The Data Guardians Managing Director and lead consultant Matthew Lamb is a Certified Cyber Risk Management Practitioner. Get in touch with us to ask about how we can help you with your GDPR and Data Protection Act compliance.
Who’s getting it wrong?
Yesterday the ICO announced its intention to fine British Airways £183.39M for infringements of the GDPR. The proposed fine relates to a cyber incident where traffic to the British Airways website was being diverted to a fraudulent site though which customer details were harvested by cyber attackers. Personal data of approximately 500,000 customers were compromised in this incident, which is believed to have begun in June 2018. The ICO’s investigation found that a variety of information was compromised by poor security arrangements at the company, including log in, payment card, and travel booking details as well name and address information. Read more here.
The ICO is investigating the Chinese video sharing app TikTok for how it collects and uses children’s data. Earlier this year the US Federal Trade Commission fined TikTok $5.7m for illegally collecting children’s personal information and failing to notify parents that it gathered and used the personal data of users under the age of 13. Read more here.
Security firm, Symantec, says deepfaked audio is being used to steal millions of pounds. The firm says it has seen three cases of seemingly deepfaked audio of different chief executives used to trick senior financial controllers into transferring cash. Read more here.
Facebook’s method of transferring data from the EU to the US for business purposes is to be challenged in court. Currently, the social network transfers vast amounts of personal data about EU users to servers in the US – everything from people’s names to information about their activity online. The concern is such transfers could be subject to mass surveillance by US intelligence agencies. Read more here.
The Information Commissioner Elizabeth Denham has written a blog post outlining how data protection law applies to live facial recognition technology. She says that any organisation using software that can recognise a face amongst a crowd then scan large databases of people to check for a match in a matter of seconds, is processing personal data. Her blog is likely in response to South Wales Police and the Met Police’s use of live facial recognition in public spaces to identify individuals at risk or those linked to criminal activity. Read more here.
Don’t miss another news roundup, subscribe to our mailing list and receive a monthly email with essential data protection news and insights. Subscribe here.