Senators Raise Security Concerns Over Selling Personal Data

Data Breach Today

Letter to Twitter, Google, Others Asks About Selling Information to Foreign Governments A bipartisan group of senators has sent a letter to Google, Twitter, Verizon, AT&T and online advertising firms and networks raising national security concerns about the selling of citizens' personal data, which could end up in the hands of foreign governments.

Personal data of 1.3 million Clubhouse users leaked online

Security Affairs

An SQL database containing the personal data of 1.3 Researchers from Cyber News have discovered that the personal data of 1.3 million Clubhouse users was leaked online days after LinkedIn and Facebook also suffered data leaks. The post Personal data of 1.3

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

GDPR personal data explained

Collibra

The General Data Protection Regulation (GDPR), in force since May 25, 2018, requires businesses to protect the personal data and privacy of European Union (EU) citizens, for transactions that occur within EU Member States. What is personal data under GDPR?

India Releases Revised Non-Personal Data Framework

Hunton Privacy

On December 16, 2020, the Committee of Experts within India’s Ministry of Electronics and Information Technology (MeitY) (the “Committee”) issued a revised report on the Non-Personal Data Governance Framework (the “NPDF”) for India (the “Revised Committee Report”).

Thailand Personal Data Protection Law

Data Protection Report

The Personal Data Protection Act B.E. The PDPA is under the supervision of the Ministry of Digital Economy and Society and the main supervising authority of the PDPA is the Office of Data Protection Committee ( Office ). Definition of Personal Data. Background.

When are schools required to report personal data breaches?

IT Governance

Under the GDPR (General Data Protection Regulation) , all personal data breaches must be recorded by the organisation and there should be a clear and defined process for doing so. What constitutes a personal data breach. How to avoid data breaches.

Over 80 US Municipalities’ Sensitive Information, Including Resident’s Personal Data, Left Vulnerable in Massive Data Breach

Security Affairs

There was no need for a password or login credentials to access this information, and the data was not encrypted. The data of these municipalities was stored in several misconfigured Amazon S3 buckets that were sharing similar naming conventions to MapsOnline.

Processing of riders’ personal data ? The Italian Data Protection Authority sanctions a food delivery company

Privacy and Cybersecurity Law

On July 5, 2021, the Italian supervisory authority (“ Garante ”) published an injunction against a company operating a food delivery app (“ Company ”) over the processing of riders’ personal data with respect to the use of algorithms for the management of the orders.

GDPR: How the definition of personal data has changed

IT Governance

On 25 May 2018, the EU’s GDPR (General Data Protection Regulation) superseded the UK’s DPA (Data Protection Act) 1998. With the Regulation expanding the definition of personal data, many organisations were uncertain as to what the new definition includes. The scope of personal data. Let’s start with the circumstances under which the processing of personal data must meet the GDPR’s requirements. What constitutes personal data?

CIPL Submits Comments on Vietnam’s Draft Decree on Personal Data Protection

Hunton Privacy

On April 8, 2021, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth submitted comments in response to the Ministry of Public Security (“MPS”) of Vietnam’s Draft Decree on Personal Data Protection (“Draft Decree”).

Your Personal Data is Already Stolen

Schneier on Security

In an excellent blog post , Brian Krebs makes clear something I have been saying for a while: Likewise for individuals, it pays to accept two unfortunate and harsh realities: Reality #1: Bad guys already have access to personal data points that you may believe should be secret but which nevertheless aren't, including your credit card information, Social Security number, mother's maiden name, date of birth, address, previous addresses, phone number, and yes ­ even your credit file.

Pakistan Introduces New Draft of Personal Data Protection Bill

Hunton Privacy

Pakistan’s Ministry of Information Technology and Telecommunication recently introduced a new draft of Pakistan’s Personal Data Protection Bill, 2020 (the “Bill”) and launched a public consultation regarding the same. The controller also must maintain a record of personal data breaches.

Baby App “Peekaboo” Leaks Photos, Videos and Personal Data

Adam Levin

The leaked data includes photos, videos, and birthdates of babies, as well as 800,000 email addresses, location data as well as detailed device information. . The leaked data was discovered by Dan Ehrlich of the security consulting firm Twelve Security. The lack of protection of user security seemingly contradicts the company’s promises on the Google Play store. Data privacy and security come as our priority.

Fitbit Spyware Steals Personal Data via Watch Face

Threatpost

IoT Malware Mobile Security Privacy Vulnerabilities API app Application breen Connected Device data theft Fitbit Fitbit Gallery immersive malicious watch face malware privacy controls Spyware

Thailand’s First Personal Data Protection Law Enters into Effect

Hunton Privacy

On May 27, 2019, Thailand’s Personal Data Protection Act B.E. Although now effective, the main operative provisions concerning personal data protection (including requests for data subjects’ consent; collection/use and disclosure of personal data; rights of data subjects; complaints; civil liabilities and penalties) will not come into force until one year after their publication in the Government Gazette ( i.e. , on May 28, 2020).

CIPL Submits Comments on Irish DPC’s Guidance on Safeguarding Personal Data of Children

Hunton Privacy

The Draft Guidance also applies to all organizations that process children’s data, not just providers of Information Society Services (“ISS”), and has a broader scope than the ICO Age Appropriate Code, covering issues such as how to address security standards, handle data breaches and use biometrics.

China Emphasizes Protection of Personal Data by Issuing a New Circular

Hunton Privacy

Consent Requirement for Collection of Personal Information. In other words, unauthorized parties cannot collect the personal information of data subjects without their consent for the purposes of prevention and control of epidemics and disease. Disclosure of Personal Information.

GDPR: What’s the difference between personal data and sensitive data?

IT Governance

Now that the EU GDPR (General Data Protection Regulation) has been in effect for over a year, you’ve likely become acquainted with the term ‘personal data’ But what exactly does personal data mean? And did you know that the GDPR includes a sub-category of sensitive personal data that comes with its own requirements? What is personal data? Location data. What is sensitive personal data?

FEMA Leaked Personal Data of 2.3 Million Disaster Victims

Adam Levin

The Federal Emergency Management Agency failed to properly protect the personal information of 2.3 A partially redacted memo issued by the Office of the Inspector General of the Department of Homeland Security stated that FEMA released the personally identifiable information of 2.3 FEMA is no longer sharing unnecessary data with the contractor and has conducted a detailed review of the contractor’s information system. The post FEMA Leaked Personal Data of 2.3

Facebook and Twitter warn of malicious SDK harvesting personal data from its accounts

Security Affairs

Some third-party apps quietly scraped personal information from people’s accounts from Twitter and Facebook, the social media companies claim. Facebook and Twitter revealed that some third-party apps quietly scraped personal information from people’s accounts without their consent.

30,000+ Italian sales agents’ personal data, IDs leaked by Ariix Italia

Security Affairs

A database allegedly belonging to Ariix Italia was exposed online on an unsecured Amazon S3 bucket, it includes 30,000+ Italian sales agents’ personal data. We then reported the incident to Amazon and they were able to secure the S3 bucket. What data is in the bucket?

Sales 81

UK Information Commissioner issues letter on transfers of personal data to the U.S. Securities and Exchange Commission

DLA Piper Privacy Matters

Securities and Exchange Commission (“ SEC ”) confirming that SEC-regulated UK domiciled firms (“ UK Regulated Firms ”) can share personal data with the SEC when seeking to comply with regulatory obligations, in compliance with the UK GDPR. General Data Protection Regulation

GDPR 60

German BGH Decision Confirms Interplay Between Collection of Personal Data and Competition Law

Hunton Privacy

On June 23, 2020, the German Federal Court of Justice (the Bundesgerichtshof , or “BGH”) issued a decision confirming the enforceability, in preliminary proceedings, of the order of the German Federal Cartel Office (the “ Bundeskartellamt ”) against Facebook’s data practices.

Transferring personal data under the GDPR

IT Governance

When organisations transfer data, they inevitably compromise its security to some degree. It’s no longer secured behind physical defences, such as in a locked drawer in the organisation’s secure premises, and the means of transfer can be lost, stolen or hacked. There’s not much organisations can do to eliminate data loss, so the problem becomes how to reduce the damage once the data is exposed? Data transfers.

How to write a GDPR-compliant personal data breach notification procedure

IT Governance

An integral part of your EU General Data Protection Regulation (GDPR) compliance project is producing appropriate documentation, which includes a personal data breach notification procedure. What is a personal data breach? The UK Information Commissioner’s Office (ICO) defines a personal data breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data”.

The GDPR: Do you know the difference between personal data and sensitive data?

IT Governance

Now that the EU GDPR (General Data Protection Regulation) has been in effect for a couple of months, you’ve hopefully become acquainted with its definition of personal data: “any information relating to an identified or identifiable natural person”. And did you know that the GDPR includes a sub-category of sensitive personal data that comes with its own requirements? What is personal data? Location data.

Turkish Personal Data Protection Authority fined Facebook for Photo API bug

Security Affairs

The Turkish Personal Data Protection Authority fined Facebook $270,000 for the Photo API bug that exposed personal photos of 300,000 Turkish users. The Turkish Personal Data Protection Authority (KVKK) has fined Facebook 1.65 million Turkish lira ($270,000) for the Photo A PI bug that exposed personal photos of 300,000 Turkish users. The post Turkish Personal Data Protection Authority fined Facebook for Photo API bug appeared first on Security Affairs.

Thailand: Personal Data Protection Act (PDPA) Amendments on the way: What does this mean for your company?

DLA Piper Privacy Matters

Thailand’s Personal Data Protection Act (“ PDPA “) is in the process of being updated, and full implementation and compliance is expected by 1 June 2021. Uncategorized Data Protection

British Airways E-Ticketing Flaw Exposes Passenger Flight, Personal Data

Threatpost

A vulnerability in British Airways' e-ticketing system could enable a bad actor to view passengers' personal data or change their booking information. Hacks Vulnerabilities British Airways British airways data breach Data Privacy Data security e-ticketing flaw Encryption

New Zealand property management company leaks 30,000 users’ passports, driver’s licenses and other personal data

Security Affairs

CyberNews reported the discovery of an unsecured Amazon S3 bucket containing users’ passports, driver’s licenses and other personal data. Both Vadix and CyberNews attempted to contact LPM Property Management to secure their database. The database is now secured.

European Commission Adopts UK Adequacy Decisions Allowing Personal Data to Freely Flow from the EU to the UK

Data Matters

On 28 June 2021, the European Commission announced that it has adopted two adequacy decisions for the UK, one under the General Data Protection Regulation ( GDPR ) and one under the Data Protection Directive with Respect to Law Enforcement ( Law Enforcement Directive ) ( Adequacy Decisions ). The announcement comes just two days before the bridging period for data transfers between the EU and the UK was set to expire.

Walmart Jewelry Partner Exposes Personal Data Of 1.3M Customers

Threatpost

A Walmart jewelry partners' misconfigured AWS S3 bucket left personal details and contact information of 1.3 Cloud Security Featured Privacy Web Security AWS AWS S3 Bucket data leak Leaky Bucket personal datamillion customers in plain sight.

China Implements Regulation Increasing Protections for Children’s Personal Data

Data Matters

On 22 August 2019, the Cyberspace Administration of China (CAC) announced the implementation of the Online Protection of Children’s Personal Data Regulation (????????????), (“the Regulation”) which came into force on 1 October 2019. The Regulation comprises a list of rules which seek to ensure the safety of children’s personal data and promote a healthy upbringing for children.

Timehop Breach Impacts Personal Data of 21 Million Users

Threatpost

A massive breach has impacted up to 21 million users' personal data and their social media "access tokens.". Cloud Security Hacks Mobile Security access tokens cloud computing breach data breach Facebook Facebook Privacy Multi Factor Authentication personal data social media Timehop

EDPB Releases Statement on the Processing of Personal Data in the Context of Reopening Borders Following the COVID-19 Outbreak

Hunton Privacy

On June 16, 2020, the European Data Protection Board (the “EDPB”) released a statement on the processing of personal data in the context of reopening borders following the COVID-19 outbreak (the “Statement”).

Fortnum & Mason customers’ personal data exposed in breach

IT Governance

As the saying goes, you’re only as strong as your weakest link, which is as true for data security as any other situation. Unfortunately, world-famous retailer Fortnum & Mason was recently let down by a weak link – survey company Typeform – that exposed the personal data of 23,000 of its customers. A breach of Typeform affected Fortnum & Mason customers who voted using the Typeform form in the “TV Personality of the Year” category.

Adult Content Site Exposed Personal Data of 1M Users

Threatpost

The personal email addresses - some indicating user names or government official status - of more than a million pornography website users were exposed. Privacy Web Security adult website security data leak database elasticsearch database exposed data luscious vulnerability

Middle East: Kingdom of Bahrain publishes Personal Data Protection Law

DLA Piper Privacy Matters

30 of 2018 on the Personal Data Protection Law (PDPL). It will provide individuals with rights in relation to how their personal data can be collected, processed and stored. The PDPL also imposes new obligations upon businesses to ensure that the personal data they collect is kept secure. The PDPL will set up a new authority, known as the Personal Data Protection Authority (Authority). Automatic processing of biometric data.

Taiwan Amends Personal Data Protection Law

Hunton Privacy

On December 30, 2015, Taiwan’s Office of the President issued an order to promulgate certain amendments (the “Amendments”) to Taiwan’s Personal Data Protection Law (the “PDPL”). The Amendments concern the collection and use of sensitive personal data, the form of consent for the collection and use of non-sensitive personal data, and the imposition of criminal liability for violations of certain provisions of the PDPL.

New attack by Anonymous Italy: personal data from ministries and police have been released online

Security Affairs

New attack by Anonymous Italy: personal data from ministries and police have been released online. As announced, the three groups that coordinate the operation “Black Week” have released also today new data from their raids on online sites and databases. Sensitive data by members of the Lega Nord del Trentino, Fratelli d’Italia and the Democratic Party of the city of Siena were disseminated. Security Affairs – Anonymous Italy, Hacktivism).