Uber hides US driver data breach

It has been revealed that Uber, the app-based taxi service, hid a security breach that may have affected approximately 50,000 of its US drivers for several months. In a blog on Uber’s website, the company said that the breach occurred on 13 May 2014, and was not discovered until 17 September; however, drivers have only recently been notified. Uber said that there have been no reports so far of the information being used for fraudulent purposes.

Obama releases Draft Consumer Privacy Bill of Rights Act

Last Friday, the White House released its draft Consumer Privacy Bill of Rights Act, following President Obama’s announcement that cyber security would be a priority of the administration. The Act broadly tracks the language of a 2012 draft and covers any "person that collects, creates, processes, retains, uses, or discloses personal data". The proposal has been criticised for giving people too little control over their data and companies too much power to use consumers’ information.

US establishes new agency to collect cyber security intelligence

Last week, President Obama instructed the Director of National Intelligence to establish the Cyber Threat Intelligence Integration Center (CTIIC). The CTIIC combines intelligence from various sources, including the FBI, CIA and NSA to provide "a cross-agency view of foreign cyber threats, their severity, and potential attribution".

European Data Protection Supervisor announces its 4 year strategy

The European Data Protection Supervisor (EDPS), an independent supervisory authority devoted to protecting personal data and privacy in EU institutions, released its 2015-2019 strategy this week. The EDPS outlined three main strategic objectives: (i) the digitalisation of data protection; (ii) forging global partnerships; and (iii) adopting and implementing new data protection rules. Special attention will be given to the challenges of cloud computing, big data analytics, the internet of things and techniques for electronic mass surveillance.

Russia plans to increase data protection violation fines

Last week, the Russian State Duma adopted a draft law proposing amendments to the Russian Code on Administrative Offences. The draft law introduced a differentiation of the types of offences for violating Russian data protection laws and increased the amount of fines imposed. It should be noted that the draft law does not include a fine for violating Russia’s controversial new Data Localisation Law, but it is thought that this could be modified at a later stage.

China to implement new personal data protection rules

China’s State Administration for Industry and Commerce (SAIC) is to implement the new Measures for Penalties for Infringing upon the Rights and Interests of Consumers. The Measures will be effective as of 15 March 2015. The Measures clarify obligations with respect to corporate handling of personal data and define for the first time what constitutes personal consumer information.

Japanese infrastructure entities to get cyber security cooperation requests

The Japanese government will ask 48 entities in charge of key portions of infrastructure to help it counter cyber threats. The 48 entities were designated by the basic law on cyber security, enacted last November, and include telephone companies, operators of highways and railways and banks. The government is preparing for growing cyber security threats ahead of the 2020 Olympic Games which will be held in Tokyo.