Hello Friends,
Personal information of millions of Brazilians was found publicly accessible due to a massive data leak. Possibility states entire population of Brazil may possibly be affected by this data leak.
Enjoy reading!
Privacy Enforcement
Compliant against Meta paid versions of Facebook and Instagram stating a ‘Pay for Privacy’ campaign of Meta
Previous year, Meta introduced paid versions of Facebook and Instagram in Europe offering an ad-free experience. While the free version remains accessible, users opting to continue using it must consent to relinquish their privacy rights. A collective of privacy enthusiasts in Austria has lodged a complaint against Meta stating that the move comes as a ‘payment for privacy.
Meta offers Canadians of 4 provinces CAD 51M to settle privacy lawsuits
Meta proposed a settlement of CAD 51 million to resolve privacy claims related to the purported nonconsensual utilization of Canadians' personal information for advertising. The legal action alleges that Meta gathered and employed names and email addresses in its "Sponsored Stories" ad campaign, which spanned from 2011 to 2014.
Data Breach
Personal information millions of Brazilians was found publicly accessible
Research by Cybernews revealed that a cloud server provided unrestricted access to a huge volume of private data associated with Brazilian individuals, as reported by Security Affairs. The exposed data encompassed over 223 million records containing personally identifiable information of citizens, along with their taxpayer identification numbers.
Hong Kong's Social Welfare Department accidentally leaks applicants' names
The Social Welfare Department in Hong Kong accidentally exposed the English names of 1,300 individuals who had applied for the special care subsidy scheme for persons with severe disabilities. This data breach resulted from an employee error, and those affected have been duly notified and the Social Welfare Department has apologized for the incident.
HealthEC data breach has affects 4.5 million patients
Nearly 4.5 million individuals have been affected by a data breach at HealthEC LLC, a health tech company based in New Jersey. The breach involved unauthorized access by cyber attackers to highly sensitive medical information. Furthermore, 17 healthcare organizations in the United States, which are either partners or customers of HealthEC, were also impacted by this security incident.
Privacy in Spotlight
Microsoft offers storing personal data of cloud customers in EU
Microsoft offers its EU customers to store personal data in EU, as a [part of their recent roll out plan. In adherence to privacy legislation, technology companies have been introducing data storage and processing features in the EU. This initiative helps comply with EU data storage requirements for businesses operating across multiple countries.
European Commission calls for feedback on GDPR’s performance
The European Commission has invited comments on the performance of the EU General Data Protection Regulation (GDPR) since its implementation six years ago. The feedback received will contribute to a formal report that builds upon the Commission's review of the law in 2020. Stakeholders and interested parties have until February 8th to submit their comments.
Regulations
FTC releases guidance on privacy of DNA data
Companies selling genetic products of DNA data have the advantage of learning more about health, lineage, and family tree – so that consumers can seek medical attention, customize their diet or exercise regimen, find long-lost relatives, or understand more about their background. FTC in the last year has charged the sellers of genetic products with subpar data security practices. FTC has recently released guidance for businesses to comply with the Biometric policy.
New Jersey passes privacy bill, on the last day of Legislature
On the final day of the 2023 legislative session, the New Jersey Legislature gave its final approval to Senate Bill 332, a comprehensive privacy bill. The bill underwent amendments to establish its comprehensive framework in December 2023 and secured same-day approval on 8th January.
An insight into FTC's new Health breach rulemaking update
A recent analysis from Lawfare provides an overview of the U.S. Federal Trade Commission's intentions to revise the Health Breach Notification Rule. This proposed rule aims to regulate the procedures for vendors of "personal health records" and entities not subject to the Health Insurance Portability and Accountability Act (HIPAA) in managing health data breaches.