Data Protection News Digest

Here are some stories and press releases that have caught my attention this week.

International Transfers - New ICO Tool Published

Yesterday, Thursday, 17th November, the UK's Information Commissioner finally published its updated guidance on International Data Transfers and provided a Transfer Risk Assessment (TRA) tool.

The tool provides you with six questions for you to answer. The tool has been designed for simple one-way data transfers to one destination. You must modify the tool to review a complex international data transfer.

If you need clarification on International Data Transfers and you will not be alone, I hosted a webinar earlier this year, where I talked through a process to follow. The link to the recording is below.

French Defence and Technology Group Thales Hacked

Last week it was reported that Thales had experienced the 2nd cyberattack from the ransomware gang known as Lock bit 3.0 and that data was being published on the dark web. The gang asked for a ransom to be paid by the 7th November; if this deadline date were not met, data would be published. Any payment was not made, and 9.5GB of archive data was published.

It is still determined whether personal data formed part of the released information. You can read an article about the security breach below.

Suffolk Police Accidentally Publish Data on Sexual Assault Victims to its Website.

The amount of emotional distress and potential physical harm that could be caused to survivors of sexual violence by this data breach is unimaginable. Reading various articles on this matter, details released included victims' names, addresses, birth dates, and the alleged sexual offences committed.?

The incident has been reported to the Information Commissioner's Office, and I really hope that some action will be taken.

No DPO at Elon's Twitter

Elon Musk's takeover of the social media company Twitter has been on over the news. You may have read that there has been a downsizing of staff. What does this have to do with data protection? Earlier this month, CISO Lea Kissner, chief privacy officer Damien Kieran, and chief compliance officer Marianne Fogarty all walked out the door en masse. So... who is the DPO?

The TechCrunch article states that the Irish Data Protection Authority put Twitter on watch.

by signaling public concern when it said it would be putting questions to the company about the status of its main establishment in Ireland at a meeting scheduled for early this week, to discuss all the recent privacy changes since the Musk takeover.        

Unsurprisingly, there has been no response from Musk. Please click the link below if you want to read the full article.

There is never a dull day in the world of data protection. Please let me know what you think about these articles or others that have caught your attention.