October is Cyber Security Month
Both the EU and the US have designated October as Cyber Security Month. Administered by the Department of Homeland Security in the US and ENISA in the EU, both organisations have chosen this year’s theme to be “Our Shared Responsibility”. The aim of Cyber Security Month is to promote cyber security among citizens, to change their perception of cyber-threats and to provide up to date security information, through education and sharing good practices.
ICO continues clampdown on nuisance calls
The Information Commissioner’s Office (ICO) issued a GBP 70,000 fine to EMC Advisory Services Limited, a Devon marketing firm, responsible for hundreds of nuisance calls. 630 complaints to the ICO were lodged against the company who used third-party companies to make calls on their behalf but failed to make sure that people, who had previously asked not to be contacted, weren’t being called. This latest fine takes the value of the penalties served by the ICO on companies making live nuisance calls to over GBP 500,000.
NHS data to be gathered despite privacy concerns
Health officials will launch a pilot scheme involving 265 GP surgeries and 1.7 million patients where confidential medical information (including date of birth, NHS number and postcode, but not the patient name) will be stored on a central database. NHS England consider that the data will enable researchers to monitor illnesses and their causes, as well as identifying instances of poor care. The scheme has been delayed due to opposition from senior MPs and privacy campaigners. Although the NHS has insisted that safeguards will ensure that the data is kept securely, experts say these safeguards are unclear and remain concerned with the NHS’s poor track record with patient data.
Google handed guidelines on EU data privacy
European data privacy regulators handed Google a package of guidelines to aid the search engine to bring the way it gathers and stores user data in line with EU law, following investigations being opened by six European regulators. The information, sent by the Article 29 Working Party, a group of European data protection authorities, includes a list of measures which should be implemented by Google. Measures include spelling out clearly the purposes for which it collects user data and how third party entities would be able to collect people’s information.
76 million households affected in JPMorgan Data Breach
It has been revealed that hackers in the cyber-attack on JPMorgan Chase, discovered in August, targeted 90 servers across the bank’s computer network and managed to access personal data for more than 83 million customers, including 76 million households and 7 million small-businesses. The bank, however, will not personally alert the individuals affected. It is reported that the hackers targeted personal data about customers, rather than financial or account information, and so far there have been no reports of fraudulent use of customers’ data. The same hackers have reportedly also targeted nine, as yet unnamed, financial institutions; their goal remains unclear.
Home Depot hit with multiple lawsuits
At least 4 lawsuits have already been filed against Home Depot across the US and Canada following its data breach announced in September. One of the claims lodged is a class action lawsuit filed in California on behalf of all customers whose personal information was compromised. The lawsuits include allegations that Home Depot failed to take reasonable security measures to adequately protect its customers’ personal data and that the retailer failed to notify customers in a timely manner about the data breach.