India is one of the world’s largest data-generating countries and is on the cusp of enacting a new Data Protection Law. PrivSec Report examines what it could all mean.  India is not just any player in the global data market. With its 1.36 billion residents and its recent record of rapid growth, facilitated by cross-border data flows that enable start-ups in the Global South to access foreign markets, what India does when it comes to data protection really matters. The country is on the verge of enacting its first all-encompassing cross-sectoral data protection law, the Personal Data Prot ..read more

Following the ICO’s record fine for British Airways under the GDPR, Julian Hayes and Guevara Leacock, consider the potentially very expensive group claim civil action now being prepared.   The dust has not yet settled on the Information Commissioner’s fine imposed on British Airways (BA) in October 2020, but the company now faces the largest group claim over a data breach in the UK’s history. A similar claim has been brought against TalkTalk following a 2014/15 cyber-attack on the telecoms giant, though in that case far fewer people were affected. With not only hefty regulatory fines and ..read more

The Privacy Protection Authority (PPA) in Israel has determined Likud and Yisrael Beiteinu and tech company Elector Software broke privacy regulations in a data breach affecting about 6.5m voters. During an election campaign in February 2020 what the authority termed a serious information security incident occurred with data appearing online. Details which leaked included voters’ phone numbers, email addresses, physical addresses, place of voting, if they were supportive or not of a party, and the medical condition of those interested in transportation to the polling station. Once notified of ..read more

Plan to scrap Mexico data protection body blow to human rights, say campaigners Proposals by Mexican President Andres Manuel Lopez Obrador to eliminate the National Institute for Transparency and Access to Information and Data Protection (INAI) would be a major setback for human rights in the country, according to Human Rights Watch (HRW). “The INAI has played a crucial role in protecting privacy and ensuring the public can access information about government corruption and human rights violations,” said Jose Miguel Vivanco, the campaign group’s Americas director. “Shuttering this independent ..read more

The Information Commissioner and Privacy Commissioner in Australia, Angelene Falk, has found the Department of Home Affairs interfered with the privacy of 9,251 asylum seekers by mistakenly releasing their personal information. The case arose from the department, formerly the Department of Immigration and Border Protection, publishing a detention report on its website in error seven years ago. The document contained embedded personal information which could identify everyone in immigration detention on 31 January 2014. Falk’s finding follows a class action by 1,297 of the affected detainees ..read more

Marketing company Epsilon Data Management has agreed a $150m settlement with the United States’ Department of Justice (DoJ) to resolve a criminal charge for selling data on more than 30 million Americans to perpetrators of fraud schemes who were targeting older people. The deferred prosecution agreement (DPA) includes Epsilon selecting and covering the costs of an independent claims administrator to distribute $127.5m compensation to victims with established losses caused by fraud schemes which used the company’s data. “Epsilon also agreed to implement significant compliance measures designed ..read more

Traditional data protection is sinking under the perfect storm of constant data change, accelerating data speed, and surging data volume—and the customer backlash is rising. Seven out of ten global consumers are prepared to boycott companies they believe don’t take data protection seriously. More than 20 percent of US consumers say they’ll never return to a brand that has suffered a data breach. That’s more than a compliance issue. It’s a business crisis. Download your copy of “Intelligent Data Privacy” to learn how to implement a continuous, holistic process of data privacy that adapts to sh ..read more

The Australian Securities and Investments Commission (ASIC) says a server it was using to handle recent credit licence applications was breached by a hacker. “While the investigation is ongoing, it appears that there is some risk that some limited information may have been viewed by the threat actor,” the securities regulator said in a statement issued on 25 January. “At this time ASIC has not seen evidence that any Australian credit licence application forms or any attachments were opened or downloaded.” The cyber security incident involved unauthorised access to software the ASIC uses to tr ..read more

The Council of Europe has published “guidelines” to avoid what it terms significant risks to privacy and data protection posed by the increasing use of facial recognition technology. The human rights organisation suggests prohibiting its use solely to determine a person’s skin colour, religious or other belief, gender, racial or ethnic origin, age, health or social status. A ban should also be applied to ‘affect recognition’ technologies, which can identify emotions and be used to detect personality traits, inner feelings, mental health condition or workers’ level of engagement, because they ..read more

Social network provider Facebook will open up targeting information for more than 1.3m social issue, electoral and political ads to researchers from 1 February. Privacy will be protected, says product manager Sarah Clark Schiff. It is acting after feedback, particularly from academics, that understanding how advertisers choose to target audiences is key to learning more about the influence of digital ads on elections and other specific events. The company has created the Facebook Open Research and Transparency (FORT) platform to enable researchers to study the impact of Facebook’s products on ..read more