EU backs ‘right to be forgotten’
The ECJ has reached its final judgment in a case brought by a Spanish citizen against Google concerning a complaint to the Spanish data protection agency. Mario Costeja González contended that hyperlinks to an old notice auctioning his repossessed home appearing on Google search results infringed both his privacy and his dignity. The court ruled that individuals can demand the removal of links to “inadequate, irrelevant or no longer relevant” personal data. The decision marks a huge blow to US internet companies over European privacy standards and a move towards enforcing “a right to be forgotten”. It is also the first time Google has been forced to remove a link to information legally published elsewhere.
Snapchat settles privacy complaint
The FTC alleged that Snapchat “deceived consumers with promises about the disappearing nature of messages” after discovering a catalogue of inadequate security issues. Amongst other flaws, the FTC found that Snapchat stored videos on the recipient’s smartphone which could be accessed by connecting it to a PC. Hackers were able to collect the data of 4.6 million Snapchat users and subsequently posted their usernames and phone numbers online. In settlement of the privacy complaint Snapchat has admitted that the “disappearing” messages were not as transient as advertised and has agreed to its privacy practices being audited for the next 20 years.
GCHQ accused of hacking mobile devices
Privacy International has filed a legal complaint in the UK’s Investigatory Powers Tribunal against the UK’s intelligence group GCHQ, accusing it of working with the NSA to unlawfully infect millions of PCs and mobile devices with snooping software. The software allegedly installed would allow GCHQ to obtain content from the devices, switch on users’ microphones or cameras, listen to their phone calls and track their locations. Privacy International claims that the conduct of GCHQ and the NSA is unlawful and must be halted immediately, given that the bodies have no clear lawful authority to conduct hacking. The complaint marks the first UK challenge to the use of hacking tools by intelligence services.
SEC cyber security initiative announced
The US Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) has issued a National Exam Program Risk Alert entitled ‘OCIE Cybersecurity Initiative’, in which it announced its plans to conduct examinations of more than 50 (of approximately 15,000) registered broker-dealers and investment advisers. It is unclear of the nature of the firms that OCIE intends to examine, although it is suspected that the sample is designed to elicit information about how firms of different sizes and complexity approach cyber security. Accordingly, registered broker-dealers and investment advisers should review the risk alert and begin preparations for a potential OCIE examination.
Microsoft releases latest cyber security report
Published twice a year to help the cyber security community understand the threats posed by cyber criminals, Microsoft’s latest report reveals a 70% decline in the number of severe vulnerabilities exploited in Microsoft products between 2010 and 2013. However the data also indicates that cyber criminals are using increasingly deceptive tactics in their attempts to compromise computer systems. It revealed that in the last quarter of 2013 the number of computers impacted by deceptive tactics more than tripled. Finland, along with Denmark, Sweden, Norway and Japan were reported as the 5 countries with the lowest malware encounter rates.
New York banks face cyber security scrutiny
Plans have been unveiled for the Department of Financial Services (DFS) to conduct new cybersecurity assessments over New York’s banks. The decision comes after the DFS published a report on cyber security in the banking sector which has seen a steep rise in attacks over previous years. The latest assessments will include questioning over IT management and governance, incident response and disaster recovery. The assessments seek to ensure that financial institutions are better safeguarded from attacks and that personal bank records are secured from potential breaches.
ICO warns of privacy risks
British people’s privacy is being endangered due to the failure of organisations to provide rudimentary security measures. The ICO has warned that missed software updates and poor password management is leading to the same breaches being repeated. The warning emphasises the need for companies to take basic steps to make cyber attacks more difficult for prospective hackers. Out of date software is a reoccurring issue with the need to remedy this security flaw becoming more urgent since Microsoft stopped supporting its Windows XP operating system in April.