News Alerts and Breach Report for Week of September 26, 2022
Indonesia Passes Data Privacy Law
On September 20, 2022, Indonesian parliament passed a new law that will provide Indonesian consumers with increased protections. Under the law, data holders are prohibited from “leaking,” misusing, or falsifying Indonesian consumers’ personal information for their own personal gains. Data holders who violate the law by leakage or misuse could face up to five years of jail and those who falsify information could face six years under the legislation. Additionally, violating parties who leak consumer information could be assessed fines as high as two percent of the company’s annual revenue or could be subject to their company property being confiscated or auctioned off. With this new regulation, Indonesia became the fifth country in the Southeast Asian region to establish a data protection regulation, following Singapore, Malaysia, Thailand and the Philippines.
TikTok Facing $29 Million Fine From UK
As data privacy regulators crack down on how controllers use children’s personal information, tech companies keep getting hit with fines. Earlier this month, Meta and Google were slapped with more-than $70 million in fines due to their mishandling of children’s information, and Spain’s DPA fined Google again this week. And TikTok is now facing a similar fine in the UK. Accordion to The Hill, “TikTok allegedly breached the U.K.’s protections for children’s data privacy between May 2018 and July 2020, in part by processing the data for children under 13 without appropriate parental consent, according to an investigation by the U.K.’s Information Commissioner’s Office (ICO).” ICO also cited TikTo’s failure to provide users with a transparent explanation of how their data is handled. TikTok publicly disagreed with the allegations.
Airlines Seek Privacy Regulation
Who regulates data privacy in the air? That’s the question the International Air Transport Association (IATA) wants answered. The organization last week submitted a working paper to the 41st ICAO Triennial Assembly inquiring about which regulators airlines should comply with when handling consumer data. IATA’s director of legal services, Lesli MacIntosh noted the confusion and compliance headache facing the industry: “After all, passengers must provide personal information to an airline to travel internationally, and their data must move with them as an inherent and expected aspect of the journey. There are airline-to-airline, airline-to-provider, and airline to-government data exchanges. If any part of this is disrupted by cumbersome legislation, the passenger will suffer inconvenience, delays, or even denial of travel.” IATA is hoping for an international treaty, or at least to have airlines’ unique positions considered when regulators draft laws.
Massachusetts Delays Privacy Law
The Massachusetts Legislature has delayed a decision on a data privacy bill. An Act Relative to Consumer Data Privacy (S.120) was introduced in 2019 with a private right of action included. After much debate, another bill was introduced to replace S.120 in 2021. The Massachusetts Information Privacy and Security Act (H.142) also failed to pass, and was replaced again by the Massachusetts Information Privacy and Security Act (H.4514). That bill is currently being reviewed under a study order with the Joint Committee on Health Care Financing.
Australia Looks to Improve Data Breach Alerts
After Australian telecom giant Optus disclosed a giant data breach last week, Cybersecurity Minister Clare O’Neill announced pending reforms to the country’s data privacy rules, and Prime Minister Anthony Albanese suggested that financial institutions should receive alerts when such breaches happen. Trevor Long, a tech industry analyst in Sydney suggested an even simpler solution: “The government needs to put in place a simple credit-blocking mechanism for people to use to turn off the ability for credit to be applied for under their name. Turn it on when you want a loan or credit card, turn it off when you don’t. That off switch effectively cuts off any fraudsters at the first hurdle.”
BREACH REPORT:
* * * * * * *
To read our article on recently introduced amendments that would extend the California Consumer Privacy Act’s (“CCPA”) temporary exemptions for the collection of personal information derived from job applicants, employees, and contractors (collectively, the “workforce”) for an additional two years until January 1, 2025, click here.
To browse through our previously published articles and news alerts, please visit our website, and don’t forget to subscribe to receive free weekly Data and Cyber Governance news and Breach Reports directly to your email.
This week our guest, Carlos Solari, VP of Product for SecureG, Inc., will join our host Jody Westby to discuss t 5G availability, how an orchestrated 5G attack could occur, how to rethink the security problem with 5G, and how 5G is connected to national security. New episodes are generally released each week, here. They can be enjoyed on Spotify and Apple Podcasts.
Our most recently released episodes:
78 | The Nexus Between Privacy, Cybersecurity & National Security
77 | Privacy & Cybersecurity Whistleblowers: A New Trend?
76 | Privacy Governance v. Cybersecurity Governance
Don’t forget to subscribe!