Chinese law appears to have international data access implications

(Mar 28, 2017) A provision in a September 2016-released supplement to China's Criminal Procedure Law could authorize Chinese law enforcement to access and remotely "inspect" data from anywhere in the world, according to a Lawfare blog post. "Remote network inspections are helpfully defined, in Article 29, as 'investigation, discovery, and collection of electronic data from remote computer information systems related to crime through the Internet,'” the post states. Such investigations are to be held to “strict... Read More

Theft potentially compromises data of 3.7M Hong Kong voters

(Mar 28, 2017) The data of 3.7 million Hong Kong voters has been potentially compromised after a Registration and Electoral Office said two laptops were missing from a locked room in its backup voting venue, the South China Morning Post reports. The compromised information could include voters' ID card numbers, mobile phone numbers, and addresses, as well as data on the 1,200 electors who voted in favor of Carrie Lam Cheng Yuet-ngor, Hong Kong's newly elected chief executive. A spokesman from the Office of the... Read More

Roundup: EU, Israel, US and more

(Mar 27, 2017) Last week the European Parliament’s civil liberties, justice and home affairs committee narrowly voted to support a resolution declaring the EU-U.S. Privacy Shield inadequate. Israel’s Parliament passed data security regulations setting forth detailed requirements for data controllers and processors in both public and private sectors. In the U.S., the Senate voted 50-48 to overturn the Federal Communications Commission’s broadband privacy rules; Sens. Ed Markey, D-Mass., and Richard Blumenthal, ... Read More

Global News Roundup — March 20 - 27, 2017

(Mar 27, 2017) Last week the European Parliament’s civil liberties, justice and home affairs committee narrowly voted to support a resolution declaring the EU-U.S. Privacy Shield inadequate. Israel’s Parliament passed data security regulations setting forth detailed requirements for data controllers and processors in both public and private sectors. In the U.S., the Senate voted 50-48 to overturn the Federal Communications Commission’s broadband privacy rules; Sens. Ed Markey, D-Mass., and Richard Blumenthal, ... Read More

Notes from the iappANZ, 24 March 2017

(Mar 23, 2017) Three themes this week: transparency, creepiness and testing the veracity of the old Norwegian saying that the “Fish rots from the head down.” Starting with this top down problem, it has been an awkward week in Canberra. The Department for Parliamentary Services appears to have breached the Australian Privacy Principles and released personal information of former prime ministers and MPs. Apparently Julia Gillard, John Howard, and Paul Keating were among those affected. Google has been called to... Read More

Sexual violence victims removed from data collection program

(Mar 23, 2017) After criticism, the Ministry of Social Development said it will not collect the information of sexual violence victims for the first year of a new data collection scheme measuring the effectiveness of agency-funded programs, Stuff reports. New Zealand Privacy Commissioner John Edwards was reviewing this policy, the report states. While a manager from Marlborough Women's Refuge said she was pleased that the government had rethought elements of the policy, she also expressed concerns over potenti... Read More

Australian privacy commissioner to host international privacy conferences

(Mar 23, 2017) Australian Information and Privacy Commissioner Timothy Pilgrim will host the Data + Privacy Asia Pacific conference in Sydney this July. The one-day, international conference on July 12, "will feature a diverse program of international speakers and leading privacy and cybersecurity experts from the public and private sectors,” Pilgrim said. He added that the conference is expected to draw more than 300 delegates. Additionally, Pilgrim will host a two-day gathering of the Asia Pacific Privacy Au... Read More

2.2M customers leaked in potential McDonald's India breach

(Mar 23, 2017) McDonald's India, which is operated by franchisees, has encouraged users to update its McDelivery app as a "precautionary measure" after the operation discovered it was leaking the data of more than 2.2. million customers, CIO reports. The data in question includes names and both email and home addresses, among the information, but the operation said no financial data was compromised. It also did not confirm or deny a breach, the report states. Fallible, which discovered the leak, added that McD... Read More

Op-ed: Chinese government must create national standard on privacy

(Mar 21, 2017) In an op-ed for Bloomberg View, Adam Minter contends that China must start placing an increased emphasis on privacy if it wants to continue to innovate technologically and increase its companies' international presence. According to new data, arrests from stolen personal information continues to rise. However, "the good news is that a consensus is growing in China that the problem must be addressed," he writes. Solutions must come from the government, like a national standard on privacy and syst... Read More

Roundup: Japan, New Zealand, US and more

(Mar 20, 2017) The Cayman Islands are once again considering a data protection bill — an effort that has failed twice before. Japan’s Supreme Court ruled that police use of GPS devices without a warrant is illegal. New Zealand’s customs head may get new powers to share citizen data with amendments to a customs law, and Privacy Commissioner John Edwards has proposed amendments to the country’s Privacy Act 1993. Germany’s Parliament has approved amendments to the Federal Data Protection Act. And in the U.S., the... Read More