Yan Luo and Zhijing Yu of Covington & Burling write: On July 2, 2020, the Standing Committee of the National People’s Congress of China (“NPC”) released the draft Data Security Law (“Draft Law”) for public comment. The release of the Draft Law marks a step forward in establishing a regulatory framework for the protection of broadly defined…
Category: Non-U.S.
UK: Second NHS data leak to be fully investigated
The Orcadian reports: Another data breach at NHS Orkney has led to a confidential health board file being inadvertently sent to a member of the local press, in what has been described by the health authority’s new interim chief executive as a “regrettable” error. Michael Dickson, who is set to arrive in Orkney today, Friday,…
Serious data privacy breach at DU admit card 2020 download portal, students’ personal details available
Roshni Chakrabarty reports: Early on Thursday, two Twitter users pointed out the serious data privacy breach problems arising in the DU admit card 2020 download portal, which is part of the official Delhi University website. Anyone with the ‘gateway password’ can download the admit cards of all students in any Delhi University college. Read more…
AU: Hacked: Thousands of MyGov accounts for sale on dark web
Ronald Mizen reports: Logins for more than 3600 MyGov accounts are for sale on the dark web, potentially exposing thousands of Australians to fraud and identity theft. The MyGov accounts are among a list of more than 150,000 hacked “.com.au” logins available for sale on dark web marketplaces, where logins are sold for as little…
Misconfigured firewall resulted in LogBox data exposure and conflicting claims
Earlier this week, Jake Bright of TechCrunch reported that security researcher Anurag Sen had found an exposed database belonging to LogBox, a South African medical data app that allows patients to share information with their doctors more easily. According to TechCrunch’s report, the researcher had found an exposed database containing account access tokens for “thousands…
Italian Garante Fines Bank 600,000 Euros for Pre-GDPR Data Breach
Hunton Andrews Kurth writes: The Italian Data Protection Authority (Garante per la protezione dei dati personali, “Garante”) recently announced that it levied a €600,000 fine on banking institution UniCredit for several violations of the Italian Personal Data Protection Code, in its pre-General Data Protection Regulation (“GDPR”) form. The sanction was imposed following a data breach that took…