Dear friends,
Wishing you all a very Happy Holi (spring festival of colors) from India!
Data breaches in the health care sector have rocked Singapore in the past few months. Recently, the data of nearly 800,000 blood donors was allowed public access by a Health Sciences Authority vendor for more than two months. Globally, enterprise security is not as mature compared to other sectors but is slowly transitioning from a function of compliance to incorporating a culture of data protection. This raises other important questions that the privacy community needs to consider: Do security practices that aid privacy protection require constant reassessment in specific sectors that process sensitive personal information? Should organizations that focus on detailed technological reviews as part of privacy perform a gap assessment? Could repeated breach issues instigate regulators to act tough on organizational callousness toward data protection? Surely, it has triggered discussions.
Shocking terror attacks globally have jolted world peace into a state of disarray in the past few months. Live streaming an act of terrorism in Christchurch raised questions from all stakeholder groups. The Executive Committee of the International Conference of Data Protection and Privacy Commissioners joined New Zealand Privacy Commissioner John Edwards in expressing concern around live streaming of such acts and the need for online platforms to do more to protect the privacy and dignity of users.
The High Court of State of Karnataka in India reminded the press that covering of matrimonial court proceedings does not serve public at large but intrudes personal space of individuals, and such information should not be published or telecast. It added that the public at large has no fundamental or legal right to get any information or intrude into the personal lives of other individuals. This warrants a timely revisit of the famous “The Right to Privacy” paper by Samuel Warren and Louis Brandeis published in 1890 and widely considered the idea behind how we conceive modern privacy.
Facebook also made privacy news again when an internal investigation revealed that millions of password of users were stored in clear text. Facebook mentioned that it found "no evidence to date" on any staffer improperly accessing such passwords and will notify all impacted users. While organizations storing passwords in clear text isn’t truly a revelation for the community, could it lead to more granular regulations? Could regulators be forced to issue explicit guidelines requiring that information such as passwords that give access to other sensitive information be mandatorily encrypted across layers? Is that the direction we are heading into, given that regulations banning the use of default passwords are already here?
Thank you, friends!
Best,
Rahul