Command Control cybersecurity summit comes to Munich March 3–4

(Dec 13, 2019) Command Control, Europe's cybersecurity summit, will be held March 3 and 4, 2020, in Munich, Germany. The summit will feature discussions on a variety of cybersecurity topics, including global trends and new regulations, while offering information for companies on global, company-specific and individual scales. More than 50 speakers, including Cambridge Analytica whistleblower Brittany Emperor, will be on hand for presentations and discussions. (Original article is in German.)Full Story... Read More

Pager systems across Canada may be sending unencrypted patient info

(Dec 13, 2019) The privacy researcher who discovered the paging system used by Vancouver Coastal Health Authority broadcasted sensitive patient information without encryption believes it is an issue across the country, CTVNews.ca reports. “I wouldn’t be surprised to find this everywhere in Canada,” Jamie Lewis said. The Office of the Information and Privacy Commissioner for British Columbia began an investigation into the breach. In an email sent to authorities across the province, the agency said similar occu... Read More

Desjardins CEO: Employee behind breach had access to credit card data of 1.8M people

(Dec 13, 2019) Desjardins CEO Guy Cormier said the employee behind its data breach that affected the personal data of 4.2 million members also had access to the credit card data of 1.8 million people, The Canadian Press reports. "I want to be clear: nothing tells us that this data has been stolen," Cormier said. "It is only preventive that Desjardins wants to warn people." Cormier added the credit card customers will receive the same protections offered to the Desjardins members affected by the breach.Full Sto... Read More

Pharmaceutical companies acquire NHS patient data

(Dec 12, 2019) The Guardian reports the U.K. Department of Health and Social Care has struck deals to send National Health Service patient data to several pharmaceutical companies for research purposes. The companies paid up to 330,000 GBP to acquire the anonymized data. Privacy advocates have argued the deals lack transparency on what data is being transferred. "Patients should know how their data is used. There should be no surprises. While legitimate research for public health benefit is to be encouraged, i... Read More

NSW Supreme Court approves privacy settlement

(Dec 12, 2019) Australasian Lawyer reports the Supreme Court of New South Wales has accepted a $275,000 settlement in a privacy class-action suit regarding a NSW Ambulance Service data breach. The case involved an Ambulance Service contractor accessing and selling the personal compensation information of 130 employees, including lead plaintiff Tracy Evans. "You can’t put [a] price on what has been learned and gained by engagement in the process of challenging this privacy breach," Evans said. "We need to be su... Read More

NZ privacy commissioner publishes annual report

(Dec 12, 2019) The Office of the Privacy Commissioner released its annual report on New Zealand's privacy efforts in 2019. Privacy Commissioner John Edwards wrote about the peaks and valleys the country saw as it relates to privacy while breaking down the office's activities and overall performance. Notably, Edwards discussed the continued progress on a new privacy bill. "The new legislation will be the most substantial change in New Zealand privacy regulation for more than 25 years and there will be considera... Read More

Australia to review Privacy Act with eye toward 2020 amendments

(Dec 12, 2019) The Sydney Morning Herald reports the Australian government plans to review the Privacy Act for reform, but updates aren't likely to occur until sometime next year. The review comes after the government previously announced its intentions to amend the country's privacy legislation last March. To shape potential reform, the government is planning consultations on the definition of personal information, increasing online platforms' obligations to notify users about data collection, requiring platf... Read More

Maryland's driver surveillance brings privacy concerns

(Dec 12, 2019) Surveillance practices used to track Maryland drivers and traffic are drawing the attention of privacy advocates, The Washington Post reports. The state uses three forms of traffic data collection, each of which collects different forms of driving data, including some personally identifiable information, with varying data retention limits. "I don’t think it’s really an issue of whether you have privacy in a particular moment in time," Electronic Frontier Foundation Senior Investigative Researche... Read More

ENISA publishes report on pseudonymization

(Dec 11, 2019) The European Union Agency for Cybersecurity has released "Pseudonymisation Techniques and Best Practices," a report that explores how to shape technology in accordance with data protection and privacy provisions. The report discusses how data protection, utility, scalability and recovery each carry potential influence on implementing pseudonymization techniques. Specific case use, including IP addresses, email addresses and complex datasets, are explored, as well. "One of the main outcomes of th... Read More

German DPA fines telecom 9.55M euros for GDPR violation

(Dec 10, 2019) Germany's Federal Commissioner for Data Protection and Freedom of Information, the BfDI, announced telecommunications provider 1 & 1 Telecom has been fined 9.55 million euros for violations of the EU General Data Protection Regulation. The BfDI found 1 & 1's data security measures to prevent unauthorized access to customer information were not in line with the GDPR. In response to the decision, 1 & 1 announced plans to sue the DPA and characterized the fine as "absolutely disproporti... Read More