News Bites for Friday June 29, 2018
The Supremes Say Warrant Required For Cell Data
In a 5-4 decision last week, the Supremes said that the police should have gotten a search warrant before they asked for months worth of location data of a suspect. The suspect in a robbery case was tracked by the police – over 12,000 locations, over 127 days, to correlate robbery locations to the suspect’s location. Chief Justice John Roberts wrote the opinion, basically saying this this is a search within the bounds of the 4th Amendment. This is good news for privacy advocates saying the the power of the government is not unbounded. Source: CNet.
GDPR: One Month In
Not surprisingly, one month in and we have already seen the results of GDPR.
The UK Information Commissioner’s office says they have seen a sharp rise in both complaints and notifications. In France, they have have seen a 50% rise in complaints compared to last year.
Austria says that they have received 128 complaints and 500 questions, along with 59 breach notifications. Compare that 59 number to the entire eight months prior to the law going into effect – effectively an 8x increase.
Still numbers in the hundreds and not in the millions means that people are not going crazy. What we don’t have data on, yet, is how many people requested copies of their information or requested that their information be deleted. Source: WARC
Exactis Exposes More Than 340 Million Records
And the record for most breached records goes to Exactis. Well, no, actually that record will hopefully always stay with Yahoo, but still, 340 million records (230 million consumers and 110 million businesses) is not a drop in the bucket.
Exactis is one of those data aggregation firms that know everything from your name and address to how many kids you have and your income, among literally thousands of data points.
Now it appears that data was exposed because of a lack of controls placed on an Amazon Elastic Search setup.
Given new privacy laws in place and coming in place, this type of breach MAY need to be disclosed. So far, the company is being quiet about it. Older privacy laws did not consider things like your kid’s names, ages and genders private. Newer ones are starting to, hence the requirement for disclosure, possibly. Source: Wired)
8 States Settle With Equifax Over Breach
8 states – Alabama, California, Georgia, Maine, Massachusetts, New York, North Carolina and Texas – have come to an agreement with Equifax on security practices. This is only one of MANY legal actions that Equifax will have to deal with.
The requirements are pretty mild and Equifax is likely doing most of these as a response to the breach: conduct annual security audits, develop written data protection policies and guides, monitor its outside vendors, and improve patch management. It is actually surprising that a company of their size was not already doing all of these items and more.
The agreement does allow these states to take legal action if Equifax does not implement these controls. Source; The New York Times