Scottish Referendum: Question asked about compliance with privacy regulation
Concerns have been raised questioning if all of the Scottish referendum campaign groups complied with the Privacy and Electronic Communications Regulations and in particular electronic marketing rules. The Regulations cover text messages, calls and emails and stipulate that companies must acquire consent before sending marketing messages. The ICO published updated guidance in March to help organisations to comply with the Data Protection Act and the Regulations after signs that campaign groups were flouting the rules.
Restrictions on publicising UK government cyber-security work to be lifted
A ‘cyber security supplier to government scheme’ supported by the Department for Business, Innovation and Skills will loosen restrictions currently in place which prevent cyber security suppliers from publicising their work with the UK government. The scheme, developed at industry’s request to be able to reference their government work when pursuing business overseas for example. Companies will also be able to use the government’s logo in marketing material and appear on a public list of cyber suppliers to government on the government’s website.
JPMorgan Chase confirm cyber-attack
JPMorgan Chase & Co have confirmed that it suffered a cyber-attack earlier this year, detected in late July, but allegedly began in June. During these two months, it has been reported that the hackers were able to review information of about 1 million customer accounts but not able to gain access to account holders’ financial information. A spokesperson has stated that JPMorgan Chase has “not seen any unusual fraud activity” since the breach was discovered but confirmed that customers will not be liable for unauthorised transactions on their account provided they promptly alerted the bank.
Saks credit card fraud not a cyber-breach
The USD 400,000 shopping spree perpetrated by six employees at Saks Fifth Avenue in New York is not a cyber- breach. The employees have now been charged for their role in the scam which involved the theft of customer credit card details from the retailer’s computers to buy goods.
Russia’s new data protection law could come into effect on January
In July, Russia’s President, Vladimir Putin, signed a personal data storage law requiring foreign online vendors and social networking sites to store Russians’ personal data only in Russia. This would require the foreign companies, such as Facebook and Twitter, to open offices in Russia in order to be able to operate there. Originally the law was to take effect in September 2016 but a bill has been recently submitted to the State Duma proposing that it take effect on 1 January 2015.
App developers asking for privacy rules clarification
Amid fears that health apps in particular represent an increased privacy risk, developers of mobile phone apps have asked US agencies to clarify its rules for protecting patient health information. Apps that provide data to doctors and other health care professionals, such as AirStrip, are particularly concerned about privacy and security. Morgan Reed, executive director of the App Association, representing 5,000 mobile app companies, stated that start-ups and large companies alike, including Apple and Samsung, are looking for clarity on how sensitive health data is to be stored and shared. This comes as many apps have been criticised for privacy lapses.