This week’s selected data privacy & security news stories …
The UK’s live broadcast of proceedings from the House of Lords failed to air on Wednesday after the mobile phone numbers of peers were read out on Tuesday when they entered or exited the session on Microsoft Teams — the app being used for virtual proceedings.
As a consequence, the House of Lords said its sitting on Wednesday was not broadcast live.
Today’s virtual sitting will not be broadcast live. This is due to technical and data compliance issues encountered during yesterday’s sitting. The House of Lords is working hard and at speed to resolve these issues in order to restore live broadcast for tomorrow.
— House of Lords (@UKHouseofLords) April 29, 2020
“This seems a bit of an overreaction” commented one Lords source according to the PA news agency.
Ministers were quizzed about several issues related to the Covid-19 pandemic, including rail services, tax and garden centres. Several parts of Lords business have been conducted virtually since peers returned ‘from the Easter recess.’
Sources & full story: Evening Press, PA Media
-
Students Kept in the Dark Following University Data Breach
Hackers accessed the University of Warwick’s administrative network last year in an attack which has been kept secret from the affected individuals and organisations.
According to Sky News, the security incident occurred when a staff member installed remote-viewing software enabling hackers to steal sensitive personal information on students, staff and even volunteers taking part in research studies.
Because cyber security protections at the university were so poor, as per the findings of an internal report revealed by Sky News earlier this month, it was impossible for the university to identify what data had been stolen.
Source & full story: Sky News
-
‘GDPR Could Collapse’ as Ireland Delays Big Fines
It’s been two years since the GDPR regulations were enforced and yet Ireland has not imposed a single fine for data breach against an American tech giant. Meanwhile German regulators are becoming impatient.
Thanks in part to a more relaxed tax regime, American tech giants such as Facebook and Google base their European headquarters in Ireland. An EU GDPR rule known as the “one-stop shop” mechanism means companies should normally face enforcement where they’re headquartered, rather than have multiple countries bring cases on the same issue.
Those two points mean that the Irish data protection commissioner (DPC) is the lead for Europe when it comes to investigating data breaches and doling out enforcements. But while there have been high-profile investigations, there have not yet been any rulings or financial punishments doled out, though the Irish DPC annual report has promised rulings are imminent.
Source & full story: Wired
-
Understaffed Privacy Regulators Put GDPR At Risk
GDPR is at risk of failing almost two years after coming into effect because governments have failed to give data regulators the resources they need to properly enforce it.
According to a news report by IT Pro, only five of Europe’s 28 data protection authorities (DPAs) have more than ten specialists examining the tech industry, which means they don’t have the capacity to probe potential violations by the biggest companies.
Only a handful of experts are working to uncover GDPR infringements by tech giants, research by web browser maker Brave claims. Even when wrongdoing is clear, DPAs hesitate to use powers because they can’t afford the cost of legally defending their decisions.
Brave’s chief policy and industry relations officer Dr Johnny Ryan said:
If the GDPR is at risk of failing, the fault lies with national governments, not with the data protection authorities
Source & full story: ITPro
-
WordPress Security Flaws Hit Online Learning Platforms
Researchers have revealed worrying security flaws in three leading WordPress plugins – LearnPress, LearnDash and LifterLMS – deployed by top academic institutions and Fortune 500 companies for delivering remote learning sessions.
According to Check Point Research, these plugins, which help convert a website to a full-fledged online Learning Management System, can be hit by serious vulnerabilities like Remote Code Execution and SQL Injection that can be used to steal personal data, make changes to the account privileges, siphon off money and more.
These flaws were discovered during a two-week timeframe in March and have been patched by the platforms once reported by the researchers.
LMS plugin vulnerability
Due to the coronavirus lockdown, most educational institutions have set up online classrooms to ensure studies are not impacted. While several organisations have opted for virtual classroom sessions via video-conferencing tools like Microsoft Teams or Zoom, many others use online learning platforms to conduct regular classes.
Source & full story: TechRadar