The Data Guardians Managing Director and lead consultant Matthew Lamb is a Certified Cyber Risk Management Practitioner. Get in touch with us to ask about how we can help you with your GDPR and Data Protection Act compliance.
A cross-party committee of MPs has published a report urging the age at which children can legally consent to having their personal data processed to be raised from 13 to 16. The committee said it was “completely inappropriate” to use consent when it comes to processing children’s data, when many adults struggle to understand complex consent agreements. Read more here.
An independent ethical advice group has raised concerns about the Home Office’s £842m Biometrics programme, which will store millions of people’s highly sensitive biometric data including DNA, fingerprints and faces, due to go live next year. Read more here.
Michel Barnier, chief Brexit negotiator at the European Commission, has said that collaboration between the UK and EU in the post-Brexit era will be essential for cyber security. He said “our new partnership should include the exchange of information on cyber incidents, attackers’ techniques, threat analysis and best practice, including when those target the correct functioning of democratic systems”. Barnier said. “Crucially, we need to have capacity to respond jointly to such attacks.” Read more here.
The Labour Party says it experienced a ‘sophisticated and large-scale cyber attack’ by hackers on its digital platforms. The attack has been reported to the National Cyber Security Centre but a Party spokeswoman said the attack ‘failed’ because of their robust security systems. Read more here.
Who’s getting it wrong?
According to a Freedom of Information request one UK police staffer is disciplined every three days for breaking data protection rules or otherwise misusing IT systems. In the last two years, 237 officers and admin staff have been disciplined for a variety of offences including taking pictures of screens showing police databases and sharing them online, accessing data relating to civil cases that staff were involved in, and misusing social media. Read more here.
Cyber-security company Trend Micro says the personal data of thousands of its customers has been exposed by a rogue member of staff. The company says an employee sold information from its customer support database, including names and phone numbers, to a third party. It believes 70,000 of its 12 million customers have been affected. Read more here.
The University of Hertfordshire’s Creative Arts school accidently shared the personal details of about 2,000 students in an email promoting a lecture. The email included an attachment with the recipients’ names and email addresses. Read more here.
According to the 2019 Mid-Year QuickView Data Breach Report, the first half of 2019 saw 3,813 data breaches involving 4.1 billion records. The majority of those records — 3.2 billion, or nearly 75% — were exposed in just eight mega-breaches. Email data was exposed in 70% of the breaches, and passwords in another 65%. Read more here.
Morrisons has told the Supreme Court in London that it is not liable for a data breach back in 2014 where a disgruntled employee obtained the names, addresses, bank account details and salaries of 100,000 employees and posted them online. Morrisons is seeking to overturn a Court of Appeal ruling in 2018 that supported a lawsuit of 5,518 current and former employees. Read more here.
Don’t miss another news roundup, subscribe to our mailing list and receive a monthly email with essential data protection news and insights. Subscribe here.