Colonial Pipeline: Attack Exposed Personal Data

Data Breach Today

Company Says Employees' Personal Data Compromised The ransomware attack that targeted Colonial Pipeline Co. in May compromised the personal information of more than 5,800 individuals, mainly current and former employees, according to a breach notification letter

Thailand’s Personal Data Protection Act Enters into Force

Hunton Privacy

On June 1, 2022, Thailand’s Personal Data Protection Act (“PDPA”) entered into force after three years of delays. The PDPA mirrors the EU General Data Protection Regulation (“GDPR”) in many respects.


Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

COVID-19 Vaccine Documents, Personal Data Leaked

Data Breach Today

Information Stolen From European Medicines Agency Documents on COVID-19 vaccines and medications - including some containing personal information - that were stolen in a cyberattack last month on the European Medicines Agency have been leaked on the internet

Feds Seize Domains Dealing Stolen Personal Data

Dark Reading

and two related domains let users search data stolen in more than 10,000 different breaches

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

India: Government withdraws long-awaited Personal Data Protection Bill

DLA Piper Privacy Matters

On 3 August, the Indian Central Government withdrew the Personal Data Protection Bill, 2019 ( PDP Bill ).

GUEST ESSAY: 5 tips for ‘de-risking’ work scenarios that require accessing personal data

The Last Watchdog

Working with personal data in today’s cyber threat landscape is inherently risky. It’s possible to de-risk work scenarios involving personal data by carrying out a classic risk assessment of an organization’s internal and external infrastructure. Setting up security contours for certain types of personal data can be useful for: •Nullifying threats and risks applicable to general infrastructural components and their environment. Randomizing data.

Over-Retention of Personal Data

Data Protection Report

The declining cost of electronic data storage may have caused some company executives to conclude that retaining personal data forever is “cheap.” The CNIL’s inspection included the insurer’s compliance with Section 5-1(e) of GDPR , which reads: Personal data shall be. (e)

Database May Have Exposed Instagram Personal Data

Data Breach Today

Email Addresses, Phone Numbers for 49 Million People Potentially Exposed There's been a potential leak of personally identifiable information from Instagram, but it's not clear yet whether the data on 49 million users came directly from the social media company.

Amazon Alexa ‘One-Click’ Attack Can Divulge Personal Data


Researchers disclosed flaws in Amazon Alexa that could allow attackers to access personal data and install skills on Echo devices. IoT Privacy Vulnerabilities amazon Amazon Alexa Data Privacy flaw personal data vulnerability

Recovering from a Cyber Attack

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

If your organization stores data and is connected to the Internet, it is not a matter of “if” a cyber-security incident will happen; but rather, “when” this will occur. Organizations protecting their data is no longer “recommended;” it’s necessary.

PageUp Breach: Personal Data Exposed

Data Breach Today

HR Software Provider Says Names, Addresses, Emails and Phone Numbers Exposed PageUp, an HR software developer based in Australia, is warning that malware-wielding attackers may have accessed a raft of personal data stored in the company's systems. The breach may be the largest to have hit Australia since its mandatory data breach notification law went into effect in February

NAB Apologizes After Breach of Personal Data

Data Breach Today

Australian Bank Says Customer Data Sent to Two Service Providers National Australia Bank says it is contacting 13,000 customers after personal account data was uploaded without authorization to two data service providers. The bank, which apologized, says the data has been deleted and was not disclosed further

GUEST ESSAY: How stricter data privacy laws have redefined the ‘filing’ of our personal data

The Last Watchdog

Europe’s General Data Protection Regulations (GDPR) changed the game. Legacy filing systems were not built to keep track of the personal data of specific individuals primarily to be in compliance with the many data protection regulations popping up around the world. This is an important capability for organizations who need to satisfy this new type data handling regulations. This is because the newer data protection regulations do not apply to old data.

CNIL Published Guidelines on Re-Use of Personal Data by Data Processors

Hunton Privacy

In the CNIL’s view, a data processor’s re-use of personal data for its own purposes results in its re-qualification into a data controller and may be subject to sanctions ( i.e. , for failure to act on the instructions of the controller).

Personal data of 1.3 million Clubhouse users leaked online

Security Affairs

An SQL database containing the personal data of 1.3 Researchers from Cyber News have discovered that the personal data of 1.3 million Clubhouse users was leaked online days after LinkedIn and Facebook also suffered data leaks. The post Personal data of 1.3

Brexit Preparation: Get Personal Data Flows in Order

Data Breach Today

teeters on the edge of a "no deal" Brexit, the country's information commissioner has warned businesses to prepare, saying that any organization that handles Europeans' personal data must ensure they have a legal transfer arrangement in place for continuing to do so Privacy Watchdog Orders Businesses to Prepare as UK Teeters on Edge of 'No Deal' As the U.K.

Hackers Leak Hundreds of German Politicians' Personal Data

Data Breach Today

Chancellor Angela Merkel Among the Victims of Massive Hack Attack and Data Leak Hundreds of members of the German parliament, Chancellor Angela Merkel as well as numerous local celebrities have had their personal details and communications stolen and leaked online as part of what authorities are calling an attack on the country's democracy and institutions

Singapore: Higher Fines for Breach of Personal Data Protection Act 2012 (PDPA) – up to 10% of Singapore Turnover

DLA Piper Privacy Matters

Given these higher financial penalties, organisations collecting, using or disclosing personal data in Singapore are recommended to carefully review their existing data protection programmes and processes to ensure compliance with the PDPA. of personal data); and.

GDPR personal data explained


The General Data Protection Regulation (GDPR), in force since May 25, 2018, requires businesses to protect the personal data and privacy of European Union (EU) citizens, for transactions that occur within EU Member States. What is personal data under GDPR?

T-Mobile data breach exposes millions of customers’ personal data

IT Governance

T-Mobile has said that it has been hit by a “highly sophisticated cyberattack” that compromised the personal data of more than 7.8 In a statement , it confirmed that the stolen data included US customers’ full names, dates of birth, Social Security numbers and ID information.

Las Vegas Students’ Personal Data Leaked, Post-Ransomware Attack


A researcher said he discovered an open data cache with names, grades, birthdates and more, after the Clark County School District refused to pay the ransom.

Personal Data Breach Notification – it's time to scrap the unfair rules that have been imposed on Communication Service providers

Data Protector

In August 2013 the European Commission introduced new rules to require Communication Service Providers to report all personal data breaches, no matter how minor, to local data protection regulators within 24 hours of the incident being detected [Art 2]. It’s time for the Data Protection and Digital Information Bill to be amended to abolish the old rules and require providers to adopt the data breach reporting rules that apply in all other sectors.

All it Takes is “Free” Beer to Steal Your Personal Data


A recent phishing scam impersonating the Heineken beer brand demonstrates how very little effort is needed by scammers to convince victims to give up all kinds of personal information. Phishing Data Breach

Thailand Personal Data Protection Law

Data Protection Report

The Personal Data Protection Act B.E. The PDPA is under the supervision of the Ministry of Digital Economy and Society and the main supervising authority of the PDPA is the Office of Data Protection Committee ( Office ). Definition of Personal Data. Background.

TikTok sued over its use of children’s personal data

IT Governance

TikTok is again being accused of illegally processing children’s personal data. She alleges that TikTok is violating the GDPR (General Data Protection Regulation) by collecting excessive data and failing to explain what it’s used for.

Pandemics and Personal Data

IG Guru

Jared Walker of Zasio writes a great blog post on Pandemics and Personal Data. The post Pandemics and Personal Data appeared first on IG GURU. Business Education GDPR IG News Information Governance information privacy Privacy Risk News Sponsored COVID-19 Europe Health Information HIPAA Italy Jared Walker Medical Information Pandemic Singapore Zasio

Italian Garante Fines Deliveroo 2.5M Euros for Unlawful Processing of Personal Data

Hunton Privacy

On August 2, 2021, the Italian Data Protection Authority ( Garante per la protezione dei dati personali , “Garante”) announced that it had levied a €2,500,000 fine on Deliveroo Italy s.r.l.

Cyberattackers Cook Up Employee Personal Data Heist for Meyer


The Conti gang breached the cookware giant's network, prepping thousands of employees’ personal data for consumption by cybercrooks. Breach Cloud Security Malware

India Releases Revised Non-Personal Data Framework

Hunton Privacy

On December 16, 2020, the Committee of Experts within India’s Ministry of Electronics and Information Technology (MeitY) (the “Committee”) issued a revised report on the Non-Personal Data Governance Framework (the “NPDF”) for India (the “Revised Committee Report”).

Personal Data Left on Used Laptops

Schneier on Security

A recent experiment found all sorts of personal data left on used laptops and smartphones. This should come as no surprise. Simson Garfinkel performed the same experiment in 2003, with similar results. computersecurity dataloss dataprotection

Selling and utilising personal data in an insolvency situation

Data Protection Report

But this is a tricky area to navigate, particularly following the General Data Protection Regulation ( GDPR ), since both the ICO and the FCA have started to pay more attention to this area. What are the legal mechanisms to sell or utilise personal data in an insolvency situation?

Personal Data and docs of Swiss town Rolle available on the dark web

Security Affairs

Documents and personal details of residents of the small Swiss town Rolle, on the shores of Lake Geneva, were stolen in a ransomware attack. The Swiss town Rolle disclosed the data breach after a ransomware attack, personal details of all its 6,200 inhabitants were stolen by threat actors.

When are schools required to report personal data breaches?

IT Governance

Under the GDPR (General Data Protection Regulation) , all personal data breaches must be recorded by the organisation and there should be a clear and defined process for doing so. What constitutes a personal data breach. How to avoid data breaches.

Pakistan Introduces New Draft of Personal Data Protection Bill

Hunton Privacy

Pakistan’s Ministry of Information Technology and Telecommunication recently introduced a new draft of Pakistan’s Personal Data Protection Bill, 2020 (the “Bill”) and launched a public consultation regarding the same. The controller also must maintain a record of personal data breaches.

Your Personal Data is Already Stolen

Schneier on Security

In an excellent blog post , Brian Krebs makes clear something I have been saying for a while: Likewise for individuals, it pays to accept two unfortunate and harsh realities: Reality #1: Bad guys already have access to personal data points that you may believe should be secret but which nevertheless aren't, including your credit card information, Social Security number, mother's maiden name, date of birth, address, previous addresses, phone number, and yes ­ even your credit file.

GDPR: How the definition of personal data has changed

IT Governance

On 25 May 2018, the EU’s GDPR (General Data Protection Regulation) superseded the UK’s DPA (Data Protection Act) 1998. With the Regulation expanding the definition of personal data, many organisations were uncertain as to what the new definition includes. The scope of personal data. Let’s start with the circumstances under which the processing of personal data must meet the GDPR’s requirements. What constitutes personal data?

CIPL Submits Comments on Irish DPC’s Guidance on Safeguarding Personal Data of Children

Hunton Privacy

The Draft Guidance also applies to all organizations that process children’s data, not just providers of Information Society Services (“ISS”), and has a broader scope than the ICO Age Appropriate Code, covering issues such as how to address security standards, handle data breaches and use biometrics.

A data ‘black hole’: Europol ordered to delete vast store of personal data

The Guardian Data Protection

The unprecedented finding from the European Data Protection Supervisor (EDPS) targets what privacy experts are calling a “big data ark” containing billions of points of information. Surveillance Privacy Data protection Police Big data European Union Europe Technology

UK: New guidance on processing personal data for scientific research purposes

DLA Piper Privacy Matters

Meanwhile, a sometimes popular (mis)conception is that data protection laws – and particularly the GDPR – are a barrier to the effective use of personal data for research. It’s clear that scientific research is something of a hot topic in data protection circles!