Weekly Newsletter: 5 July – 9 July 2021
GDPR EU Representative

July 12, 2021

Hackers demand $70 million to end biggest ransomware attack on record

[#Ransomwareattacks ##Russia #Cybersecurity] 
“An affiliate of the notorious REvil gang, best known for extorting $11 million from the meat-processor JBS after a Memorial Day attack, infected thousands of victims in at least 17 countries on Friday, largely through firms that remotely manage IT infrastructure for multiple customers, cybersecurity researchers said.

REvil was demanding ransoms of up to $5 million, the researchers said. But late Sunday it offered in a posting on its dark web site a universal decryptor software key that would unscramble all affected machines in exchange for $70 million in cryptocurrency. […]

A broad array of businesses and public agencies were hit by the latest attack, apparently on all continents, including in financial services, travel and leisure and the public sector, though few large companies, the cybersecurity firm Sophos reported.”

To read more: Click here

UK data watchdog to probe use of private emails by health ministers

[#Privacy #DataProtection #ICO #UK]

“LONDON — The U.K.’s data watchdog said Tuesday she had launched a formal investigation into allegations health ministers used private email addresses to conduct government business.

Elizabeth Denham, the U.K.’s information commissioner, said in a blog post that reports of ministers and senior officials using private correspondence channels, such as private email accounts, to conduct sensitive official business were “concerning.” […]

Denham acknowledged that the use of private correspondence channels did not in itself break freedom of information or data protection rules, but said she was concerned information in private email accounts or messaging services was “forgotten, overlooked, autodeleted or otherwise not available when a freedom of information request is later made.””

To read more : Click here 

How to Manage Your Google Privacy Settings

[#Privacy #Google #Security] 
“My Account is meant to be a one-stop spot to take control of your privacy and security when it comes to this monolithic company. Rather than visiting settings for every individual Google service—Gmail, Google Drive, Android phones, the Chrome browser(s), YouTube, and a hundred others—you change global settings here. Mostly. If you want the scary version of what Google collects on you, read this old Guardian article, which spells out that Google knows where you’ve been, what you’ve searched, all your apps and extensions, your YouTube history, and more. […]

On My Account, do two things right away: a Security Checkup and a Privacy Checkup. […] On the My Account page, the URL will be a little different for each Google account you have. It’ll end with /u/0 for the default account, /u/1 for the second, and so forth. Do a security check for each account.

Find the Security Checkup at https://lnkd.in/dJgityc (or click Take action in the Critical Security issues found box). It will take you through a number of cards to check items”

To read more: Click here

‘The dead don’t have GDPR rights’: Woman considers legal action after department denies info request

[#GDPR #Children #PersonalData] 
“THE DEPARTMENT OF Children is failing to apply General Data Protection Regulation (GDPR) correctly as Mother and Baby Home survivors attempt to access personal information, a data compliance expert has said. In one instance, the Department of Children, Equality, Disability, Integration and Youth (DCEDIY) refused to share information with a woman because it relates to a person who is deceased. […]

Speaking to The Journal, McGarr said: “It’s simply not accurate in law to say that if data relates to a person who has died that somehow takes it out of the scope of the GDPR because GDPR rights don’t attach to data, they attach to people.“”

To read more: Click here

Italian Data Protection Authority (Garante) – Health Care 

[#GDPRfines #GarantePrivacy #PersonalData #Dentist] 
“The Italian DPA (Garante) has fined a dentist EUR 20,000. A data subject filed a complaint with the DPA against the dentist for refusing to treat him after the data subject had indicated he had HIV in his medical history form.

In the dentist’s clinic, it was common practice for patients to fill out a medical history form before medical treatment, which contained questions about previous, existing or suspected infectious diseases (e.g. tuberculosis, hepatitis, HIV).

The DPA considered this to be a violation of the principles of legality. It stated that it was legitimate to ask for such information in order to better plan medical treatment. However, it was not permissible to collect such information and then refuse treatment to the patient.”

To read more: Click here