Companies House breaks data protection laws
A Freedom of Information request has revealed that data protection laws were breached 13 times at Companies House’s headquarters in 2014. Breaches included case correspondence being mistakenly scanned onto the register and a director’s home address made public.
Thousands join campaign to discover if GCHQ has spied on them
The Investigatory Powers Tribunal ruled earlier this month that the Government Communications Headquarters (GCHQ) had collected intelligence illegally. Following this, London-based charity Privacy International has launched a campaign to enable individuals to discover whether they have been spied on by the agency. Participants can submit their name and email address to the charity, which will pass the details to GCHQ and the Tribunal as part of a large-scale inquiry. If participants find they have been spied on, they can request their records to be deleted. In its first 24 hours, 6,000 people signed up to the campaign..
Report reveals 1 billion data records stolen in 2014
A new report by Netherlands-based digital security firm Gemalto has revealed an increase of 78% in the number of data records either lost or stolen in 2014, compared to 2013. This brings the number of data records compromised up to almost 1 billion. 54% of the 1,500 attacks which took place in 2014 were theft of personal data, while less than 4% of the data breach incidents involved encrypted data. This not only confirms that encrypted data is more secure, but it also shows a large number of companies and organisations are not encrypting their users’ data. The UK was named worst country in Europe as to number of breaches (117 breaches last year, compared to 9 in France and 8 in Germany) and second only to the US (which had 1,164 breaches) in the rest of the world.
President Obama signs executive order on cybersecurity
President Obama signed an order to encourage companies to share information about threats to cyber security with the federal government at the White House Summit on Cybersecurity and Consumer Protection. The summit held on 13 February 2015 at Stanford University, brought together technology industry leaders, academics, law enforcement and consumer and privacy advocates. Senior Google, Yahoo and Facebook executives turned down invitations to attend. The summit comes in the wake of the US government’s announcement of the creation of a new cybersecurity agency, the Cyber Threat Intelligence Integration Center (CTIIC), which will aim to produce coordinated cyber threat assessments.
Russian technology firm exposes spying programmes and bank hack
Moscow-based maker of security software Kaspersky Lab has exposed a series of spying programmes based on malicious software lodged deep within hard drives made by top manufacturers. Kaspersky Lab said it found computers infected by the programmes in 30 countries, including Iran, Russia and Pakistan. Targets included government and military institutions, energy companies and media. The firm has not publicly named who is behind the programmes, though it has revealed that the spying campaign is closely linked to Stuxnet, a cyber-weapon led by the US’s National Security Agency. Kaspersky Lab has also uncovered a cyberattack on up to 100 banks and financial institutions worldwide by an international criminal gang known as Carbanak, which could allegedly result in USD 1 billion losses.
Chinese data privacy law at issue in US court
The Macau Personal Data Protection Act (“Macau PDPA”) came up before the Nevada District Court in Sands China Casino’s dispute with its former president, Steven Jacobs, over wrongful termination. District Judge Elizabeth Gonzales had previously ruled that the Macau PDPA, which has the closest approach to the EU’s 1995 Data Protection Directive, could not be used as an objection to disclosure of any documents. To avoid facing potential civil and criminal penalties (including possible imprisonment of the company’s officers), Sands China spent USD 2.4 million in redacting “personal information” from around 2,600 documents the company produced. Judge Gonzales, who had already ordered a USD 25,000 penalty against the company for trying to conceal data, is considering further sanctions.
Australian PM proposes mandatory metadata retention scheme
Australian Prime Minister Tony Abbott has proposed the introduction of a mandatory metadata retention scheme. This would require telecommunication companies to retain customer data (the extent of which is yet to be established) for two years, to enable government agencies to access it without a warrant for the purposes of law enforcement. The cost of the scheme is estimated at AUD 400 million. Abbott insisted the scheme would help authorities in battling fraud, terrorism and child pornography. Concerns have been voiced about the proposed system’s security and its effect on privacy.