ICO warns that big data must abide by data protection principles
Its new report, Big Data and Data Protection, sets out how the law applies when big data uses personal information, and emphasises the importance of organisations acting as “responsible custodians of data”. Businesses will be expected to process data fairly and transparently when undertaking big data initiatives, and to take into consideration any potential data protection compliance issues at the outset. Organisations acquiring personal information from third parties for use in such initiatives will be classed as data controllers and should therefore practice increased due diligence.
Home devices easy to hack
HP’s Fortify security division has reviewed ten types of internet-connected device commonly used in homes and found them easy to hack, with eight out of the ten requiring only simple log-ins such as “1234”. The majority of the products also failed to use encryption when downloading updates, leaving them vulnerable to hackers. The products reviewed included devices such as a smart TV, a door lock, a remote power outlet and a garage door mechanism. An additional concern is that such devices also record personal information including name, address, date of birth and even credit card numbers.
Google criticised for handling of “right to privacy” ruling
Google has come under attack from European Union privacy watchdogs for the way it has handled requests from European citizens to remove links to information deemed inadequate, irrelevant or excessive. The search engine has only removed such results from its European websites, meaning the information can still be accessed via google.com. European regulators have not yet decided whether or not to force search engines to eradicate results globally when individuals invoke their “right to be forgotten”. A new House of Lords committee report has criticised the EU’s ruling on the right to be forgotten as “unworkable, unreasonable, and wrong in principle.”
Privacy laws to prevent cancer research
The European Society for Medical Oncology (ESMO) is the latest in a string of scientific bodies to express concern over the proposed EU General Data Protection Regulation. If the changes come into effect the ESMO has warned they will create a “nearly impossible administrative burden” for cancer research projects, and severely hinder their progression. As a solution the ESMO has proposed a “one-time consent” for personal data used for research, with the option for participants to withdraw their consent at any time.
Apple sued over location tracking service
A US class action lawsuit has been filed by a woman named Chen Ma after a Chinese broadcaster raised concerns over the effect of the “Frequent Locations” feature in iOS7 on security. The CCTV report maintained the technology could be used to spy on users. Chen Ma alleges Apple has “intentionally intruded” into her privacy, along with disclosing the data to third parties including the US government.
Obama to use executive authority to regulate drone use
President Obama is intending to use his executive authority to instruct the National Telecommunications and Information Administration (NTIA) to draft privacy guidelines covering the use of commercial drones. Commercial drones are legal under FAA rules but recently there has been pressure from companies such as Amazon to relax regulations. The NTIA plans to involve both businesses and consumer groups to help create some draft rules.
Tor: the beginning of the end?
The Russian Ministry of Internal Affairs has offered RUB 3.9 million (USD 11,000) for technology capable of identifying users of Tor, a network which allows users to surf the “dark net” in anonymity. The competition is solely for Russian citizens and companies but comes just after researchers Alexander Volynkin and Michael McCord from Carnegie Mellon University unexpectedly cancelled a lecture entitled “You Don’t Have to be the NSA to Break Tor: Deanonymising Users on a Budget”, leading to speculations that the network’s anonymity could be in danger. Moreover, a recently disclosed attack on the network may have unmasked users’ identities for up to five months according to developers of the software: the attack has been attributed to Volynkin and McCord.
Chinese reportedly hack Canadian National Research Council
The Canadian government has reported that a “Chinese state-sponsored actor” has breached the IT infrastructure of the National Research Council, a top Canadian government research organisation. The intrusion was confirmed by a Canadian spy agency but the Chinese embassy in Ottawa dismissed the report as a “groundless allegation.” The Council’s computers have been isolated from the government system, although no other government agencies are believed to have been affected.