Lasting effects of Sony cyber-attack
Following the high profile cyber-attack, as a result of which Sony Pictures has cancelled the release of a comedy on the fictional assassination of North Korea's leader, two ex-employees have already filed a class action against the company, accusing the company of failing to protect employee data. Whilst the data breach is reportedly going to cost the company at least USD 100 million, as the issues surrounding the fall out continue to develop, this marks an unprecedented new direction for cyber hacking and will be closely watched by businesses and governments around the world.
Google faces fines throughout Europe
Data Protection Agencies (DPAs) in six European countries, including the UK and the Netherlands, have opened investigations into Google for its handling of user data since the introduction of company guidelines two years ago. The Dutch DPA has reportedly ordered Google to start seeking consent or face fines of up to €15 million. Meanwhile, Google's French subsidiary has been ordered by the Paris Tribunal de Grande Instance to pay daily fines of €1,000 unless links to a defamatory article are removed from the parent company's entire global network, based on the "right to be forgotten".
Technology companies continue to leave Russia as internet restrictions bite
Following Adobe System's decision to shut down its Russian office, Google is the latest company to announce that it is existing Russia due to growing restrictions on internet freedoms. One such restriction is a law to come into effect next year, which requires foreign firms to store Russian user's personal data on servers located in Russia. While the Russian authorities say it will improve data protection, critics claim that it is designed to make it harder for US companies to operate in the country.
US Congress passes four cyber-security bills
Following a series of votes in the House and Senate last week, the US Congress approved four cyber-security bills, largely focus on the structures and procedures of the federal agencies that supervise national cyber-security. One significant feature is the codification of the National Cybersecurity and Communications Integration Centre, which provides a platform for the government and private sector to share information about cyber threats, incident response and technical assistance.
Hong Kong Privacy Commissioner leads on mobile app privacy regulation
Last week, in a motion initiated by the Hong Kong Privacy Commissioner, 21 privacy enforcement authorities around the world published an open letter to seven of the world's leading app marketplaces, urging them to make app privacy policies available to users prior to downloading. The letter follows a May 2014 study in which 85% of the apps surveyed failed to clearly explain how they were collecting, using and disclosing personal information.
Australian Information Commissioner releases report into FOI processing
Following an investigation open in October in response to negative trends identified in the processing of freedom of information (FOI) requests, the Australian Information Commissioner released an investigation report this week. The Commissioner stated that the focus on improving technical compliance had unintended consequences, inconsistent with pro-disclosure objectives. The investigation made thirteen recommendations to promote a pro-disclosure culture; simplify the FOI experience for customers; and improve administration of the practical refusal process.