OneDPO

ABC’s of Privacy This Week – Feb 05, 2020

ABC's of Privacy This Week

Welcome to our weekly privacy newsletter to read the latest privacy-related news from across the globe. We classify our weekly privacy newsletter into three parts namely Applause, Breaches and Current News (ABC’s) of Privacy news. For any feedback on our weekly newsletter, please feel free to send your comments to social@onedpo.com.

Applause

Indonesian Submits Draft Data Protection Law

Indonesian President Joko Widodo has submitted a draft data protection law to the country’s House of Representatives. The bill includes the types of personal data it covers, data rights, the obligations and responsibilities of data controllers and processors, data transfers, and requirements for data protection officers. The legislation is set to cover citizens both within Indonesia and those who are abroad.

For more info: https://www.kominfo.go.id/content/detail/24039/siaran-pers-no-15hmkominfo012020-tentang-indonesia-akan-jadi-negara-asia-tenggara-kelima-yang-miliki-uu-pdp/0/siaran_pers

Wisconsin Lawmaker Proposes Regulations on Data Collection

State Rep. Shannon Zimmerman proposed the Wisconsin Data Privacy Act, which could fine companies up to $20 million or assesses a portion of their annual revenue — if they don’t abide by the existing data privacy rules. Depending on the severity of the offender, the Wisconsin attorney general could bring legal action, according to the proposal. Penalties call on entities to be fined up to $10 million or 2% of annual revenue — whichever is higher. Those penalties could be doubled for personal data violations.

For more info: https://wqow.com/2020/01/29/area-lawmaker-proposes-wisconsin-data-privacy-act/

Breaches

UN Kept Hacker Attacks Under Wraps

The United Nations has fallen victim to a major hacking attack that compromised its Europe-based IT systems, and the officials of the organization chose to keep it a secret. The attack was detected in August 2019 by the UN’s Geneva IT team, who figured that the break-in had happened a month earlier. Upon further investigation, the UN employees discovered that the compromise spread over to 40 of their servers in Geneva and Vienna, holding important data of its human resources department, as well as the human rights office. The records that have been accessed by the infiltrators include the commercial contracts of the organization, their passwords, and various business documents.

For more info: https://apnews.com/0d958e15d7f5081dd612f07482f48b73

British Charity Loses Over $1m in Domain Spoofing Scam

A British community housing charity was conned out of more than $1m in a domain spoofing scam. The charity described how criminals not only spoofed the domain of a genuine contractor but also sent emails to Red Kite that appeared to be from contacts who had already won the charity’s trustees. The con was carried out in late August 2019 and is still under investigation by the police. As a result of the incident, Red Kite’s governance rating has been downgraded by the Regulator of Social Housing (RSH).

For more info: https://www.infosecurity-magazine.com/news/red-kite-spoofing-scam/

SpiceJet Breach Affects 1.2 Million Passengers

A data breach at Indian airline SpiceJet has exposed the personal information of over a million passengers. Data exposed in the breach included passengers’ names, phone numbers, email addresses, and dates of birth. Among the passengers whose data was exposed were several state officials. While SpiceJet has now taken steps to secure the exposed database, the airline has declined to confirm CERT-In’s findings.

For more info: https://www.infosecurity-magazine.com/news/breach-at-indian-airline-affects/

Current News

Italian DPA Issues 28M Euro GDPR Fine

The Italian data protection authority, the Garante, has fined Tim Spa 27.8 million euros for alleged violations of the EU General Data Protection Regulation. The DPA received complaints that the company made millions of promotional phone calls without the consent of the customers. The complainants either had their numbers on the Public Register do-not-call list or previously opted out of receiving phone calls from the company.

For more info: https://www.gpdp.it/web/guest/home/docweb/-/docweb-display/docweb/9256409

Cyprus DPA Issues 82k Euro GDPR Fine

The European Data Protection Board announced Cyprus’ Office of the Commissioner for Personal Data Protection fined three companies a combined 82,000 euros for various EU General Data Protection Regulation violations. The investigation found each company to be violating GDPR and hence resulting in fines of 70,000 euros to LGS Handling, 10,000 euros to Louis Travel, and 2,000 euros to Louis Aviation.

For more info: https://edpb.europa.eu/news/national-news/2020/cypriot-supervisory-authority-banned-processing-automated-tool-used-scoring_en

Danish Holiday Fund Violates GDPR

The Danish data protection authority, Datatilsynet, found the Labour Market Holiday Fund violated the EU General Data Protection Regulation. As part of an investigation involving holiday pay, the DPA found the fund did not disclose certain information promptly, nor did it provide the data in a transparent, easily accessible format.

For more info: https://www.datatilsynet.dk/presse-og-nyheder/nyhedsarkiv/2020/jan/ny-afgoerelse-arbejdsmarkedets-feriefonds-iagttagelse-af-oplysningspligt-og-brug-af-samtykke/