Privacy Enforcement
ICO fines Ministry of Afghanistan for a 2021 breach related to evacuations
The UK Information Commissioner’s Office has declared a fine of GBP 350,000 against the Ministry of Defence for a data breach related to evacuees from Afghanistan in 2021. The ICO alleged that 265 individuals had their emails compromised when the MOD sent a collective email to Afghan nationals eligible for evacuation. The ICO emphasized that the disclosed data if obtained by the Taliban, could have posed a threat to life.
Lawsuits against Fredhutchinson Cancer Centre mounts post recent data breach
Over the Thanksgiving weekend, Fred Hutchinson Cancer Center faced a cyberattack and subsequent data breach, resulting in the filing of more than seven lawsuits. Unauthorized individuals infiltrated the center’s network, extracting files containing patient names, contact details, medical information, and Social Security numbers.
Data Breach
Data Breach at Mr. Cooper, a mortgage giant impacts 14.7 million individuals
Mr.Cooper, a mortgage giant has started notifying the customers that on October 31 attackers accessed and extracted files containing personal information of customers. Based on the investigation roughly 14.7 million homeowners are affected by this incident.
Michigan’s Health system report second data breach, affects more than 1M patients
Michigan state officials reported that a health system in the state encountered its second cybersecurity breach this year, impacting over 1 million patients. The Michigan Attorney General Dana Nessel disclosed that the breach occurred at HealthEC, a vendor offering services to Corewell Health’s properties in southeast Michigan, leading to the exposure of personal and medical information of affected patients..
Privacy in Spotlight
ICO releases deficiency letters for cookie compliance to leading websites
The U.K. Information Commissioner’s Office has made public a letter dispatched in November to the U.K.’s top 100 most-visited websites. The communication notified certain websites that their cookie banners might not align with the U.K. General Data Protection Regulation and the Privacy and Electronic Communications Regulations. The letter provided specific details on how companies could rectify these non-compliance issues, with the ICO emphasizing that the release of these letters is intended to assist other websites in achieving compliance.
Regulations
FTC proposes COPPA updates
The U.S. Federal Trade Commission has put forth a proposal to revise the Children’s Online Privacy Protection Act. These proposed updates include mandatory opt-ins for targeted advertising, increased data retention limits, heightened data security requirements, and various other modifications.
HHS finalizes Rule with requirements for AI in Health IT interoperability and information blocking
The HTI-1 Final Rule finalizes significant changes to the ONC Health Information Technology Certification Program and the Information Blocking Rule applicable to health care providers, developers of certified health information technology, and health information exchanges and networks.
Indian government to release draft DPDP rules in January
The Indian government is prepared to finalize the draft regulations for the Digital Personal Data Protection Act in January 2024. This draft was presented during a confidential meeting with technology industry stakeholders on December 20. The government has provided a week for stakeholders to provide feedback before the rules are officially notified in January. However, certain U.S.-based companies are advocating for an extension of the consultation period.https://www.riskpro.in/index.php/articles/data-privacy-insights-privacy-news-around-world-2-january-2024