ABC's of Privacy This Week - May 27, 2020

Applause

• EU invests 49M euros for privacy, cybersecurity upgrades

According to recent reports, the European Commission has announced a 49 million euro commitment to nine projects focused on privacy and cybersecurity solutions for the bloc. The reports suggest that while five projects will relate to privacy and cybersecurity solutions for EU citizens and small- and medium-sized businesses, the remaining projects will improve security systems for different sectors, including health care and transportation.

For more info: https://ec.europa.eu/digital-single-market/en/news/eu-grants-nearly-eu49-million-boost-innovation-cybersecurity-and-privacy-systems

• Google announces Chrome privacy, security controls.

Google announced through a recent blog post that it is rolling out new tools and a redesign of Chrome's privacy and security desktop settings. 

Google stated that cookies would be easier to manage, sensitive web permissions will be better located, and users will be able to sync controls and more easily access a "clear browsing data" option. New safety check settings will also notify users if passwords have been compromised.

For more info: https://blog.google/products/chrome/more-intuitive-privacy-and-security-controls-chrome/

• French Council of State bans COVID-19 monitoring by drone.

According to Courthouse News Service, Council of State, Conseil d''tat, has recently ruled that authorities in Paris are prohibited from using drones to enforce COVID-19 stay-at-home orders. The court said in it's decision that the deployment of drones and video footage they capture may allow police to identify individuals being surveilled. 

Additionally, the court justices wrote, "There are risks they could be used contrary to personal data protection rules."

For more info: https://www.courthousenews.com/french-court-outlaws-drone-use-for-paris-virus-fight/

• Hogan Lovells publishes the COVID-19 privacy guide.

As part of its "Privacy 2040" initiative, Hogan Lovells has published a guide on balancing privacy and security with public health efforts as exit strategies are developed for the COVID-19 pandemic. The guide covers various topics, including legal bases for processing COVID-19 data, the role of data protection officers, and what needs to be done to ensure contact tracing apps are privacy compliant.

For more info: https://www.hoganlovells.com/~/media/hogan-lovells/pdf/2020-pdfs/2020_05_19_covid_exit_strategy_global_privacy_cybersecurity.pdf

Data Breach

• 9M EasyJet customers' details accessed in a cyber-attack

Reuters reports, emails, and travel details of about 9 million patrons of British airline EasyJet were accessed in a late-January cyber-attack.

Among other information, the credit card details of more than 2000 of those customers were compromised. According to EasyJet, it does not appear any personal information was misused.

For more info: https://uk.reuters.com/article/us-easyjet-cyber/chinese-hackers-suspected-of-stealing-details-of-9-million-easyjet-customers-idUKKBN22V1JF

• 40M users' records leaked online

Information of 40 million Wishbone app users have been leaked on a hacking forum and is being offered as a free download, according to ZDNet. The exposed data reportedly includes usernames, emails, phone numbers, and hashed passwords.

For more info: https://www.zdnet.com/article/hacker-selling-40-million-user-records-from-popular-wishbone-app/

Current News

• Hackers attempt to access My Health Record system.

 iTnews reports, according to the Australian Digital Health Agency, hackers attempted to access the My Health Record system. It's the second potential data breach since July 2019. Still, ADHA National Health Chief Information Officer Ronan O'Connor said neither resulted in access to the system and "no information or personal sensitive information was accessed."

For more info: https://www.itnews.com.au/news/my-health-record-system-hit-by-hack-attempt-548282

• HHS relaxes privacy requirements for COVID-19 community testing sites

According to Nextgov, the U.S. Department of Health and Human Services is set on relaxing the Health Insurance Portability and Accountability Act privacy and security requirements for COVID-19 community-based testing sites to make it easier to collect patient data. 

Additionally, in a notice, the HHS Office for Civil Rights has said other health care providers still have to comply with HIPAA fully.

For more info: https://www.nextgov.com/analytics-data/2020/05/hhs-relaxes-data-security-and-privacy-enforcement-covid-19-test-sites/165471/