Labour Party "in breach of UK privacy law"

People who joined the UK's Labour Party to vote in its upcoming leadership election were forced to sign up to marketing communications in breach of privacy laws passed by the party when it was in power, according to a data protection blogger. Writing in his 2040 Information law blog this week, Tim Turner said that under the Privacy and Electronic Communication Regulations 2003 (PECR), it was unlawful to require agreement to receive marketing emails and texts as a condition of signing up, even if members were later offered the chance to unsubscribe from communications sent by the individual candidates. He said: "Labour is arrogantly and cynically ignoring legislation that it passed when in government in order to hassle its most active supporters."

Regulator to carry out cyber health-check on UK insurers

UK insurers have been asked to provide information on their cyber-security capabilities as part of a review being carried out by the Prudential Regulation Authority (PRA). The financial watchdog wrote to insurers this week seeking the details together with information on the risk insurers may be exposed to through providing insurance against cyber attacks. The PRA intends to use the data from its survey to gauge the resilience of the UK financial system to cyber attacks.

German data watchdog fines companies over data sale

The Bavarian Data Protection Authority (DPA) has fined two companies involved in an asset sale for arranging to transfer data as part of the transaction. Both the buyer and the seller were ordered to pay undisclosed five-figure sums for breaching German data protection law by failing to seek the consent of customers or informing them of their right to object before transferring email addresses. The DPA also confirmed that the decision, issued late last month, is not appealable.

US Medical records breach spawns two class action law suits

Medical Infomatics Engineering Inc., a company which provides electronic medical records services, is facing two class action suits in the United States. The latest was brought in the Californian Federal Courts last week, alleging among other things that the claimants suffered losses and identity theft following a data breach in May. It follows group litigation brought on behalf of patients in Indiana, who allege the company delayed in notifying the authorities of the data breach. It is thought up to 4 million people may have been affected.

Hackers follow through on threat to leak Ashley Madison data

This week hackers apparently acted on their threat to expose information stolen in a cyber attack on infidelity dating site Ashley Madison. Sensitive personal data belonging to up to 33 million account holders from all over the world – including names, email addresses and sexual preferences – were posted on the dark web in the form of a searchable database. There are reports that some of the leaked email addresses may mask the identity of the account holder, because the site previously did not require members to verify their email addresses.

Chinese court: cookies do not infringe privacy

A Chinese court has ruled that cookies used by the search engine Baidu do not constitute a breach of individual privacy. The case was brought by a woman who claimed she suffered emotional distress after advertising on third-party websites repeatedly targeted her with publicity related to abortion and weight loss, based on information gathered from her browsing history. The Intermediary People's Court in Nanjing said that this information could not be used to identify the user, and consequently it did not represent a breach of privacy, provided the search engine continued to make its privacy policy accessible.

North Korea denies responsibility for hospital systems hack

North Korea denied it was behind a cyber attack on the systems of a university hospital in Seoul, South Korea. Authorities in South Korea said the attack, which was discovered last week, had caused severe disruption but there were no signs that patient records had been stolen. The media reported security officials as saying that the apparent source of the attack was an IP address in North Korea.