UK insurers say cyber threat is "biggest concern"

Cyber crime is the greatest threat to the UK insurance industry, according to a survey published last week. The annual Banana Skins survey is conducted by PwC and the Centre for the Study of Financial Innovation. A spokesman for PwC explained that insurers' cyber-security fears may be driven by the lack of data available to assess the risk faced by their clients, as well as more immediate concerns over falling victim to hackers.

Information Commissioner investigating 60 nuisance call companies

The UK's Information Commissioner (ICO) is investigating an unprecedented number of companies suspected of making nuisance calls and sending unwanted text messages, it was revealed last week. It follows a recent change in the law under which complainants no longer need to show they have suffered "substantial damage or distress". In the year preceding the change, only six companies were fined for the practice, despite evidence from a Parliamentary Select Committee that up to a billion such calls and texts are made in the UK every year. Since April, the ICO has told three companies they face fines of up to £850,000 for contacting people who have opted out of direct marketing.

Cyber security bill could "sweep away" privacy protections

Cyber security legislation currently making its way through the Senate could pose a threat to privacy, the Department for Homeland Security (DHS) said this week. The Cybersecurity Information Sharing Act (CISA) requires organisations to share cyberthreat data with public agencies. In return they will not face prosecution under privacy and data protection laws should they disclose any personal data. In a letter to a senator who opposes CISA, DHS deputy secretary Alejandro Majorkas objected to the lack of definition of the term "cyberthreat" in the bill. He said that CISA risked "sweeping away important privacy protections and civil liberties".

Windows 10 under fire

Microsoft's new operating system, Windows 10, is facing criticism from users who are unhappy about its use of personal data. Just days after its recent launch, Microsoft received complaints about embedded personalised advertising, which traces the browsing habits of users, and the personal assistant app Cortana, which harvests information such as device location and contacts. It is possible to opt out of these default settings. However, one user quoted in the Guardian newspaper last week said that the company was not making clear to customers the extent of data collection and sharing being conducted.

Google refuses to extend right to be forgotten

Google last week rejected demands from the French privacy watchdog (CNIL) to apply the Right to be forgotten globally. In a blog post, the company's privacy counsel said it would not comply on the basis that the European law deriving from a 2014 European Court ruling (in Google Spain SL v Agencia Espanola de Proteccion de Datos (C-131/12)) did not apply globally. Peter Fleischer called CNIL's request "a troubling development that risks serious chilling effects on the web".

New Irish postcode system raises privacy concerns

Eirecode, a new system of postal codes rolled out across Ireland recently raises significant privacy concerns, experts say. During a privacy assessment of the use of a unique seven-digit reference for each household, experts warned it could mean that personal information could be disclosed to organisations which have not previously had access to it. The Minister for Communications accepted a recommendation that the codes should be treated as sensitive personal data, however the legal status of the codes was not made clear to the public before their launch last month.

Irish Data Commissioner's report released

The Irish Data Protection Commissioner released its 2014 report this week. The report draws attention to the increase in investigations into the activities of private investigators in the insurance sector. It also notes a record number of inquiries due to high public awareness of data protection issues, and a record number of data breach notifications (2,264).