Hello Friends,
India’s Personal Data Protection Bill is a few months away says the MeitY minister.
The Union Minister of State for Electronics and Information Technology Rajeev Chandrasekhar said “If we have to make a choice between doing something quickly versus doing something right, with a few months delay, we will choose the latter. No one should feel that we are not committed to that PDP Bill”
This news and more, in this fortnights' Data Privacy Insights- curated privacy news from across the globe.
Enjoy reading!
Privacy Enforcement
Cyberspace Administration of China Issues Fine of $ 1.2 Billion to Ride-Hailing Company Didi
Cyberspace Administration of China issued a $ 1.2 Billion penalty to the ride-hailing company, Didi, for violating the Cybersecurity Law, the Data Security Law, and the Personal Information Protection Law. Specific violations were revealed in the question-and-answer session the CAC did with the media.
Danish DPA Imposes €500K Fine on a Law Firm Named SIRIUS over Data Security Issues
Denmark’s data protection authority, Datatilsynet, imposes a €500K fine against a Danish law firm SIRIUS for insufficient data security measures. The fine stems from a March 2020 data breach where hackers gained access to and encrypted the law firm's servers. An investigation found that SIRIUS was in the process of implementing a multifactor authentication to its servers when the hackers carried out the breach.
Data Breach
Choice Health Insurance Suffers Data Breach Due to Vendor Error
Choice Health Insurance confirmed a data breach after the company discovered that an unauthorized party was offering data obtained from the Choice Health systems for sale on a popular hackers’ website. The data contains full names, Social Security numbers, Medicare information, and health insurance information of certain individuals being compromised. The breach stemmed from a “technical security configuration issue” at a third-party service provider.
Bandai Namco, a Game Publisher Confirms a Suspected Blackcoat Ransomware Attack
Bandai Namco reported a suspected Blackcoat ransomware attack, possibly leaking customer data. The hackers breached Bandai Namco’s internal systems in Asia, excluding Japan. The company did not disclose the nature of information potentially stolen from its servers during the ransomware attack.
Regulations
India’s Personal Data Protection Bill ‘a Few Months’ away
The Union Minister of State for Electronics and Information Technology Rajeev Chandrasekhar indicated the proposed Data Protection Bill will not be tabled during the Indian Parliament's upcoming Monsoon Session. “This PDP Bill was not to do anything with privacy. It is for defining the dos and don’ts for companies that collect the data from individuals, how they collect it, how they store it, and how they process it. It is not a data privacy bill; it is a data protection bill. The lack of this bill or delay of this bill does not change your fundamental rights” he said.
NIST Releases Draft on Implementing the HIPPA Security Rule
The National Institute of Standards and Technology published a draft of Special Publication ('SP') 800-66r2 (Revision 2), titled 'Implementing the Health Insurance Portability and Accountability Act ('HIPAA') Security Rule: A Cybersecurity Resource Guide. The guidance will help "maintain the confidentiality, integrity, and availability" of electronically protected health information, or ePHI. NIST Cybersecurity Specialist Jeff Marron said the revisions are "more actionable" and aim to create "more of a resource guide" for health care entities.
ICO Updates Guidance for UK BCRs
The U.K. Information Commissioner's Office published updated guidance for using binding corporate rules as a data transfer mechanism. The updates are pitched toward a "simplified" approach for controllers and processors with the ICO noting it will "only request supporting documents and commitments once during the U.K. approval process." The regulator also called BCRs a "gold standard" transfer mechanism that "demonstrates your commitment to implementing appropriate safeguards."
American Data Privacy and Protection Act Moves to US House Floor
A new version of the American Data Privacy and Protection Act (ADDPA)after a number of amendments has taken shape. Rep. Anna Eshoo said "The ADPPA provides strong privacy protections, particularly in regards to civil rights and child safety. This amendment would not affect those rights and protections, it would simply let states strengthen them."