ICO warns that big data must abide by data protection principles

Its new report, Big Data and Data Protection, sets out how the law applies when big data uses personal information, and emphasises  the importance of organisations acting as “responsible custodians of data”. Businesses will be expected to process data fairly and  transparently when undertaking big data initiatives, and to take into consideration any potential data protection compliance issues  at the outset. Organisations acquiring personal information from third parties for use in such initiatives will be classed as data  controllers and should therefore practice increased due diligence.

Home devices easy to hack

HP’s Fortify security division has reviewed ten types of internet-connected device commonly used in homes and found them easy to  hack, with eight out of the ten requiring only simple log-ins such as “1234”. The majority of the products also failed to use encryption  when downloading updates, leaving them vulnerable to hackers. The products reviewed included devices such as a smart TV, a door  lock, a remote power outlet and a garage door mechanism. An additional concern is that such devices also record personal information  including name, address, date of birth and even credit card numbers.

Google criticised for handling of “right to privacy” ruling

Google has come under attack from European Union privacy watchdogs for the way it has handled requests from European citizens  to remove links to information deemed inadequate, irrelevant or excessive. The search engine has only removed such results from its  European websites, meaning the information can still be accessed via google.com. European regulators have not yet decided whether  or not to force search engines to eradicate results globally when individuals invoke their “right to be forgotten”. A new House of Lords  committee report has criticised the EU’s ruling on the right to be forgotten as “unworkable, unreasonable, and wrong in principle.”

Privacy laws to prevent cancer research

The European Society for Medical Oncology (ESMO) is the latest in a string of scientific bodies to express concern over the proposed  EU General Data Protection Regulation. If the changes come into effect the ESMO has warned they will create a “nearly impossible  administrative burden” for cancer research projects, and severely hinder their progression. As a solution the ESMO has proposed a  “one-time consent” for personal data used for research, with the option for participants to withdraw their consent at any time.

Apple sued over location tracking service

A US class action lawsuit has been filed by a woman named Chen Ma after a Chinese broadcaster raised concerns over the effect of the  “Frequent Locations” feature in iOS7 on security. The CCTV report maintained the technology could be used to spy on users. Chen Ma alleges  Apple has “intentionally intruded” into her privacy, along with disclosing the data to third parties including the US government.

Obama to use executive authority to regulate drone use

President Obama is intending to use his executive authority to instruct the National Telecommunications and Information  Administration (NTIA) to draft privacy guidelines covering the use of commercial drones. Commercial drones are legal under FAA rules  but recently there has been pressure from companies such as Amazon to relax regulations. The NTIA plans to involve both businesses  and consumer groups to help create some draft rules.

Tor: the beginning of the end?

The Russian Ministry of Internal Affairs has offered RUB 3.9 million (USD 11,000) for technology capable of identifying users of Tor,  a network which allows users to surf the “dark net” in anonymity. The competition is solely for Russian citizens and companies but  comes just after researchers Alexander Volynkin and Michael McCord from Carnegie Mellon University unexpectedly cancelled a  lecture entitled “You Don’t Have to be the NSA to Break Tor: Deanonymising Users on a Budget”, leading to speculations that the  network’s anonymity could be in danger. Moreover, a recently disclosed attack on the network may have unmasked users’ identities for  up to five months according to developers of the software: the attack has been attributed to Volynkin and McCord.

Chinese reportedly hack Canadian National Research Council

The Canadian government has reported that a “Chinese state-sponsored actor” has breached the IT infrastructure of the National  Research Council, a top Canadian government research organisation. The intrusion was confirmed by a Canadian spy agency but the  Chinese embassy in Ottawa dismissed the report as a “groundless allegation.” The Council’s computers have been isolated from the  government system, although no other government agencies are believed to have been affected.