ABC's of Privacy This Week - March 26, 2020

Applause

• OAIC advises employersto meet privacy obligations amid COVID-19 epidemic

Accordingto ZDNet, the Office of the Australian Information Commissioner has advisedemployers to handle personal information per the Privacy Act of 1988, even in apandemic.  The OAIC advised that thecollection, use, and disclosure of personal details should be limited tonecessary information for preventing or managing COVID-19.

For more info: https://www.zdnet.com/article/australian-privacy-commissioner-offers-advice-on-staff-privacy-amid-covid-19/

• OPC issues COVID-19guidance

TheOffice of the Privacy Commissioner of Canada has recently issued guidance fororganizations to understand their responsibilities towards privacy lawmaintenance during the COVID-19 pandemic. The guidance gives a clearunderstanding of the obligations surrounding both the Privacy Act and thePersonal Information Protection and Electronic Documents Act.

For more info: https://priv.gc.ca/en/opc-news/news-and-announcements/2020/an_200320/

Data Breaches

• Open cloud serverexposes 200M user records

According to CyberNews, researchers have recently identified an unsecuredGoogle Cloud database containing personal data of more than 200 millionAmerican citizens. The owner of the server is an unidentified party, and itcontained full names, contact information, and even sensitive financialdetails. While the data was exposed for an unknown amount of time, it wasdeleted by an unknown party on March 3rd, 2020.

For more info: https://cybernews.com/security/report-unidentified-database-exposes-200-million-americans/

• Elastic research breach exposes 5B records

SC Media reports, an unsecured Keepnet Labs database has exposed more than5 billion records with information about security incidents over the past sevenyears. The privacy gap was discovered by security researcher Bob Diachenko andcontained passwords, email addresses, and other prominent data leaks.

For more info: https://www.scmagazine.com/home/security-news/database-security/five-billion-records-exposed-in-open-data-breach-database/

• RogersCommunications announces customer info exposed in breach

According to Bleeping Computer reports, Rogers Communications hasannounced that customers' personal information was exposed via an unprotecteddatabase. The data contained personal details like email addresses, names,telephone numbers, and account numbers. Credit card information, bank andaccount details were not exposed through the breach, according to Rogers.

For more info: https://www.bleepingcomputer.com/news/security/rogers-data-breach-exposed-customer-info-in-unsecured-database/

• Breacheshit online guitar service, college

According to Infosecurity Magazine, unauthorized access of TrueFire'scomputer system exposed confidential user payment information for 6 months.People who made purchases between 3rd August 2019 and 14th January 2020 hadtheir account numbers, card number, security code, and card expiration dateexposed.

For more info: https://www.infosecurity-magazine.com/news/guitar-tuition-website-suffers/

Current News

• European Commissionputs emphasis on encryption

According to Euractiv, the European Commission is enhancing securityefforts by adopting end-to-end encryption app Signal for Communications whichwill be used "outside of critical or sensitive exchanges." For more info:https://www.euractiv.com/section/digital/news/the-story-behind-the-commissions-new-emphasis-on-encryption/