ABC’s of Privacy This Week – Nov 06, 2019

Welcome to our weekly privacy newsletter to read the latest privacy-related news from across the globe. We classify our weekly privacy newsletter into three parts namely Applause, Breaches and Current News (ABC’s) of Privacy news. For any feedback on our weekly newsletter, please feel free to send your comments to social@onedpo.com.

Applause

India is Set to Launch a New Data Protection Framework

The long-awaited Personal Data Protection Bill, 2018 is likely to be brought to the floor in the upcoming winter session of the Indian Parliament. The proposed bill introduces provisions related to privacy by design, conditions for cross-border data transfer and appointing data protection officers, making it vastly different from the existing data protection framework.

For more info: https://iapp.org/news/a/preparing-for-indias-new-data-protection-framework/

Breaches

Canada’s Desjardins Group Data Breach Affects 4.2mn Members

Montreal-based Desjardins data breach has affected all of the financial cooperative’s 4.2 million members, prompting government reforms to protect personal information in the Canadian province of Quebec. An internal probe revealed that the reason behind the data breach is due to the unauthorized use of internal data by an employee which led to the breach of personal information, including social insurance number, address and details of banking habits.

For more info:  https://www.reuters.com/article/us-desjardins-databreach/canadas-desjardins-said-personal-data-breach-hit-4-2-million-users-idUSKBN1XB4N0

UniCredit Data Breach Impacts Italian Customers

UniCredit, one of Italy’s top bank, has uncovered a data breach involving the personal records of 3 million domestic clients. The lender said in a statement on Monday the compromised records contained no details, that would allow access to customer accounts or for unauthorized transactions to be carried out. An internal probe is ongoing and a spokesman for UniCredit said no further details could be disclosed on how the breach happened.

For more info:  https://www.reuters.com/article/us-unicredit-cyber/unicredit-identifies-data-breach-in-italian-client-records-idUSKBN1X70HM

More Than 680k Students Affected by Indian Educational Firm Data Breach

Indian-based educational technology firm Vedantu faced a data breach in the last week of September, which risked data of more than 680,000 customers. The vulnerability exposed customer details such as email ids’, names and phone numbers. The company confirmed that the vulnerability was fixed within a few days and the affected customers were informed about the attack and advised to change their passwords.

For more info: https://tech.economictimes.indiatimes.com/news/internet/vedantus-data-breach-risked-680000-customers-data/71882087

Current News

Austrian DPA Imposes a Fine of 18 Million Euros on OPAG

The Austrian data protection authority (DPA) imposed an administrative fine of 18 million euros on Österreichische Post AG (ÖPAG) after conducting administrative fine proceedings. The fine was based on the evidence that ÖPAG had violated the GDPR by processing personal data on the alleged political association of affected data subjects.

For more info: https://edpb.europa.eu/news/national-news/2019/administrative-criminal-proceedings-austrian-data-protection-authority_en

Google Acquires Fitbit for $2.1 Billion

Alphabet, Google’s parent company announced on Friday that it is acquiring San-Francisco based smartwatch maker Fitbit for $2.1 billion. Fitbit has also issued a statement that Google was paying $7.35 per share in cash. The deal will likely face scrutiny over how Google plans to use the data Fitbit users have shared. Google has assured its Fitbit users that it will provide tools to review, move, and delete their data.

For more info: https://www.onedpo.com/is-fitbit-users-data-safe-with-google/

Facial-recognition to Pay for Your Groceries

A conference in Vancouver showcased a product demonstration of SnapPay Grocers which enables you to pay your monthly grocery bills using the facial recognition technology.  Privacy advocates are cautious about the deployment of the technology as the grocery store itself plans to store and process the collected data. This could lead to a potential data breach without proper implementation and security measures.

For more info: https://www.thestar.com/vancouver/2019/10/17/you-could-soon-use-your-face-to-pay-for-groceries-but-privacy-experts-are-urging-caution.html

Singapore PDPC Imposes Fine on 8 Companies

Singapore’s Personal Data Protection Commission imposed fines against eight companies for violations of the Personal Data Protection Act. The highest financial penalty of $90,000 was levied on Ninja Logistics for failing to put in place reasonable security arrangements to protect customers’ data, allowing the data to be accessed publicly.

For more info: https://www.pdpc.gov.sg/pdpc/news/latest-updates/2019/11/new-commissions-decisions-on-4-november-2019

Romanian Supervisory Authority Fines Bank for Sharing Customer Information through Whatsapp

Raiffeisen Bank S.A. and Vreau Credit S.R.L were imposed an administrative fine of 150,000 Euros by the National Supervisory Authority. The breach of security happened when employees of Raiffeisen Bank S.A., transmitted the information to the employees of the company Vreau Credit S.R.L. through the WhatsApp mobile application, to determine the eligibility of the respective individuals. Moreover, the information was shared between the companies without the consent of the customers.

For more info: https://edpb.europa.eu/news/national-news/2019/romanian-supervisory-authority-fines-artmark-holding-srl_en