ABC's of Privacy This Week - April 29, 2020

Applause

• EDPB adopts COVID-19 guidance on health data processing and Geo-location

According to recent reports, the European Data Protection Board has released guidelines on health data processing for research purposes and using Geo-location and other tracking mechanisms to combat COVID-19.The guidelines address the legal basis for processing, cross-border data transfers, safeguards for data subject rights, and more. With the Geo-location and tracking guidance, the EDPB has clearly stated the acceptable purposes for using location data or contact tracing while urging considerations for the effectiveness, necessity, and proportionality principles.

For more info: https://edpb.europa.eu/news/news/2020/european-data-protection-board-twenty-third-plenary-session-edpb-adopts-further-covid_en

• OAIC offers a toolkit for Privacy Awareness Week

The office of the Australian Information Commissioner has developed a toolkit that organizations can use to show their unabashed support for privacy during the Privacy Awareness Week, taking place from the 4th of May 2020 to the 10th of May 2020.The toolkit includes downloads for social media and email signatures, as well as internal communications employers can share about PAW. This year’s theme is “Reboot your privacy.”

For more info: https://iapp.org/media/pdf/resource_center/paw_2020_supporter_toolkit.pdf

• App developer, treatment centers websites comply with DAA best practices

The Digital Advertising Accountability Program has reportedly brought app developer Mammoth Media and the Recovery Centers of America into full compliance with the Digital Advertising Alliance’sAlliance’s best practices for privacy and interest-based advertising.

Mammoth has substantially modified its app and privacy policy to comply with DAA Principles, including a link to opt-out of personal advertising on mobile apps.Mammoth has since updated its website with information about third-party data collection for interest-based advertising.

For more info: https://bbbprograms.org/media/details/privacy-group-brings-app-publisher-and-website-of-health-treatment-centers-into-compliance-with-best-practices

Data Breaches

• Nintendo reports unauthorized login affecting 160K users

Nintendo, a popular video game company, in a post on their website, said an impersonation of its “Nintendo Network ID” resulted in “an illegal login” to approximately 160,000 Nintendo accounts.

The company revealed that superusers’ nickname, birth date, country/region, and email address might have been viewed by a third-party. Nintendo stopped login abilities through the Nintendo Network ID and reset passwords for NNID; they also informed that accounts that may have been affected.

For more info: https://www.nintendo.co.jp/support/information/2020/0424.html

• Data breach may have exposed emergency loan Applicants’ personal information

According to the Washington Post, a data breach may have exposed the personal information of nearly 8,000 U.S. Small Business Administration emergency loan applicants to other applicants.The breach was discovered on the 25th of March 2020 and has reportedly lasted for an unknown amount of time. Affected personal information may include names, Social Security numbers, addresses, birthdates, and email addresses.

For more info: https://www.washingtonpost.com/business/2020/04/21/sba-data-loan-small-business/

Current News

• Settlement over Banner Health 2016 data breach approved for $8.9 million

According to Health IT Security, the non-profit health system Banner Health is expected to improve its information security program and pay up to $8.9 million to the 3.7 million patients impacted by a June 2016 data breach that occurred within its system.

A U.S. District Court of Arizona federal judge has approved a class-action lawsuit settlement with the said requirements. In the breach reported, hackers had accessed patient Social Security numbers, as well as health insurance and claims data.

For more info: https://healthitsecurity.com/news/judge-approves-8.9m-banner-health-settlement-over-2016-data-breach

• Zoom bolsters security with data center routing

ZDNet reports, Zoom, the teleconference app, announced the addition of data center routing further to protect user calls and accounts from data breaches. With the new routing, Zoom aims to increase ‘users’ trust that chats and encryption keys have not been hacked.Despite eclipsing 300 million users, companies worldwide continue to ban the use of the app, including recent abandonment by companies in both Germany and Sweden.

For more info: https://www.zdnet.com/article/zoom-adds-data-center-routing-security-updates/

‍