Here’s a round-up of interesting reading we found online today*;
EasyJet has admitted that a "highly sophisticated cyber-attack" has affected approximately nine million customers. It said email addresses and travel details had been stolen and that 2,208 customers had also had their credit card details "accessed."
Verizon's data breach report highlights how unsecured cloud storage opens door to attacks. Anecdotally, it has been clear for a while that enterprises are often leaving cloud storage repositories open due to oversight or error. Now Verizon's security research shows that the "error" category is on the rise due to better reporting.
Review of CFAA May Impact Analysis in Data Breach Notification Obligations. For the first time, the U.S. Supreme Court has agreed to review the Computer Fraud and Abuse Act (CFAA). A federal circuit split exists on the issue of whether the statute can only be used against hackers and unauthorized users of electronic systems, or also against authorized users who use the information for unauthorized purposes. In the context of data breaches, companies sometimes look to interpretations of the meaning of “authorization” in CFAA cases to analyze whether notification obligations may exist.
UK businesses are spending £1.59 million and 24 person-years annually on processing data subject access requests in compliance with Article 15 of GDPR, according to a new study commissioned by privacy specialist Guardum. Data Subject Access Requests (DSARs) require data controllers to provide data subjects with a copy of their personal data within 30 days or risk a fine of €20 million or four percent of turnover.
Data protection officers (DPOs) are feeling the pressure of the pandemic and are struggling to keep up with compliance obligations during lockdown, research seen by Verdict shows. DPOs also worry that the layoffs made because of the pandemic’s economic fallout will cause a spike in Data Subject Access Requests (DSARs), which are often a precursor to workplace disputes.
Germany's data chief tells ministries WhatsApp is a no-go. Germany's data privacy chief has told federal bodies not to use WhatsApp, amid concerns that it feeds Facebook with data. Ulrich Kelber said it appeared that the government has failed to establish enough safe services.
The European Data Protection Board, the EU’s umbrella organisation overseeing the application of EU data protection rules across the bloc, has voiced its concern over the suspension of EU data protection rights in Hungary.
Microsoft demand Berlin data protection officers take back privacy warnings about Skype and Teams. The Berlin data commissioner has posted warnings that when using Skype and Microsoft Teams, others may be able to listen in to the conversation and Microsoft is not happy.
Equifax, Inc. has agreed to a proposed settlement with a subclass of financial institutions to resolve allegations that it failed to protect the personal data of over 140 million Americans from cyberattack, according to an unopposed motion for preliminary approval filed in the Northern District of Georgia.
*These sites aren’t affiliated with GDPR Community and these aren’t an advertisement, they’re simply site’s we’ve thought the community might have an interest in reading.