Scottish Referendum: Question asked about compliance with privacy regulation

Concerns have been raised questioning if all of the Scottish referendum campaign groups complied  with the Privacy and Electronic Communications Regulations and in particular electronic marketing  rules. The Regulations cover text messages, calls and emails and stipulate that companies must  acquire consent before sending marketing messages. The ICO published updated guidance in March to  help organisations to comply with the Data Protection Act and the Regulations after signs that  campaign groups were flouting the rules.

Restrictions on publicising UK government cyber-security work to be lifted

A ‘cyber security supplier to government scheme’ supported by the Department for Business,  Innovation and Skills will loosen restrictions currently in place which prevent cyber security  suppliers from publicising their work with the UK government. The scheme, developed at industry’s request to be able to  reference their government work when pursuing business overseas for example. Companies will also be  able to use the government’s logo in marketing material and appear on a public list of cyber  suppliers to government on the government’s website.

JPMorgan Chase confirm cyber-attack

JPMorgan Chase & Co have confirmed that it suffered a cyber-attack earlier this year, detected in  late July, but allegedly began in June. During these two months, it has been reported that the  hackers were able to review information of about 1 million customer accounts but not able to gain  access to account holders’ financial information. A spokesperson has stated that JPMorgan Chase has  “not seen any unusual fraud activity” since the breach was discovered but confirmed that customers  will not be liable for unauthorised transactions on their account provided they promptly alerted  the bank.

Saks credit card fraud not a cyber-breach

The USD 400,000 shopping spree perpetrated by six employees at Saks Fifth Avenue in New York is not  a cyber- breach. The employees have now been charged for their role in the scam which involved the  theft of customer credit card details from the retailer’s computers to buy goods.

Russia’s new data protection law could come into effect on January

In July, Russia’s President, Vladimir Putin, signed a personal data storage law requiring foreign  online vendors and social networking sites to store Russians’ personal data only in Russia. This  would require the foreign companies, such as Facebook and Twitter, to open offices in Russia in  order to be able to operate there. Originally the law was to take effect in September 2016 but a  bill has been recently submitted to the State Duma proposing that it take effect on 1 January 2015.

App developers asking for privacy rules clarification

Amid fears that health apps in particular represent an increased privacy risk, developers of mobile  phone apps have asked US agencies to clarify its rules for protecting patient health information.  Apps that provide data to doctors and other health care professionals, such as AirStrip, are  particularly concerned about  privacy and security. Morgan Reed, executive director of the App  Association, representing 5,000 mobile app companies, stated that start-ups and large companies  alike, including Apple and Samsung, are looking for clarity on how sensitive health data is to be  stored and shared. This comes as many apps have been criticised for privacy lapses.