GDPR personal data explained

Collibra

The General Data Protection Regulation (GDPR), in force since May 25, 2018, requires businesses to protect the personal data and privacy of European Union (EU) citizens, for transactions that occur within EU Member States. What is personal data under GDPR?

Amazon Alexa ‘One-Click’ Attack Can Divulge Personal Data

Threatpost

Researchers disclosed flaws in Amazon Alexa that could allow attackers to access personal data and install skills on Echo devices. IoT Privacy Vulnerabilities amazon Amazon Alexa Data Privacy flaw personal data vulnerability

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Database May Have Exposed Instagram Personal Data

Data Breach Today

Email Addresses, Phone Numbers for 49 Million People Potentially Exposed There's been a potential leak of personally identifiable information from Instagram, but it's not clear yet whether the data on 49 million users came directly from the social media company.

When are schools required to report personal data breaches?

IT Governance

Under the GDPR (General Data Protection Regulation) , all personal data breaches must be recorded by the organisation and there should be a clear and defined process for doing so. What constitutes a personal data breach. How to avoid data breaches.

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

NAB Apologizes After Breach of Personal Data

Data Breach Today

Australian Bank Says Customer Data Sent to Two Service Providers National Australia Bank says it is contacting 13,000 customers after personal account data was uploaded without authorization to two data service providers. The bank, which apologized, says the data has been deleted and was not disclosed further

Brexit Preparation: Get Personal Data Flows in Order

Data Breach Today

teeters on the edge of a "no deal" Brexit, the country's information commissioner has warned businesses to prepare, saying that any organization that handles Europeans' personal data must ensure they have a legal transfer arrangement in place for continuing to do so Privacy Watchdog Orders Businesses to Prepare as UK Teeters on Edge of 'No Deal' As the U.K.

Las Vegas Students’ Personal Data Leaked, Post-Ransomware Attack

Threatpost

A researcher said he discovered an open data cache with names, grades, birthdates and more, after the Clark County School District refused to pay the ransom.

Hackers Leak Hundreds of German Politicians' Personal Data

Data Breach Today

Chancellor Angela Merkel Among the Victims of Massive Hack Attack and Data Leak Hundreds of members of the German parliament, Chancellor Angela Merkel as well as numerous local celebrities have had their personal details and communications stolen and leaked online as part of what authorities are calling an attack on the country's democracy and institutions

Pandemics and Personal Data

IG Guru

Jared Walker of Zasio writes a great blog post on Pandemics and Personal Data. The post Pandemics and Personal Data appeared first on IG GURU. Business Education GDPR IG News Information Governance information privacy Privacy Risk News Sponsored COVID-19 Europe Health Information HIPAA Italy Jared Walker Medical Information Pandemic Singapore Zasio

Personal Data Left on Used Laptops

Schneier on Security

A recent experiment found all sorts of personal data left on used laptops and smartphones. This should come as no surprise. Simson Garfinkel performed the same experiment in 2003, with similar results. computersecurity dataloss dataprotection

Fitbit Spyware Steals Personal Data via Watch Face

Threatpost

IoT Malware Mobile Security Privacy Vulnerabilities API app Application breen Connected Device data theft Fitbit Fitbit Gallery immersive malicious watch face malware privacy controls Spyware

Ireland: Irish Court of Appeal Clarifies Boundaries of Concept of Personal Data

DLA Piper Privacy Matters

The Irish Court of Appeal has clarified the scope of the definition of personal data – noting that, while the definition is deliberately very broad, it does not facilitate access by an individual to reports stemming from a complaint for the sole reason that the complaint was made by that individual.

Is it still necessary for data protection laws to have particular processing rules for specific types pf personal data?

Data Protector

European laws have special rules for the processing of “sensitive data” or “special category data” regardless of the context within which the data will be processed. This has been the case in the UK since the coming into force of the first (1984) Data Protection Act.

Your Personal Data is Already Stolen

Schneier on Security

In an excellent blog post , Brian Krebs makes clear something I have been saying for a while: Likewise for individuals, it pays to accept two unfortunate and harsh realities: Reality #1: Bad guys already have access to personal data points that you may believe should be secret but which nevertheless aren't, including your credit card information, Social Security number, mother's maiden name, date of birth, address, previous addresses, phone number, and yes ­ even your credit file.

Thailand Personal Data Protection Law

Data Protection Report

The Personal Data Protection Act B.E. However, most of the operational provisions, including provisions relating to the rights of a data subject, the obligations of a data controller and the penalties for non-compliance, will become effective on 27 May 2020, 1 year after the PDPA is published. Definition of Personal Data. Person ” means a natural person. When monitoring of data subjects’ behavior is taken place in Thailand.

GDPR: How the definition of personal data has changed

IT Governance

On 25 May 2018, the EU’s GDPR (General Data Protection Regulation) superseded the UK’s DPA (Data Protection Act) 1998. With the Regulation expanding the definition of personal data, many organisations were uncertain as to what the new definition includes. The scope of personal data. Let’s start with the circumstances under which the processing of personal data must meet the GDPR’s requirements. What constitutes personal data?

How Political Campaigns Use Personal Data

Schneier on Security

Data-driven technologies are an inevitable feature of modern political campaigning. All the data-driven methods presented in this guide would not exist without the commercial digital marketing and advertising industry. From analysing behavioural data to A/B testing and from geotargeting to psychometric profiling, political parties are using the same techniques to sell political candidates to voters that companies use to sell shoes to consumers.

Baby App “Peekaboo” Leaks Photos, Videos and Personal Data

Adam Levin

The leaked data includes photos, videos, and birthdates of babies, as well as 800,000 email addresses, location data as well as detailed device information. . The leaked data was discovered by Dan Ehrlich of the security consulting firm Twelve Security. Data privacy and security come as our priority. Bithouse has yet to comment on the leak or take the leaked data offline. Data Security Data breach Privacy featured elasticsearch data leak peekaboo

Revisit an Employee Personal Data Protection Policy After CCPA

InfoGoTo

As businesses subject to the California Consumer Privacy Act (CCPA) develop and implement policies and procedures to comply with the law, they may want to revisit, or develop an employee personal data protection policy. 1 and will be enforced by the California attorney general as of July 1 — some organizations may have put off the delicate matter of employee personal data. The exemption just applies to personal data collected in an HR context.

Delayed Implementation of Thailand?s Personal Data Protection Act

Hunton Privacy

The implementation of Thailand’s Personal Data Protection Act B.E. Those data controllers for whom compliance has been deferred include agencies and operators of prescribed businesses specified in the Royal Decree on Agencies and Businesses Not Subject to the PDPA B.E. International Data Controller Data Protection Act Personal Data Thailand2562 (A.D. 2019) (the “PDPA”) has been delayed until May 31, 2021.

Pakistan Introduces New Draft of Personal Data Protection Bill

Hunton Privacy

Pakistan’s Ministry of Information Technology and Telecommunication recently introduced a new draft of Pakistan’s Personal Data Protection Bill, 2020 (the “Bill”) and launched a public consultation regarding the same. In addition, under the Bill, the federal government would, within six months of coming into force, establish a Personal Data Protection Authority of Pakistan with rulemaking authority to enforce the act.

Selling and utilising personal data in an insolvency situation

Data Protection Report

But this is a tricky area to navigate, particularly following the General Data Protection Regulation ( GDPR ), since both the ICO and the FCA have started to pay more attention to this area. For example, in February of this year, the FCA and ICO issued a joint statement warning regulated firms and insolvency practitioners of their responsibilities when dealing with personal data. What are the legal mechanisms to sell or utilise personal data in an insolvency situation?

Thailand’s First Personal Data Protection Law Enters into Effect

Hunton Privacy

On May 27, 2019, Thailand’s Personal Data Protection Act B.E. Although now effective, the main operative provisions concerning personal data protection (including requests for data subjects’ consent; collection/use and disclosure of personal data; rights of data subjects; complaints; civil liabilities and penalties) will not come into force until one year after their publication in the Government Gazette ( i.e. , on May 28, 2020).

Ford Eyes Use of Customers’ Personal Data to Boost Profits

Threatpost

IoT Privacy Data Finance Ford hackett personal data scooter spinFord's CEO sees the tech company model as key to the company's next chapter.

India Releases Draft Non-Personal Data Governance Framework

Hunton Privacy

On July 13, 2020, a Committee of Experts within India’s Ministry of Electronics and Information Technology (“the Committee”) published the first draft of a Non-Personal Data Governance Framework for India for public consultation.

TikTok Bugs Put Users' Videos, Personal Data At Risk

Dark Reading

Researchers found it was possible to spoof SMS messages from TikTok and exploit an API flaw that could grant access to users' personal data

Personal data protection in the time of coronavirus (Covid-19)

Data Protection Report

Outbreak of the coronavirus and personal data privacy. In order to control the outbreak and track the spread of the virus, Chinese health authorities and other stakeholders ranging from airlines, rail operators and property management companies have collected a large amount of personal data, including data on individuals who have recently travelled to Wuhan or who have been in contact with those who have developed symptoms of infection.

Turkish Personal Data Protection Authority fined Facebook for Photo API bug

Security Affairs

The Turkish Personal Data Protection Authority fined Facebook $270,000 for the Photo API bug that exposed personal photos of 300,000 Turkish users. The Turkish Personal Data Protection Authority (KVKK) has fined Facebook 1.65 million Turkish lira ($270,000) for the Photo A PI bug that exposed personal photos of 300,000 Turkish users. The post Turkish Personal Data Protection Authority fined Facebook for Photo API bug appeared first on Security Affairs.

Singapore: Imminent Changes to the Personal Data Protection Act 2012 (PDPA)

DLA Piper Privacy Matters

On 5 October 2020, the Personal Data Protection (Amendment) Bill (“Bill”) was tabled in Parliament for the first reading. Authors: Carolyn Bigg and Yue Lin Lee. Important changes will soon be made to Singapore’s PDPA.

GDPR: What’s the difference between personal data and sensitive data?

IT Governance

Now that the EU GDPR (General Data Protection Regulation) has been in effect for over a year, you’ve likely become acquainted with the term ‘personal data’ But what exactly does personal data mean? And did you know that the GDPR includes a sub-category of sensitive personal data that comes with its own requirements? What is personal data? Location data. What is sensitive personal data?

Thailand: Personal Data Protection Act (PDPA) Amendments on the way: What does this mean for your company?

DLA Piper Privacy Matters

Thailand’s Personal Data Protection Act (“ PDPA “) is in the process of being updated, and full implementation and compliance is expected by 1 June 2021. Uncategorized Data Protection

British Airways E-Ticketing Flaw Exposes Passenger Flight, Personal Data

Threatpost

A vulnerability in British Airways' e-ticketing system could enable a bad actor to view passengers' personal data or change their booking information. Hacks Vulnerabilities British Airways British airways data breach Data Privacy Data security e-ticketing flaw Encryption

China Emphasizes Protection of Personal Data by Issuing a New Circular

Hunton Privacy

Consent Requirement for Collection of Personal Information. Only relevant parties authorized by the health department of the State Council can collect personal information for the purposes of prevention and control of epidemics and disease without data subjects’ consent pursuant to Cybersecurity Law, Law of Prevention and Treatment of Infectious Diseases, and Regulation on Responses to Public Health Emergencies, unless provided otherwise. Disclosure of Personal Information.

MoviePass Leaves Credit Card Numbers, Personal Data Exposed Online

Dark Reading

Thousands of customers' credit card numbers, MoviePass card numbers, and sensitive data were left in an unprotected database

Facebook personal data use and privacy settings ruled illegal by German court

The Guardian Data Protection

Firm to appeal decision by Berlin regional court which upholds complaints that users not given informed consent Facebook’s default privacy settings and use of personal data are against German consumer law, according to a judgement handed down by a Berlin regional court. The court found that Facebook collects and uses personal data without providing enough information to its members for them to render meaningful consent.

FEMA Leaked Personal Data of 2.3 Million Disaster Victims

Adam Levin

The Federal Emergency Management Agency failed to properly protect the personal information of 2.3 A partially redacted memo issued by the Office of the Inspector General of the Department of Homeland Security stated that FEMA released the personally identifiable information of 2.3 FEMA is no longer sharing unnecessary data with the contractor and has conducted a detailed review of the contractor’s information system. The post FEMA Leaked Personal Data of 2.3

Schrems II Decision and Changes to Personal Data Transfers

Collibra

Privacy Shield as an adequate framework for regulating exchanges of personal data between the European Union and United States. The EU-US Privacy Shield helped these organizations legally transfer personal data from the EU to the United States.

Android App Publishers Won't Take 'No' for an Answer on Personal Data

Dark Reading

Researchers find more than 1,000 apps in the Google Play store that gather personal data even when the user has denied permission

30,000+ Italian sales agents’ personal data, IDs leaked by Ariix Italia

Security Affairs

A database allegedly belonging to Ariix Italia was exposed online on an unsecured Amazon S3 bucket, it includes 30,000+ Italian sales agents’ personal data. The database also contains sales representative enrollment contracts that include personally identifiable information such as full names, addresses, tax identification numbers, and signatures of mostly Italian citizens. As of June 5, the Ariix Italia data bucket has been closed and is no longer accessible.

Sales 71