Data Protection News Roundup – 24th November 2020

The Data Guardians’ Managing Director and lead consultant Matthew Lamb is a Certified Data Protection Officer and Cyber Risk Management Practitioner. Get in touch with us to ask about how we can help you with your GDPR and Data Protection Act compliance as well as addressing your Cyber Security issues.



British firms face a bill of up to £1.6 billion if Boris Johnson’s government fails to convince the EU to grant an adequacy decision allowing dataflows to continue, according to a new report published on Monday (23 November). Find the report here.


Data Breaches

Manchester United has been hit by a cyber attack as hackers targeted the club’s IT systems. In a statement, they said “The club has taken swift action to contain the attack and is currently working with expert advisers to investigate the incident and minimise the ongoing IT disruption.” Read more here.

The identities of hundreds of families with disabled children have been accidently shared with other parents by Bristol City Council, in a “fundamental breach of trust and data”. The Council sent an email asking for views on a new support service to hundreds of people. The names of all the children and the email addresses of their primary carers were viewable to all recipients. Read more here.

Security researchers recently discovered a massive misconfigured Elasticsearch database that was being used by fraudsters to gain access to the accounts of up to 350,000 Spotify accounts by using login credentials stolen in other data breaches. Read more here.


Other News

According to research by asset disposal service DSA Connect, 26% of those furloughed or made redundant have had to give back electronic devices to work. In 50% of cases these had information such as bank and credit card details, personal passwords, and photos on them. In order to protect personal data, employers should be looking to clean these devices professionally, ensuring all data is wiped from them. Read more here.

The ICO has issued new guidance setting out key considerations when reviewing privacy notices at the end of the Brexit transition period. Whilst the substantive information in existing privacy notices is likely to stay the same, businesses will need to be pro-active in ensuring that their notices are compliant with both the GDPR and UK data protection legislation at the end of the transition period. Read more here.

The Irish arm of WhatsApp has set aside $91.8 million for possible administrative fines arising from long-standing investigations by Ireland’s data regulator into the way the messaging platform shares data with Facebook. Read more here.

The information commissioner has criticised the “antiquated process” that led to Facebook getting hold of Cambridge Analytica’s servers before the UK regulator itself. “We served the warrant on Cambridge Analytica at 11 o’clock at night,” she added. “When we heard that Facebook was going in on its own to audit Cambridge Analytica, we had to act very quickly to get their tanks off our lawn. It was inappropriate for Facebook, because they were involved in the misuse of data, for them to be auditing before a public authority got in there.” Read more here.

Don’t miss another news roundup, subscribe to our mailing list and receive a monthly email with essential data protection news and insights. Subscribe here.

Leave a reply

You must be logged in to post a comment.