September 6, 2022
The Irish Data Protection Commission has reportedly fined Instagram 405 million euros for misusing personal information. The mishandling involves publiclly displaying their phone numbers and emails addresses and permitting them to create business accounts.
This represents the second biggest fine by an EU regulator.
The story is covered by the Australian which provides:
Social media platform Instagram has been slapped with a record 405 million euro ($592m) fine by Ireland’s data privacy regulator for mishandling children’s data, publicly displaying their phone number and email addresses.
A 2020 investigation by Ireland’s Data Protection Commission found that children between the ages of 13 and 17 were allowed to create and operate business accounts on the Instagram platform, which published the children’s phone numbers and in some cases email addresses. Read the rest of this entry »
Posted in Privacy
|
Post a comment »
September 4, 2022
The repetition of tens of millions of records being breached each month can have a numbing effect and can lead the reader to be either blase or resigned (they are different) to each installment. It can lead to the wrong attitude that data breaches are inevitable. That old saw is relied on by organisations who don’t like regulation or being made to pay more attention to data security.
It governance has compiled its list of data breaches for August and calculated that 97, 456,345 records were breached in 112 publicly disclosed incidents. The reference to public disclosure is important. There is significant under reporting. Later disclosures by affected organisations and breaches being discovered by third parties (including hackers) provide ample evidence that some organisations try to avoid disclosing breaches when they think they can get away with it. Further, in many cases while the data breach can be established organisations are reluctant to provide information of how many records have been accessed. That makes getting a complete figure a difficult proposition.
For August some of the data breaches:
Read the rest of this entry »
Posted in General, Privacy
|
Post a comment »
It is trite to say that technology has faced outpaced the common law and statute when it comes to regulating surveillance practices. In Australia the Privacy Act 1988 has inadequate coverage with exemptions for journalists and political parties. The Australian Privacy Principles contain exemptions which limit their effectiveness. And finally the regulator is timid. The surveillance devices legislation while technically neutral is drafted for an analog world. Neither legislation nor legislators have considered the impact of persistent surveillance where devices could track individuals throughout the day with the assistance of Artificial Intelligence. It is not a dystopian future. It is real and, again, described in the Wall Street Journal’s article The Two Faces of China’s Surveillance State where the capacity of the State to monitor its citizens is significant which it seeks to use to crush dissent and potential dissent and offer a better future that such overweening controls brings. The first is a human rights abuse as the Office of the High Commissioner on Human Rights report makes clear in OHCHR Assessment of human rights concerns in the Xinjiang Uyghur Autonomous Region, People’s Republic of China while the latter is a Faustian bargain.
Meanwhile in Australia ASIC has found that there is “room for improvement” by life insurers in their use of surveillance. In its review of 4,800 individual disability income insurance claims it found that where physical surveillance was used in mental health claims in half of those instances it was unwarranted. The total sample size was small, a total of 10 instances, but for half to be unwarranted is a concern. Similarly it found that the user of surveillance was unwarranted in 17.5% of cases because the insurer could have at least Read the rest of this entry »
Posted in Privacy
|
Post a comment »