Data Protection News Roundup – 28th April 2020

The Data Guardians Managing Director and lead consultant Matthew Lamb is a Certified Cyber Risk Management Practitioner. Get in touch with us to ask about how we can help you with your GDPR and Data Protection Act compliance.


Coronavirus Response

The NHS has begun testing its app designed to trace the spread of the coronavirus outbreak. The app is expected to be available in a “matter of weeks”. On the matter of privacy NHSX Chief Executive said “we have prioritised security and privacy in all stages of the app’s development, starting with the initial design, and user testing… as part of our commitment to transparency, we will be publishing the key security and privacy designs alongside the source code so privacy experts can ‘look under the bonnet’ and help us ensure the security is absolutely world class.” Read more here.

In response to the NHS app the ICO released a statement saying that it has been working with NHSX to help them ensure a high level of transparency and governance. Read more here.


Data Breaches

Robert Dyas has been the subject of a card-skimming operation where malware was discovered on the company’s website. The card-skimming malware was operational for 23 days between 7th March and 30th March. Read more here.

According to a Sky news report, hackers accessed the University of Warwick’s administrative network in 2019 in an attack which it kept secret from the affected individuals and organisations. The security incident occurred when a staff member installed remote-viewing software enabling hackers to steal sensitive personal information on students, staff and even volunteers taking part in research studies. Read more here.

Nintendo has announced that its account system has suffered a privacy breach affecting up to 160,000 people. Its statement said that there is currently no evidence pointing towards a breach of Nintendo’s databases, servers or services suggesting that the data was obtained elsewhere. Read more here.

Millions of records belonging to users of fitness technology app, Kinomap, were exposed online for almost a month due to a misconfigured database. The 42 million exposed records affected the platform’s entire user base. Read more here.

The Covid-19 alert app developed in the Netherlands has suffered a data breach after its source code was published online for the purpose of government shortlisting. The breach resulted in around 200 names, email addresses and hashed user passwords from another project being exposed. Read more here.


Other News

The Supreme Court has made a landmark judgement that the previous Home Secretary Sajid Javid breached UK data protection laws when he shared witness statements to assist US law enforcement in terrorist investigations without assurances the death penalty would not be used. This is the first time the UK Data Protection Act has been directly considered by the Supreme Court. Read more here.

Privacy-focused web browser, Brave, has made a complaint to the European Commission that governments across Europe have failed to give data protection agencies “the human and financial resources necessary to perform their tasks” leaving them “toothless”. Brave’s chief policy office said “if the GDPR is at risk of failing, the fault lies with national governments, not with the data protection authorities”. Read more here.

Don’t miss another news roundup, subscribe to our mailing list and receive a monthly email with essential data protection news and insights. Subscribe here.

Leave a reply

You must be logged in to post a comment.