Data Protection News Roundup – 25th May 2021

The Data Guardians’ Managing Director and lead consultant Matthew Lamb is a Certified Data Protection Officer and Cyber Risk Management Practitioner. Get in touch with us to ask about how we can help you with your GDPR and Data Protection Act compliance as well as addressing your Cyber Security issues.


Data Breaches

Air India has revealed that personal information from an estimated 4.5 million passengers was leaked in a cyber-attack. The carrier said in a statement that the cybersecurity attack affected its data processor, SITA PSS, and that the breach involved personal data from passengers who registered with Air India between August 26, 2011, and February 3, 2021. Read more here.


Other News

The ICO has fined American Express £90,000 for sending more than four million marketing emails to customers who did not want to receive them. The ICO began investigating when it received complaints from customers who were getting marketing emails despite having opted out from them. Read more here.

The ICO has fined a company £8,000 for sending direct marketing emails to people who provided their personal data for contact tracing purposes. The company sent nearly 84,000 nuisance emails at the height of the Covid-19 pandemic between September and November last year. Read more here.

Research by Egress has revealed that 90% of security leaders are concerned about group legal settlements following a serious data breach, compared to 85% who are worried about regulatory fines. The research also found that 47% of consumers would likely join a class-action lawsuit against an organisation that had leaked their data. Read more here.

Millions of people in the UK were ‘unwittingly tracked’ via their mobile phones as Government scientists gathered data on coronavirus vaccines. One in ten Brits’ data was tracked in February, in an effort to see if vaccinated peoples’ movements changed after their jabs. Read more here.

MEPs have urged the European Commission to revise its draft decision to provide data adequacy to the UK to ensure that citizens in the EU have greater privacy rights. The vote follows opinions from the European Data Protection Board that call for the UK to clarify its position on laws that allow government agencies to collect bulk data, such as phone and internet use. Read more here.

British businesses are being warned that they should urgently consider appointing an EU-based data protection representative, following a decision by the Dutch data protection authority in which a Canadian company that processes the data of EU citizens has been fined for failing to appoint an EU representative which they said is a violation of the GDPR. Read more here.

Don’t miss another news roundup, subscribe to our mailing list and receive a monthly email with essential data protection news and insights. Subscribe here.

Leave a reply

You must be logged in to post a comment.