Each week, PrivSec:Report presents the top 5 headlines from the week’s news and upcoming events in the privacy and security industry. This week a document was leaked which suggested that Boris wants to collect Gov.uk user data and the ICO issues a pre-Brexit warning.
Almost 2,000 affected
A London gender identity clinic has exposed the personal details of almost 2,000 transgender patients. The Charing Cross Gender Identity Clinic sent patients an email about a competition whilst accidentally cc’ing hundreds of others. Subsequently, the email revealed hundreds of patient’s name and email addresses. Two separate emails had been sent, both cc’ing about 900 people each. The Tavistock and Portman NHS Foundation Trust, which run the clinic, are investigating the incident. A spokesperson for both said: “We can confirm we are reporting this breach to the Information Commissioner’s Office as well as treating it as a serious incident within the Trust.” Read the full story here.
Guess who’s back?
Yet again Facebook is in the news for privacy-related issues, this time a period-tracking app has automatically shared user data with the social network. Data is transferred whether the user has a Facebook account or not, and whether they are logged in or not. It was also identified that the apps would regularly send Facebook extremely sensitive and detailed intimate data. Menstruation apps don’t just collect information about users menstruation cycles, but as presented in research by Coding Rights, the apps also collect information about a user’s health, their sexual life, their mood and more. Read the full story here.
Boris plans to harvest data
Downing Street has ordered departments to collect and share “targeted and personalised information” on users that visit the GOV.UK portal. Officials claim that personal details are collected it’s only to improve the service. In the leaked memo, Johnson concluded: “I expect everyone to act immediately to execute the above actions.” To which nine days later the prime minister’s chief advisor, Dominic Cummings, emailed senior officials to stress that this would be a “top priority”. Read the full story here.
Businesses have been urged to “prepare for all scenarios” as the ICO publishes dedicated guidelines to maintain data flow when the UK leaves the EU. The guidelines are to help small and medium-sized organisations prepare for the possibility that the UK leaves the European Union with no deal. It provides the same advice that was previously published on how to maintain data flows but tailored to be more relevant and accessible to smaller organisations. Read the full story here.
It’s not over yet, British Airways
Lawyers have accused British Airways (BA) of “swerving responsibility” through their efforts to cap compensation sums issued to victims of the data breach suffered by the carrier. BA has since initiated a class action for those impacted by the breach, but the plan also holds a 17-week time limit in which claimants need to join to be eligible.Legal experts have called the time limit “unprecedented”, branding the action as a cynical attempt to hold on to as much as possible of a compensation pot that could be worth up to £3bn. Read the full story here.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/