October is Cyber Security Month

Both the EU and the US have designated October as Cyber Security Month. Administered by the  Department of Homeland Security in the US and ENISA in the EU, both organisations have chosen this  year’s theme to be “Our Shared Responsibility”. The aim of Cyber Security Month is to promote cyber  security among citizens, to change their perception of cyber-threats and to provide up to date  security information, through education and sharing good practices.

ICO continues clampdown on nuisance calls

The Information Commissioner’s Office (ICO) issued a GBP 70,000 fine to EMC Advisory Services  Limited, a Devon marketing firm, responsible for hundreds of nuisance calls. 630 complaints to the  ICO were lodged against the company who used third-party companies to make calls on their behalf  but failed to make sure that people, who had previously asked not to be contacted, weren’t being  called. This latest fine takes the value of the penalties served by the ICO on companies making  live nuisance calls to over GBP 500,000.

NHS data to be gathered despite privacy concerns

Health officials will launch a pilot scheme involving 265 GP surgeries and 1.7 million patients  where confidential medical information (including date of birth, NHS number and postcode, but not  the patient name) will be stored on a central database. NHS England consider that the data will  enable researchers to monitor illnesses and their causes, as well as identifying instances of poor  care. The scheme has been delayed due to opposition from senior MPs and privacy campaigners.  Although the NHS has insisted that safeguards will ensure that the data is kept securely, experts  say these safeguards are unclear and remain concerned with the NHS’s poor track record with patient  data.

Google handed guidelines on EU data privacy

European data privacy regulators handed Google a package of guidelines to aid the search engine to  bring the way it gathers and stores user data in line with EU law, following investigations being  opened by six European regulators. The information, sent by the Article 29 Working Party, a group  of European data protection authorities, includes a list of measures which should be implemented by  Google. Measures include spelling out clearly the purposes for which it collects user data and how  third party entities would be able to collect people’s information.

76 million households affected in JPMorgan Data Breach

It has been revealed that hackers in the cyber-attack on JPMorgan Chase, discovered in August,  targeted 90 servers across the bank’s computer network and managed to access personal data for more  than 83 million customers, including 76 million households and 7 million small-businesses. The  bank, however, will not personally alert the individuals affected. It is reported that the hackers  targeted personal data about customers, rather than financial or account information, and so far  there have been no reports of fraudulent use of customers’ data. The same hackers have reportedly  also targeted nine, as yet unnamed, financial institutions; their goal remains unclear.

Home Depot hit with multiple lawsuits

At least 4 lawsuits have already been filed against Home Depot across the US and Canada following  its data breach announced in September. One of the claims lodged is a class action lawsuit filed in  California on behalf of all customers whose personal information was compromised. The lawsuits  include allegations that Home Depot failed to take reasonable security measures to adequately  protect its customers’ personal data and that the retailer failed to notify customers in a timely manner about the data breach.