm representing the claimants, says each claimant could claim £2,000 each, bringing the total to more than £800m.

Source: BA facing potential ‘£800m’ lawsuit over data breach

WhatsApp, Signal, Telegram and iMessage: Choosing a Private Encrypted Chat App

Two apps—Signal and Telegram—are currently the No. 1 and No. 2 free app downloads in Apple’s App Store and Google’s Play Store. Millions of users flocked to the chat apps in recent weeks, according to data from Apptopia and Sensor Tower. There are a few factors behind the surge.

One is concern over a privacy-policy update for the Facebook Inc.-owned WhatsApp. (After the initial publication of this article, the company delayed the policy update until May 15.) Meanwhile, the deplatforming of President Trump from prominent social networks following the U.S. Capitol riot has driven people to seek communication tools without moderators and external visibility.

Source: WhatsApp, Signal, Telegram and iMessage: Choosing a Private Encrypted Chat App – WSJ

Google Smart Speakers Offer Guest Mode for Privacy

Google smart speakers are getting a new setting that will allow consumers to significantly boost the privacy of their devices using voice commands, instead of having to sort through menus on the Home app.

The new setting, called Guest Mode, limits the device’s ability to collect data about users’ interactions with Google Assistant on the speaker, while retaining most of the popular functionality, including the option to field questions, play music, set timers, and control smart home devices.

Source: Google Smart Speakers Offer Guest Mode for Privacy – Consumer Reports

Amazon’s Ring Neighbors app exposed users’ precise locations and home addresses

Ring, the video doorbell and home security startup acquired by Amazon for $1 billion, launched Neighbors in 2018 as a breakaway feature in its own standalone app. Neighbors is one of several neighborhood watch apps, like Nextdoor and Citizen, that lets users anonymously alert nearby residents to crime and public-safety issues.

While users’ posts are public, the app doesn’t display names or precise locations — though most include video taken by Ring doorbells and security cameras. The bug made it possible to retrieve the location data on users who posted to the app, including those who are reporting crimes.

Source: Amazon’s Ring Neighbors app exposed users’ precise locations and home addresses | TechCrunch

Vaccine passports: what are they and do they pose a danger to privacy?

Vaccine passports, which would allow people with immunity to Covid to prove they were at low risk of spreading the disease, are being investigated by companies and countries around the world. But the proposals have also raised fears among critics that they could underpin an oppressive digital ID system, and put sensitive medical records in the hands of authorities and employers.

Despite the name, a vaccine passport is not a piece of paper; instead, in the most developed versions of the idea, it is an app or similar system that can prove the bearer has been vaccinated, tested positive for Covid antibodies, or recently received a negative test. There would be no need to build and operate a privacy violating centralised database.

Source: Vaccine passports: what are they and do they pose a danger to privacy? | Society | The Guardian

German police take down ‘world’s largest darknet marketplace’

A German-led police sting has taken down the “world’s largest” darknet marketplace, whose Australian alleged operator used it to facilitate the sale of drugs, stolen credit card data and malware.

At the time of its closure, DarkMarket had nearly 500,000 users and more than 2,400 vendors worldwide, as the coronavirus pandemic leads much of the street trade in narcotics to go online.

Source: German police take down ‘world’s largest darknet marketplace’

Facebook’s EU-US data transfers face their final countdown

Ireland’s Data Protection Commission (DPC) has agreed to swiftly finalize a long-standing complaint against Facebook’s international data transfers which could force the tech giant to suspend data flows from the European Union to the US within in a matter of months.

The DPC has made the commitment to a swift resolution of Schrems’ complaint now in order to settle a judicial review of its processes which noyb, his privacy campaign group, filed last year in response to its decision to pause his complaint and opt to open a new case procedure.

Source: Facebook’s EU-US data transfers face their final countdown | TechCrunch

1 2 3 136
>