26/05/20 GDPR Community Round-Up

Here’s a round-up of interesting reading we found online today*;

• Historical Institutional Abuse: Brendan McAllister 'will not resign' over a data breach. Northern Ireland's interim victims advocate has said he will not resign despite a lawyer for abuse victims saying there was no longer trust in him following a data breach.

• An apology from Northern Ireland abuse victims' advocate Brendan McAllister for a serious data breach at his office does not go far enough, it has been claimed. While other victims have said they retain their confidence in Mr McAllister, who said he won't be standing down, Margaret McGuckin from the Survivors of Institutional Abuse (Savia) group said he must go further than saying sorry.

• Interesting read, "Top Ten: Things Learned from Two Years of GDPR".

• GDPR at Two: Critics Slam Patchy Enforcement, Sluggish Investigations. 24 months after the law was introduced on May 25, 2018, critics say enforcement is deeply patchy, with Ireland’s Data Protection Commission (DPC) — the authority that supervises many US tech giants’ EU operations — yet to issue a single GDPR fine against the private sector.

• UK businesses reported 2,629 security incidents to ICO in Q4. The Information Commissioner's Office has reported a 19% dip in the number of reported security incidents during Q4 2019-20 compared to the same period last year. UK Data Breach Reports Decline. As GDPR Hits Second Anniversary, Regional Reporting Variations Continue.

• News from the Guardian, "The PM told Australians in April the contact tracing app was key to getting back to normal but just one person has been identified using its data. How did the Covidsafe app go from being vital to almost irrelevant?"

• Europe's landmark privacy rules must be overhauled to ensure proper enforcement and protection of people's rights, Johannes Caspar, a leading German regulator, said ahead of the law's two-year anniversary. Failure to enforce the rules against big companies and a lack of cooperation between regulators have fundamentally undermined the GDPR, the head of Hamburg's data protection authority told POLITICO. "I'm completely critical of the enforcement structure of the GDPR," said Caspar, whose office is in charge of overseeing the German activities of several Silicon Valley firms. "The whole system doesn't work."

• Privacy activist Max Schrems called on the European authorities to push the Irish regulator to speed up it's handling of cases he has brought against Facebook on the second anniversary of the introduction of rules designed to help protect the data of consumers. Schrems, long a thorn in the side of Facebook, bemoaned the lack of progress since the introduction of the GDPR in 2018.

• Update from Advanced Info Service (AIS), the top mobile operator by subscriber numbers, has insisted no personal information from customers was leaked during a scheduled test earlier this month -- only non-critical information was exposed online as reported by foreign media. The website techcrunch.com broke a story on Monday about AIS's database of 8 billion internet records that were left open on the internet without a password earlier this month. The website indicated the database was later secured following an alert to Thai authorities.

• Crypto hardware wallet maker Trezor has squashed the recent claims of their users’ leaked data, calling it a hoax. A hacker recently claimed to have stolen personal data of the users of three major hardware wallets – Ledger, Trezor, and Shapeshift’s KeepKey.

• Quidd, an online marketplace for trading stickers, cards, toys, and other collectables, has suffered a data breach and the details of 4 million users have been exposed.

• ICC has today launched the ICC AOKpass Declaration on COVID-19 Health Data Protection. Launched on GDPR Day – in celebration of the landmark data privacy protection laws in the European Union – the Declaration signals a bold vision for a post-COVID-19 world, working together for recovery, prosperity and the upholding of health data protection as a basic human right.

• China is poised to enshrine individuals’ rights to privacy and personal data for the first time, a symbolic first step as more of the country of 1.4 billion people becomes digitised - and more vulnerable to leaks and hacks.

• Samsung Elevates Data Protection for Mobile Devices with New Security Chip Solution. The new EAL 6+ certified-SE chip and dedicated software is a standalone security solution for mobile devices and other applications.

• Data Protection In Nigeria - The Role Of A Data Protection Compliance Organisation.

*These sites aren’t affiliated with GDPR Community and these aren’t an advertisement, they’re simply site’s we’ve thought the community might have an interest in reading.