For many of us, the new school year marks the end of summer. Back to routines and brand new notebooks and pencils. For privacy professionals, the end of summer is still business as usual since privacy incidents and data breaches don’t take a summer vacation. The work of safeguarding privacy is never really complete.
Here are a few trends in the world of privacy that haven’t taken a summer break:
- Cookies and Tracking systems: France’s data protection authority, CNIL, released new rules regarding how companies obtain valid consumer consent.
- S.H.I.E.L.D.ing your data: The Governor of New York expanded the definition of personal information, increasing the scope of data that needs to be protected.
- Singapore transfer certification: Singapore companies can now apply for certification to transfer data across the Asia-Pacific Region.
Efforts are being made from the local to the international level to ensure that those entrusted with protecting our data are coming up with the most viable solutions to today’s privacy challenges and taking proactive measures. Adding to the existing complexity and risk is the fact that different types of data, such as biometric data, are being added to the definition of “personal information” in many jurisdictions. Despite this never-ending work to improve our privacy protection measures, incidents will continue to occur.
For example, a security tool known as "Biostar 2", which holds biometric data for thousands of companies around the world, had data accessed by researchers working with security firm VPNMentor. A company spokesperson from Suprema (Biostar 2’s parent company) stated that “if there has been any definite threat on our products and/or services, we will take immediate actions and make appropriate announcements to protect our customers’ valuable businesses and assets.” Nearly 30 million records were disclosed, comprising fingerprints, photos, facial recognition data, and other identifiable information.
Another topic we’ve been mulling over at RADAR has been the growing threat of nation-state attacks. A recent ransomware attack affected over 20 different local Texas governments last week. The attack took down computers, impacting credit card payments, and access to vital records such as birth and death certificates. Other cities, including Baltimore, Atlanta, Newark, and several cities in Florida, have similarly been affected by ransomware attacks. According to a survey conducted by cyber-security firm Coveware, only about three percent of ransomware attacks target Public Sector Organizations; however, their costs are not as slight. Public Sector Organizations pay almost 10x the global enterprise average in ransom according to the same study.
It is vital as businesses and as consumers that we understand that it’s not a matter of “if” a breach is going to happen, but “when”. While more and more companies are adopting new practices and programs, it’s imperative that we are aware of what to do when that breach does occur.