jm + ico   6

Credit reference agency Equifax fined for security breach
The ICO fines Equifax £500K, the maximum amount possible under the old Data Protection Act (via Privacy Kit)
via:privacy-kit  ico  equifax  privacy  data-protection  uk  penalties  law 
11 weeks ago by jm
Thousands of websites hijacked by hidden crypto-mining code after Browsealoud hacked
The affected sites all use a fairly popular plugin called Browsealoud, made by Brit biz Texthelp, which reads out webpages for blind or partially sighted people.

This technology was compromised in some way – either by hackers or rogue insiders altering Browsealoud's source code – to silently inject Coinhive's Monero miner into every webpage offering Browsealoud.

For several hours today, anyone who visited a site that embedded Browsealoud inadvertently ran this hidden mining code on their computer, generating money for the miscreants behind the caper.

A list of 4,200-plus affected websites can be found here: they include The City University of New York (cuny.edu), Uncle Sam's court information portal (uscourts.gov), Lund University (lu.se), the UK's Student Loans Company (slc.co.uk), privacy watchdog The Information Commissioner's Office (ico.org.uk) and the Financial Ombudsman Service (financial-ombudsman.org.uk), plus a shedload of other .gov.uk and .gov.au sites, UK NHS services, and other organizations across the globe.

Manchester.gov.uk, NHSinform.scot, agriculture.gov.ie, Croydon.gov.uk, ouh.nhs.uk, legislation.qld.gov.au, the list goes on.
browsealoud  accessibility  http  sri  coinhive  monero  hacks  ico  nhs 
february 2018 by jm
UK's ICO spam regulator even more toothless now
We appealed this decision, but on June 2014 the Upper Tribunal agreed with the First-tier Tribunal, cancelling our monetary penalty notice against Niebel and McNeish, and largely rendering our power to issue fines for breaches of PECR involving spam texts redundant.


This is pretty terrible. The UK appears to have the weakest anti-spam regime in Europe due to the lack of powers given to ICO.
ico  anti-spam  uk  law  regulation  spam  sms 
september 2014 by jm
Health privacy: formal complaint to ICO
'Light Blue Touchpaper' notes:
Three NGOs have lodged a formal complaint to the Information Commissioner about the fact that PA Consulting uploaded over a decade of UK hospital records to a US-based cloud service. This appears to have involved serious breaches of the UK Data Protection Act 1998 and of multiple NHS regulations about the security of personal health information.


Let's see if ICO can ever do anything useful.... not holding my breath
ico  privacy  data-protection  dpa  nhs  health  data  ross-anderson 
march 2014 by jm
Ucas sells access to student data for phone and drinks firms' marketing | Technology | The Guardian
The UK government's failure to deal with spam law in a consumer-friendly way escalates further:

UCAS, the university admissions service, is operating as a mass-mailer of direct marketing on behalf of Vodafone, O2, Microsoft, Red Bull and others, without even a way to later opt out from that spam without missing important admissions-related mail as a side effect.

'Teenagers using Ucas Progress must explicitly opt in to mailings from the organisation and advertisers, though the organisation's privacy statement says: "We do encourage you to tick the box as it helps us to help you."'

Their website also carries advertising, and the details of parents are sold on to advertisers as well.

Needless to say, the toothless ICO say they 'did not appear to breach marketing rules under the privacy and electronic communications regulations', as usual. Typical ICO fail.
ucas  advertising  privacy  data-protection  opt-in  opt-out  spam  direct-marketing  vodafone  o2  microsoft  red-bull  uk  universities  grim-meathook-future  ico 
march 2014 by jm
ICO’s Tame Investigation Of Google Street View Data Slurping
“People will yet again be asking whether Google has been let off without the kind of full and rigorous investigation that you would expect after this kind of incident,” Nick Pickles, director of the Big Brother Watch, told TechWeekEurope. “Let’s not forget that information was collected without permission from thousands of people’s Wi-Fi networks, in a way that if an individual had done so they would have almost certainly have been prosecuted. It seems strange that ICO [the UK's Data Protection regulatory agency] did not want to inspect the [datacenter] cages housing the data, while it is also troubling that Google’s assurances were taken at face value, despite this not being the first incident where consumers have seen their privacy violated by the company.”
privacy  google  ico  regulation  data-protection  snooping  wifi  sniffing  network-traffic  street-view 
july 2013 by jm

Copy this bookmark:



description:


tags: