Thousands of Tesco.com login details published online
Hackers listed over 2,000 usernames and passwords on a popular text-sharing website. The data is said to have been compiled from data stolen in other large data breaches, exploiting the fact that website users often rely on the same username and password combinations for different online accounts. A small number of customers had their loyalty points stolen by the hackers, but as additional security information was required to fully access accounts, most users did not. All accounts affected have been deactivated as a precaution.
Roll out of care.data scheme delayed for second time
The government's project to create a national database of patient medical records has been delayed until autumn, amid concern from both the public and health professionals as to the scheme's privacy implications. The NHS has said that the extra time will make it possible to "build understanding of the benefits of using the information, what safeguards are in place, and how people can opt out if they choose to." Data extraction was originally scheduled to begin in autumn 2013, but was put on hold to allow for a public awareness campaign. Despite a nationwide leaflet drop, a recent poll suggests that around 45% of adults are still unaware of the scheme.
Spain imposes first cookie breach fines in the EU
Two jewellers, Navas Joyeros Importadores S.L. and Privilegia Luxury Experience S.L. have been fined by the Spanish data protection authority for using cookies without obtaining informed consumer consent and failing to clearly communicate the purpose and usage of cookies. Although the fines were small this time (EUR 4,500 and EUR 500 respectively), the Spanish DPA, which issued new guidance last year, is likely to become more vigilant and to impose more severe penalties moving forward.
German court rules that Facebook must comply with German laws
The Higher Court of Berlin has confirmed a 2012 decision in which Facebook's Friend Finder facility, its privacy policy and its terms of service were all found to breach German data protection law. The decision is in direct conflict with a ruling by the Administrative Court of Appeals of the State of Schleswig-Holstein last year, which found that Irish rules should apply to Facebook since German users' data is processed at Facebook's Dublin headquarters and not at its German subsidiary. The Higher Court of Berlin however decided that data processing is handled by Facebook's US parent company instead and, as such, German law applies. Facebook has a month to object to the decision.
German consumer groups to be able to sue for data protection breaches
A new bill has been announced which will allow consumer organisations to take legal action against companies which fail to comply with Germany's Data Protection Act, including by seeking cease and desist orders. German consumer groups, which are already active in bringing cases under consumer protection and unfair competition laws, have welcomed the decision. Businesses should expect to see more data protection litigation brought before the German courts in the future if the bill passes.
United States launches cyber security framework
The framework, which President Obama issued under an executive order, is part of the US government's 2013 pledge to improve critical infrastructure cybersecurity. The new cybersecurity standards establish best practices for use in all critical sectors, including government, healthcare, financial services and transport, but are voluntary. Critics have commented that the framework does not go far enough to protect privacy or to motivate companies to adopt the standards.
South Korean regulators fine card companies over breach
The three credit card companies at the centre of the huge data breach revealed in South Korea last month, KB Kookmin Bank, Lotte Card and NH Nonghyup Card, will each be fined KRW 6 million (GBP 3,371). The country's Financial Supervisory Commission said that they had "neglected their legal duties of preventing any leakage of customer information". The companies have also been banned from issuing any new credit cards for three months.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
