dcsimg

Polish school fined for processing children’s biometric data

A primary school in Gdańsk, Poland, has been fined PLN 20,000 (about €4,600) for collecting biometric data from its students without a legal basis. The GDPR (General Data Protection Regulation) defines biometric data as “personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the … [Read more...]

Hospital patients’ medical records found on roadside

Hospital notes of patients who attended Craigavon Area Hospital, Co. Armagh were discovered scattered on a local roadside on 7 February. The records contained the information of 18 patients who visited ward 2 South Medicine at the hospital, including their name, age, reason for admission, and medical and social history. A man and a six-year-old child, who wish to remain anonymous, discovered the … [Read more...]

Unlawful data processing practices cost Italian telecoms organisation more than €27 million

The Italian Data Protection Authority (Garante per la protezione dei dati personali) last month issued a €27,802,946 fine to telecoms company TIM S.p.A for several GDPR (General Data Protection Regulation) infringements and a lack of accountability. The unlawful practices, which occurred between 2017 and 2019, affected millions of individuals, some of whom were not even TIM S.p.A customers. They … [Read more...]

Ireland’s DPC begins investigation into Google and Tinder

Ireland’s DPC (Data Protection Commission) is investigating Internet giant Google and matchmaking app Tinder over the way they process and retain users’ data. Inquiry into Google The DPC has commenced an own-volition Statutory Inquiry into Google Ireland Limited following complaints from several EU consumer organisations about its processing of users’ location data and the transparency of the … [Read more...]

Criminal hackers exploit fear of coronavirus to spread malware

Cyber criminals are using the fear surrounding the coronavirus outbreak to infect the devices of unsuspecting victims with malware. The malware, delivered via an email attachment, was discovered by Kaspersky Lab and IBM X-Force. Kaspersky’s findings The emails flagged by Kaspersky contained malware hidden within PDF, docx and MP4 files, implying that they claimed to have information on coronavirus … [Read more...]

250 million Microsoft customer records exposed in latest breach

In its latest data breach, Microsoft has exposed nearly 14 years of customer service and support records, equating to the details of nearly 250 million records. The breach was discovered by Comparitech’s security research team, which is headed by Bob Diachenko, who immediately informed Microsoft. The corporation took swift action; in total, the data was exposed from 28–31 December 2019. Diachenko … [Read more...]

A breakdown of the GDPR’s six data processing principles

The Regulation stipulates that infringements of “the basic principles for processing, including conditions for consent” are subject to the highest possible administrative fines – up to €20,000,000 or 4% of global annual turnover, whichever is greater. If any detail can get the attention of the people who need to understand this, it is likely that potential fines of that scale will do the job.  The … [Read more...]

Google aims to banish third-party cookies within the next two years

Google, the Internet giant that serves more than 87% of worldwide web users, has given further details on its Privacy Sandbox initiative. Announced in August 2019, Privacy Sandbox aims to strengthen users’ online privacy, while protecting online publishers and advertisers. Google now says it wants to phase out support of third-party cookies within the next two years.   What is Privacy … [Read more...]

A guide to the 4 PCI DSS compliance levels

The PCI DSS (Payment Card Industry Data Security Standard) contains a set of requirements to help organisations prevent payment card fraud. But did you know that the same requirements don’t apply universally? In fact, there are four PCI compliance levels, which are determined by the number of transactions the organisation handles each year. Level 1: Merchants that process over 6 million card … [Read more...]

ISO/IEC 27701 and the privacy information management system requirements

ISO/IEC 27701:2019 is the international standard for privacy information management. It is structured in the same way as ISO/IEC 27001 – hence from the establishment of the privacy information management system (PIMS) through to its review and adaptation. There are also sections on performance evaluation and improvement. Addressing the requirements in this order, though, is not a requirement in … [Read more...]