Protecto
February 5, 2020
Welcome to our weekly privacy newsletter to read the latest privacy-related news from across the globe. We classify our weekly privacy newsletter into three parts namely Applause, Breaches and Current News (ABC's) of Privacy news. For any feedback on our weekly newsletter, please feel free to send your comments to social@oneDPO.com.
Indonesian President Joko Widodo hassubmitted a draft data protection law to the country's House of Representatives.The bill includes the types of personal data it covers, data rights, theobligations and responsibilities of data controllers and processors, datatransfers, and requirements for data protection officers. The legislation isset to cover citizens both within Indonesia and those who are abroad.
State Rep. Shannon Zimmerman proposed the Wisconsin Data Privacy Act, which could fine companies up to $20 million or assesses a portion of their annual revenue ' if they don't abide by the existing data privacy rules. Depending on the severity of the offender, the Wisconsin attorney general could bring legal action, according to the proposal. Penalties call on entities to be fined up to $10 million or 2% of annual revenue ' whichever is higher. Those penalties could be doubled for personal data violations.
For more info: https://wqow.com/2020/01/29/area-lawmaker-proposes-wisconsin-data-privacy-act/
The United Nations has fallen victim to a majorhacking attack that compromised its Europe-based IT systems, and the officialsof the organization chose to keep it a secret. The attack was detected inAugust 2019 by the UN's Geneva IT team, who figured that the break-in hadhappened a month earlier. Upon further investigation, the UN employeesdiscovered that the compromise spread over to 40 of their servers in Geneva andVienna, holding important data of its human resources department, as well asthe human rights office. The records that have been accessed by theinfiltrators include the commercial contracts of the organization, theirpasswords, and various business documents.
For more info: https://apnews.com/0d958e15d7f5081dd612f07482f48b73
ABritish community housing charity was conned out of more than $1m in a domainspoofing scam. The charity described how criminals not only spoofed the domainof a genuine contractor but also sent emails to Red Kite that appeared to befrom contacts who had already won the charity's trustees. The con was carriedout in late August 2019 and is still under investigation by the police. As aresult of the incident, Red Kite's governance rating has been downgraded by theRegulator of Social Housing (RSH).
For more info: https://www.infosecurity-magazine.com/news/red-kite-spoofing-scam/
A data breach atIndian airline SpiceJet has exposed the personal information of over amillion passengers. Data exposed in the breach included passengers' names,phone numbers, email addresses, and dates of birth. Among the passengers whosedata was exposed were several state officials. While SpiceJet has now takensteps to secure the exposed database, the airline has declined to confirmCERT-In's findings.
For more info: https://www.infosecurity-magazine.com/news/breach-at-indian-airline-affects/
The Italian data protection authority, the Garante,has fined Tim Spa 27.8 million euros for alleged violations of the EU GeneralData Protection Regulation. The DPA received complaints that the company mademillions of promotional phone calls without the consent of the customers. Thecomplainants either had their numbers on the Public Register do-not-call listor previously opted out of receiving phone calls from the company.
Formore info: https://www.gpdp.it/web/guest/home/docweb/-/docweb-display/docweb/9256409
The European Data Protection Board announced Cyprus' Office of theCommissioner for Personal Data Protection fined three companies a combined82,000 euros for various EU General Data Protection Regulation violations. Theinvestigation found each company to be violating GDPR and hence resulting infines of 70,000 euros to LGS Handling, 10,000 euros to Louis Travel, and 2,000euros to Louis Aviation.
Formore info: https://edpb.europa.eu/news/national-news/2020/cypriot-supervisory-authority-banned-processing-automated-tool-used-scoring_en
The Danish data protection authority, Datatilsynet,found the Labour Market Holiday Fund violated the EU General Data ProtectionRegulation. As part of an investigation involving holiday pay, the DPA foundthe fund did not disclose certain information promptly, nor did it provide thedata in a transparent, easily accessible format.
We take privacy seriously. While we promise not to sell your personal data, we may send product and company updates periodically. You can opt-out or make changes to our communication updates at any time.