KISA publishes IoT guidelines

(Feb 20, 2020) The Korea Internet & Security Agency has published a set of guidelines for data that is processed through internet-of-things devices. The guidelines recommend privacy-by-design principles to manufacturers as they create IoT devices. It also includes 10 tips for when data is processed, including ensuring only necessary personal data is used for the service, adhering to all compliance requirements and being transparent when sharing data with third parties. (Original article is in Korean.)Full ... Read More

Schrems' group files GDPR complaint against Amazon

(Feb 20, 2020) Advocacy group NOYB, started by Austrian privacy activist Max Schrems, has filed a complaint against Amazon to Germany's Hessian Supervisory Authority over violations of the EU General Data Protection Regulation. NOYB claims the absence of basic encryption on Amazon's email servers breaks GDPR security rules. The complaint could be sent to Luxembourg's National Commission for Data Protection, which is Amazon's EU data protection authority.Full Story... Read More

Op-ed: India's encryption battle a preview for global fight

(Feb 14, 2020) In "The Interface" op-ed series for The Verge, Silicon Valley Editor Casey Newton writes about the developing encryption battle currently taking place in India and how it may have a trickle-down effect across the globe. Newton explains the Indian government is on the verge of banning encryption with rules that "would force tech platforms to cooperate continuously with government requests." Newton adds, "Threats to privacy are multiplying faster than tech or society can deal with them. In such a ... Read More

CIA read foreign government's encrypted communications

(Feb 13, 2020) Crypto AG, a Swiss firm that was believed to have kept its clients' government communications secret for more than half a century, was secretly owned by the U.S. Central Intelligence Agency in a partnership with West German intelligence, The Washington Post reports. The agencies rigged the company’s devices to break the codes that its clients — including Iran, India and Pakistan — used to send encrypted messages. “It was the intelligence coup of the century,” a classified CIA history of the oper... Read More

1.26M Danish citizens have ID numbers exposed

(Feb 11, 2020) ZDNet reports a five-year software error allowed open access to the identification numbers of 1.26 million Danish citizens. A bug inserted onto the login for the Danish tax administration's official self-service portal helped collect citizens' identification numbers. The Danish Agency for Development and Simplification, which discovered the error during an audit, said there was no danger for potential cases of fraud, adding the data "most likely" was only collected by a pair of analytics compani... Read More

DOJ charges Chinese hackers for 2017 Equifax breach

(Feb 10, 2020) The U.S. Department of Justice has announced four members of the Chinese People’s Liberation Army have been charged in relation to the 2017 Equifax data breach. The charges include computer fraud, economic espionage and wire fraud related to their unauthorized access to the Equifax database containing the personal information of at least 145 million Americans. "This was a deliberate and sweeping intrusion into the private information of the American people," U.S. Attorney General William Barr sa... Read More

App leaks information on 6.45M Israeli voters

(Feb 10, 2020) A system error on the election-management app Elector has exposed the entire Israeli voter registry, which contains the personal information of more than 6.45 million Israeli citizens, Haaretz reports. The Likud Party uploaded the registry to Elector, which its parent company, Feed-b, said experienced a "one-off incident that was immediately dealt with." The registry contained the full names, identity card numbers and addresses of all voters.Full Story... Read More

OCIE releases cybersecurity, resiliency observations

(Feb 7, 2020) The U.S. Securities and Exchange Commission's Office of Compliance Inspections and Examinations published its conclusions from an examination of market participants' cybersecurity and operational resiliency tactics. The observations highlight specific practices organizations use to safeguard and respond to events in five areas, including governance and risk management, access rights and controls, and data loss prevention. “We felt it was critical to share these observations in order to allow org... Read More

Research: Insider breaches cost $11.45M annually

(Feb 7, 2020) A Proofpoint cybersecurity study has revealed organizations across the globe spend $11.45 million per year on average in remediation costs related to insider data breaches. The study, commissioned by the Ponemon Institute and co-sponsored by IBM, included responses from nearly 1,000 IT and security practitioners from North America, Europe, the Middle East, Africa and Asia-Pacific region. The remediation costs are up 31% percent from 2018, and more than 60% of respondents said incidents were the ... Read More

Navigating the IAPP's 'CCPA Rights and Obligations Tool'

(Feb 6, 2020) The Westin Research Center released a tool to help IAPP members understand the California Consumer Privacy Act. The “CCPA Rights and Obligations Tool” organizes the act’s consumer rights and business obligations around the different phases of interaction with a consumer described in the act and is intended to help privacy professionals navigate the network of consumer rights, business obligations that flow from those rights, and independent obligations placed on a business that comprise the CCPA... Read More