Extensive criminal prosecutions under UK’s Data Protection Act revealed
The CPS have confirmed that 714 offences under the Data Protection Act were charged in 2008-2013, of which 654 were for the offence of unlawfully obtaining/disclosing data. The information from the CPS showed that since 2010 there has been a notable decrease in prosecutions, with just 96 in 2013. However, recent years have seen a notable step-up in enforcement from the Information Commissioner’s Office.
European data protection regulators review the Internet of Things
The Article 29 Working Party, a European data protection advisory body, has issued an opinion on the Internet of Things, focussed on wearable technology, eHealth technologies and home automation technologies. Any equipment located in an EU country must comply with European data protection law and so providers of such technologies sold to users located in the EU will need to ensure compliance. The opinion highlights several areas of concern including the lack of control of data between objects and the limitations on the possibility to remain anonymous.
The Italian Data Protection Authority releases first half 2014 results
Results released from the Italian Data Protection Authority (Garante) reveals there have already been 196 inspections, 299 proceedings commenced and approximately EUR 2.5 million issued in fines in the first half of 2014. For the second half of 2014, the Garante has stated that it intends to expand its focus to data processing across a wide range of fields, including medicine, banking and the provision of free public Wi-Fi.
Yelp, a consumer review website, has agreed to settle a fine with the US Federal Trade Commission for its collection of personal information of children in violation of the Children’s Online Privacy Protection Act (COPPA). The violations stem from Yelp’s introduction of its apps in 2009, which allowed anyone to sign up and get full access regardless of age. As well as the USD 450,000 penalty, the settlement requires Yelp to comply with COPPA in the future, and mandates a report to the FTC in a year describing what the company is doing to comply.
50 US government contractors’ systems hacked in under a year
A recent study has found that hackers successfully breached systems run by companies doing contract work for the US Transportation Command (TRANSCOM) at least 50 times between June 2012 and May 2013, in one case, gaining access to systems on-board an American commercial ship. TRANSCOM were made aware of just 2 of these breaches, a “troubling finding” according to the report.
Fraudulent transactions in wake of Home Depot Breach
Attempts to use card information stolen in Home Depot’s data breach have already been observed. Financial institutions have reported that they have seen attempts to empty customers’ accounts and have pledged to step up efforts to block the transactions, with several banks starting to replace all cards potentially affected. Home Depot reported that the cyber- attack is estimated to have put approximately 56 million unique payment cards at risk and have guaranteed customers that they will not be liable for any fraudulent charges.
Brazilian regulators follow up on telecom giant Oi’s USD 1.59 million fine
Brazilian regulators are monitoring the business practices are following the data protections law, after they issued a USD 1.59 million fine to Oi, Brazil’s largest telecommunications company, earlier this year. Oi’s violations related to the company’s partnership with Phorm, a UK-based online advertising company. The two companies developed software to track consumer’s internet practices, generated profiles based on the browsing habits and then sold them to other advertising firms.