US lawmakers seek to curb warrantless device searches at the border

(May 24, 2019) U.S. Sens. Ron Wyden, D-Ore., and Rand Paul, R-Ky., introduced the Protecting Data at the Border Act, which would require federal agents to obtain a warrant before searching the personal devices of U.S. residents crossing the border, Nextgov reports. Rep. Ted Lieu, D-Calif., introduced a companion bill in the House of Representatives. Currently, Customs and Border Protection can search devices without a warrant or probable cause. If the legislation is enacted, agents would have to obtain “a vali... Read More

NPC investigating 48 lending companies

(May 23, 2019) The National Privacy Commission is investigating 48 lending companies after receiving 485 complaints of harassment, the Manila Bulletin reports. Borrowers allege they were publicly shamed when the lenders notified their contacts regarding unpaid loans. The companies, which are not publicly identified, are charged with inappropriate use of the borrower’s information, as well as sharing financial information with other people. If found responsible, the lenders may face a temporary or even permanen... Read More

Australian man wins landmark privacy case against employer

(May 23, 2019) Jeremy Lee from Queensland, Australia, won a landmark case against his employer after he was fired for refusing to use his fingerprint to clock in and out of work. He sued for unfair dismissal and claimed his right to deny consent to the use of his biometric data was protected under the country’s Privacy Act. The court overruled an earlier decision that the company’s fingerprinting policy was reasonable. The upper court ruled that Lee is the owner of his biometric data and the dismissal was unfa... Read More

Messages show 42K Irish Facebook accounts were hacked in 2018 breach

(May 23, 2019) reports emails exchanged between Irish Communications Minister Richard Bruton and Facebook following a breach of the social network last September have revealed that more than 42,000 Irish accounts were compromised. After initially reporting 10% of the breach involved Irish users, Facebook reported to Bruton that the original estimate was wrong but did not make the final numbers public. Hackers had access to contact information of more than 20,000 Irish accounts, while some of thos... Read More

Bipartisan lawmakers say time to hit 'pause' on facial-recognition tech

(May 23, 2019) At a hearing in front of the U.S. House Committee on Oversight and Government Reform, advocates and academics strongly urged lawmakers to immediately act to rectify what they called a dangerous problem for U.S. citizens: the use of facial-recognition technology by both law enforcement agencies and private corporations. Lawmakers on both sides of the aisle indicated support for a ban or moratorium on facial-recognition technology until laws can be enacted to regulate its use and the software itse... Read More

Company says its AI can determine whether online user is a child

(May 23, 2019) SuperAwesome, a company that aims to develop safer internet products for children, tells NBC News that it has been testing artificial intelligence on more than 300 indicators that can determine if a child is browsing a website. If the system identifies the user as a child, the company can trigger additional privacy controls that prevent the collection of browser information and personal data. These additional controls eliminate the need for a checkbox to verify age and allows the site to remain ... Read More

Singapore updates guidelines for data breach notifications

(May 22, 2019) ZDNet reports Singapore is making changes to its data breach notification guidelines as part of the upcoming amendment to its Personal Data Protection Act. The updates call for organizations to complete data breach investigations within 30 days of its discovery and then take no more than 72 hours to report the incident to the Personal Data Protection Commission following its examination. The changes, which will be reviewed and updated when necessary, also call for businesses to report breaches t... Read More

Millions of personal data records exposed

(May 22, 2019) Millions of records from the Game Golf app, including “134 million rounds of golf, 4.9 million user notifications and 19.2 million records in a folder called ‘activity feed,’” were exposed on an unprotected server, Security Discovery Senior Security Researcher Jeremiah Fowler told Threatpost. The app analyzes players while they’re on the golf course, offers tips and has chat capability. Compromised information included profile data, such as usernames, passwords and emails, in addition to Faceboo... Read More

Trump administration considers 'blacklisting' Chinese surveillance company

(May 22, 2019) The New York Times reports the Trump administration is considering placing limits on Hikvision, one of the world’s largest surveillance firms, from buying American technology. This would place Hikvision on a U.S. blacklist. Hikvision products track people around the country using facial recognition and body characteristics. Officials also use the technology to monitor unusual activity, such as crowds. If finalized, American companies would need government approval before selling components to Hi... Read More

Open database exposes information of 49M Instagram users

(May 21, 2019) TechCrunch reports more than 49 million Instagram accounts belonging to influencers, celebrities and brands were breached due to an open database owned by Mumbai-based social media firm Chtrbox. The data scraping mostly involved account features and details, such as profile pictures, biographies and number of followers, but user email addresses and phone numbers were exposed, as well. “We’re looking into the issue to understand if the data described — including email and phone numbers — was from... Read More