The Government has issued The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 to ensure that the UK data protection legal framework continues to function correctly after Brexit. It will ensure the continuation of data protection law in the event of a no-deal Brexit. Read it here.
Lord Goodlad tabled a question on the outcome of negotiations with the EU about the relationship between the ICO and the European Data Protection Board after the UK leaves the EU. Lord Ashton of Hyde responded on behalf of the government and said the White Paper ‘The Future Relationship Between the United Kingdom and the European Union’ sets out the future relationship. Read more here.
Who’s getting it wrong?
A hacker has stolen the personal data of 7.6 million users of the browser-based game the ‘Town of Salem’ by BlankMediaGames. The hack came to light after someone sent a copy of the stolen data to DeHashed, a commercial data breach indexing service, who then contacted the game maker to alert them of the hack and their compromised server. Read more here.
Singapore Airlines has suffered a data breach affecting 285 customers including seven whose passport details were exposed. The cause of the breach is being reported as a software bug which occurred when changes were made to its website. The vulnerability was fixed around ten hours after it first occurred and it is thought that no details were accessed. Read more here.
Marriott International has revised its initial disclosure that 500 million people were affected in its November 2018 data breach down to 383 million. Read more here.
The ICO has opened an investigation into potential excessive use of victims’ personal information in cases of rape and serious sexual assault, after receiving numerous complaints. Deputy Commissioner James Dipple-Johnson said the case was very complex: “We will be working closely with police forces, prosecuting authorities, victims and their representatives and other stakeholders across the UK to ensure that we consider all the facts. Our focus is to understand whether the law is being followed, to provide clarity and offer advice on any improvements that need to be made,”he said. The ICO will be reporting on its findings soon. Read more here.
The ICO has begun formal enforcement action against care homes that have failed to pay the data protection fee. The data protection regulator has sent notices of its intent to fine the businesses unless they pay, and those that don’t could face a maximum fine of £600. Read more here.
Washington DC’s top prosecutor is suing Facebook in the first significant US move to punish the firm for its role in the Cambridge Analytica scandal. District of Columbia Attorney General Karl Racine’s lawsuit accuses Facebook of allowing the wholesale scraping of personal data on tens of millions of users. Read more here.
In Germany, sensitive data belonging to hundreds of German politicians, celebrities and public figures has been published online via a Twitter account. The data included personal phone numbers and addresses, internal party documents, credit card details and private chats. A government spokeswoman has said the leaks affect politicians of all levels including those in the European, national and regional parliaments and that they are taking the incident very seriously. Read more here.