United Kingdom
Email communications guidance published by the ICO
- The ICO has warned organisations to refrain from using blind carbon copy function when sending emails that contain sensitive personal data.
- The guidance also comes with advice for organisations when sending bulk emails.
- Mihaela Jembei, ICO Director of Regulatory Cyber, said: “Failure to use BCC correctly in emails is one of the top data breaches reported to us every year – and these breaches can cause real harm, especially where sensitive personal information is involved”.
- Find the guidance here: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/security/email-and-security/.
United States
Amazon and Starbucks seek to dismiss lawsuit over biometric payment system
- The lawsuit claims that Amazon’s “Just Walk Out” cashless checkout – which facilitates cashless check out at Amazon Go and two New York City Starbucks that share space with Amazon Go stores, is in violation of New York City Law.
- The plaintiffs claim that the biometric data collected by the technology does not adhere to the city ordinance requiring a clear and conspicuous notice of such to be visible for all.
- Amazon on the other hand argues its customers consent to the use of the technology.
- Car insurer GEICO has been accused of disclosing data found on driver’s licenses to identity thieves.
- The lawsuit centres around the claim that the company auto-populated the numbers from driver’s licenses into its database when its users provided their basic information so as to obtain insurance quotes.
- After a data breach, this data then went on to be used for fraudulent unemployment benefit applications under the victim’s names.
Europe
Ireland’s Data Protection Commission warns parents about back-to-school photos
- The Irish DPC is warning parents about potential unintended oversharing of children’s personal data.
- This is due to the start of ‘back-to-school’ photos that many parents tend to post online this time of year.
- The Commission recommends parents be careful when sharing details about their children’s schools, and their location, when uploading these sorts of posts.
International
Canada’s largest railway company accused of monitoring employees
- Employees at Canadian National have alleged that the company used work-issued tablets to track train operators off the clock.
- The geolocation that was allegedly collected by the company was processed without the consent of the employees.
- The tracking was only discovered by accident, through a disclosure process where the company was obligated to disclose why they were disciplining a worker.
High Court of Kenya orders Worldcoin to halt processing in the country
- Worldcoin, the crypto currency exchange, has been ordered to temporarily halt its processing of biometric data in Kenya.
- This is to have effect until an investigation by the Office of the Data Protection Commissioner of the country is resolved.
- The High Court also ordered Worldcoin to destroy all data in its possession under the supervision of the Office of the Data Protection Commissioner and has revoked their license as a data controller.
India’s interception monitoring systems create a “backdoor” for government surveillance
- Telecom companies are obliged to install the hardware in subsea cable landing stations and data centres, and the software searches, copies and provides personal data to Indian security agencies.
- According to the government, all requests for monitoring have to be approved by the Home Secretary of India.
- Critics claim this approval process is simply a procedural safeguard, and does little to prevent targeted snooping, bypassing privacy protections.
