Swiss DPA yet to be contacted over Facebook's Libra project

(Jul 17, 2019) In a hearing held before the U.S. Senate Committee on Banking, Housing, and Urban Affairs, Facebook Head of Calibra David Marcus said the Swiss Federal Data Protection and Information Commissioner will be the regulator of the tech company’s Libra cryptocurrency. In response to Marcus’ statement, FDPIC Head of Communication Hugo Wyler said Facebook has yet to contact the agency. “We expect Facebook or its promoters to provide us with concrete information when the time comes,” Wyler said. “Only th... Read More

Millions affected by Bulgaria's largest data breach ever

(Jul 17, 2019) Bulgarian Finance Minister Vladislav Goranov has confirmed that millions of citizens potentially had their financial data stolen by hackers in a recent breach, Reuters reports. A self-proclaimed Russian hacker with access to the stolen data told media outlets that 110 databases that combined to hold the information of nearly 5 million Bulgarians were compromised. “To the best of my knowledge, this is the first publicly known major data breach in Bulgaria,” Bulgarian Academy of Sciences Assistant... Read More

China's privacy policy potentially stricter with proposed changes

(Jul 16, 2019) MediaPost reports there are proposed revisions to China's Personal Information Security Specification that would prohibit data collection for contractual purposes. The proposal requires prior consent for such collection to take place, and the changes reportedly make China's policy more stringent than the EU General Data Protection Regulation. "[U.S. or EU] companies doing business in China will not be able to rely on having entered into contracts with Chinese citizens to process their data," Har... Read More

Australian financial software provider endures breach following 'glitch'

(Jul 11, 2019) MYOB, an Australian financial software manufacturer, endured a system malfunction that sent 220 pay summaries to the wrong person, iTnews reports. MYOB's automated system suffered a "glitch" that resulted in instances of one worker's summary being sent to a colleague instead. "We immediately switched off all outgoing payment summary emails to ensure no further incidents occurred, worked methodically to both rectify the glitch and check the emails in the backlog to ensure no further errors," MYOB... Read More

Former UK company director fined for data breaches that helped profit 1.4M euros

(Jul 3, 2019) The U.K. Information Commissioner's Office has announced it is fining a former company director for profiting from the sale of illegally obtained personal data to solicitors. The data obtained by David Cullen and his organization was used to pursue personal injury claims, which helped Cullen accumulate a profit of approximately 1.4 million euro. "The volume of confidential personal information found in Cullen’s possession showed his blatant disregard of people’s right to privacy and our data pro... Read More

Dutch DPA: Banks cannot use financial data for targeted ads

(Jul 3, 2019) The Dutch data protection authority, the Autoriteit Persoonsgegevens, announced banks cannot use financial data for targeted advertising, DutchNews.nl reports. The guidance comes after a bank changed its privacy policy to state it will use payment information for direct marketing offers. The AP said it has decided to offer a warning to the industry after it has seen other banks conduct similar efforts. “Payment details really give a complete picture of someone’s life: where you spend your money,... Read More

Singapore insurance company fined SG$10K over breach

(Jun 27, 2019) Insurance Business Asia reports Singapore-based insurance company AIA has been fined SG$10,000 by the Personal Data Protection Commission for a recent data breach. AIA was sending out insurance plan notices to 245 customers, but a mailing error sent all the letters to just two people. The flood of letters contained the personal information of other customers. Full names, policy numbers, premium amounts and due dates of the intended recipients were all revealed in the letters. In a statement, the... Read More

OAIC hits CBA with court-enforceable undertaking after data protection shortcomings

(Jun 27, 2019) The Office of the Australian Information Commissioner is imposing a court-enforceable undertaking on the Commonwealth Bank of Australia that asks them to "substantially improve" privacy practices, ZDNet reports. The OAIC's order for improvements comes after CBA exposed the customer statements of 20 million people in May 2016. The OAIC also cited another incident of CBA mishandling data from last August when the bank was found to have inadequate internal access controls to customer data. "Our inq... Read More

NAB data architecture to feature consumer privacy rights

(Jun 27, 2019) National Australia Bank has announced it is bolstering its privacy policies and standards while updating its data architecture, iTnews reports. The bank is using the EU's "high-water benchmark" for data privacy as it goes about adding consumer privacy rights, but that point of reference comes with challenges. “The high-water benchmark is in Europe with [the EU General Data Protection Regulation]," NAB Chief Data Officer Glenda Crisp said. "Under GDPR, a person has the right to be forgotten. So w... Read More

EU banks working to boost revenue through data mining

(Jun 21, 2019) Reuters reports EU banks are trying to catch up to big tech companies in the monetization of the data they collect. JPMorgan, HSBC and Barclays are among those trying to close the gap by using tactics such as extracting and analyzing data for stock predictions, marketing partnerships and expedited credit decisions. “We are now seeing some amazing uses of data in banking, and the reason is pretty simple: they know their clients better than anyone, they have a name and address, information about w... Read More