Hong Kong protesters use anti-surveillance measures to evade tracking

(Jun 17, 2019) Demonstrators in Hong Kong are using a number of methods to evade surveillance tracking during recent protests, The Washington Post reports. Protestors have deleted their Chinese phone apps and are using secure digital messaging apps, like Telegram, to plan meetups. They have also gone analog by using cash to pay for purchases, buying single-ride subway tickets instead of prepaid stored-value cards and buying pay-as-you-go SIM cards. Protestors are wearing masks to protect their identity from CC... Read More

APEC adds new US accountability agent for CBPR certifications

(Jun 14, 2019) The Asia-Pacific Economic Cooperation is set to boost the status of its Cross-Border Privacy Rules program in the U.S. APEC has announced that certification firm Schellman & Company is the newest CBPR accountability agent in the U.S. following approval from a joint oversight panel. Accountability agents work to ensure companies operating within the 21 APEC member economies have compliant privacy practices and policies in place. Schellman joins TrustArc subsidiary TRUSTe as the only U.S.-base... Read More

Telegram app accuses China of cyberattack

(Jun 14, 2019) Encrypted messaging app Telegram said it was the target of a cyberattack originating from China, The Hill reports. The attack occurred at the same time protests were taking place in Hong Kong over a bill that would extradite people to mainland China. Telegram Founder and CEO Pavel Durov said that every major distributed-denial-of-service attack it has experienced “coincided in time with protests in Hong Kong.” While service was disrupted, Durov said Telegram’s encryption was not affected during ... Read More

Notes from the Asia-Pacific region, 14 June 2019

(Jun 13, 2019) Hello, privacy pros! This week brought some enforcement actions in the region with Hong Kong’s Office of the Privacy Commissioner for Personal Data concluding its investigation in into Cathay Pacific’s October 2018 data breach, which affected the records of more than 9 million passengers. The PCPD’s report was critical of the airline’s data governance and has ordered it to appoint an independent expert to improve security, among other areas noted for improvement. Singapore’s Personal Data Prote... Read More

Data security risk forces Indian state government to put insurance scheme on hold

(Jun 13, 2019) Government officials in Kerala have halted the rollout of its new Medical Insurance Scheme for State Employees and Pensioners after discovering a major security vulnerability, HuffPost India reports. The security issue involves possible improper access to the system after the login information for the scheme’s nodal officer was distributed to all health department staff. Anyone with access to the credentials has the ability to view and change the information in the system. "As per my knowledge, ... Read More

Increased use of facial recognition in China poses privacy risks

(Jun 13, 2019) China is enjoying the benefits and simplification brought forth by the growing use of facial-recognition technology, but such booming growth also comes with privacy concerns, The Straits Times reports. As the technology evolves, it is becoming more invasive and collecting more data, leading Chinese legal analysts to believe improved legislation is necessary to regulate the growth. Acting on regulation now could be crucial as further expansion of facial-recognition tech is on the horizon. Shenzhe... Read More

Singapore PDPC hits transportation app with $16K fine over data breach

(Jun 13, 2019) Booking app Grab has been fined $16,000 by Singapore's Personal Data Protection Commission for exposing customer information in marketing emails. In December 2017, GrabCar leaked the names and mobile numbers of customers in 120,747 marketing messages. Grab said the compromise was caused by an error that occurred while compiling customer data from its databases. The PDPC fine came along with criticism of Grab's lack of safeguards that would have detected the issues that led to the breach. In a se... Read More

Sydney among cities to sign global initiative supporting digital rights

(Jun 13, 2019) ZDNet reports Sydney is one of 26 cities, and the only one in Australia, to sign the Cities Coalition for Digital Rights, which seeks to protect, promote and monitor the digital rights of residents and visitors. The initiative was started by New York City, Amsterdam and Barcelona. With looming concerns about the growth of unregulated surveillance practices in Australia, Digital Rights Watch invited more than 400 councils across the country to support the declaration. "Australians expect to be ab... Read More

The 'missing women' in data protection reporting

(Jun 13, 2019) Virtually everything we do these days is recorded digitally. Like this, share this, pay here — all these actions are stored as data, combined, analyzed and built into profiles whether we are aware of this or not. Some is data we supply, some is data collected about us, and some is data generated about us. In the midst of all this data, it can come as a surprise to learn there are gaps. A case in point is data on women, or rather, the absence of data about women. Caroline Criado-Perez in "Invisi... Read More

Global News Roundup — June 3–10, 2019

(Jun 10, 2019) In this week's Privacy Tracker global legislative roundup, take a look at the IAPP's recently released "CCPA Amendment Tracker," which helps privacy professionals keep track of the legislative activity leading up to the implementation of the California Consumer Privacy Act. Also in the U.S., New York and Maine both passed privacy laws, while University of Maine School of Law Student Hawah Ahmad, CIPP/E, offered an analysis of Nevada Senate Bill 220. Regulators in China seek requirements for comp... Read More