ABC’s of privacy this week-March 26, 2020

Applause

  • OAIC advises employers to meet privacy obligations amid COVID-19 epidemic

According to ZDNet, the Office of the Australian Information Commissioner has advised employers to handle personal information per the Privacy Act of 1988, even in a pandemic.  The OAIC advised that the collection, use, and disclosure of personal details should be limited to necessary information for preventing or managing COVID-19.

For more info: https://www.zdnet.com/article/australian-privacy-commissioner-offers-advice-on-staff-privacy-amid-covid-19/

  • OPC issues COVID-19 guidance

The Office of the Privacy Commissioner of Canada has recently issued guidance for organizations to understand their responsibilities towards privacy law maintenance during the COVID-19 pandemic. The guidance gives a clear understanding of the obligations surrounding both the Privacy Act and the Personal Information Protection and Electronic Documents Act.

For more info: https://priv.gc.ca/en/opc-news/news-and-announcements/2020/an_200320/

Data Breaches

  • Open cloud server exposes 200M user records

According to CyberNews, researchers have recently identified an unsecured Google Cloud database containing personal data of more than 200 million American citizens. The owner of the server is an unidentified party, and it contained full names, contact information, and even sensitive financial details. While the data was exposed for an unknown amount of time, it was deleted by an unknown party on March 3rd, 2020.

For more info: https://cybernews.com/security/report-unidentified-database-exposes-200-million-americans/

  • Elastic research breach exposes 5B records

SC Media reports, an unsecured Keepnet Labs database has exposed more than 5 billion records with information about security incidents over the past seven years. The privacy gap was discovered by security researcher Bob Diachenko and contained passwords, email addresses, and other prominent data leaks.

For more info: https://www.scmagazine.com/home/security-news/database-security/five-billion-records-exposed-in-open-data-breach-database/

  • Rogers Communications announces customer info exposed in breach

According to Bleeping Computer reports, Rogers Communications has announced that customers’ personal information was exposed via an unprotected database. The data contained personal details like email addresses, names, telephone numbers, and account numbers. Credit card information, bank and account details were not exposed through the breach, according to Rogers.

For more info: https://www.bleepingcomputer.com/news/security/rogers-data-breach-exposed-customer-info-in-unsecured-database/

  • Breaches hit online guitar service, college

According to Infosecurity Magazine, unauthorized access of TrueFire’s computer system exposed confidential user payment information for 6 months. People who made purchases between 3rd August 2019 and 14th January 2020 had their account numbers, card number, security code, and card expiration date exposed.

For more info: https://www.infosecurity-magazine.com/news/guitar-tuition-website-suffers/

Current News

  • European Commission puts emphasis on encryption

According to Euractiv, the European Commission is enhancing security efforts by adopting end-to-end encryption app Signal for Communications which will be used “outside of critical or sensitive exchanges.” For more info:https://www.euractiv.com/section/digital/news/the-story-behind-the-commissions-new-emphasis-on-encryption/