Data Privacy Day rolls around year after year, and data privacy breaches likewise:
There are continued breaches of data privacy, and according to Omdia's Security Breaches Tracker, approximately two-thirds of security breaches involve data exposure, many of these of personally identifiable information (PII). Data Privacy Day serves to highlight the inadequacies of data protection and to support the confidentiality of information.
Omdia's Cybersecurity Decision Maker survey, conducted in the second quarter of 2022, found that 32% of organizations are "extremely confident" in their organization's security controls, and a further 58% describe themselves as "reasonably confident." However, this confidence is likely misplaced. The same survey found that 77% of organizations have suffered numerous security incidents and breaches, some with a severe impact on the organization. Realistically, strong security controls should be preventing some of these incidents and breaches.
[...] Better cyber hygiene would result in few breaches of data privacy; however, cyber hygiene is not a one-and-done task. Cyber hygiene can be defined as the good practice that all organizations can follow to minimize the opportunity for cybersecurity incidents to materialize. Examples include timely patching, password management, backups, and more.
[...] Data privacy legislation has been enacted around the world, and there are plenty of examples of breaches of data privacy legislation. A significant fine of €390 million was issued to Meta (which owns Facebook) for breaking EU data laws on using personal data to deliver targeted advertisements. The ruling rejected Meta's argument that when people engage with social media platforms, such as accepting terms and conditions, they are actually agreeing to receive personalized ads. The ruling was made this month (January 2023), and Meta plans to appeal the decision.
Some consumers are becoming more savvy about their data and how it should be kept private. However, apathy and lack of knowledge are also evident among customers when it comes to data privacy: Many are not always aware of what they are signing up for or don't care about what they are signing for because they get something for free.
[...] It is incumbent upon those responsible for data privacy at an organization to look after their customers' data in the same way that they would expect other organizations to look after personal data about them. There is no doubt that maintaining data privacy is a challenge, but it must be tackled head on as a component of winning and maintaining customer trust. Data Privacy Day serves to remind everyone that data is precious and must be looked after.
(Score: 2, Insightful) by Anonymous Coward on Tuesday January 31 2023, @04:20AM (2 children)
The Commonwealth Bank now requires all customers to allow their photo identification such as a drivers license to be scanned. CBA does not state exactly what they do with this data [commbank.com.au] and how it will be used, which in itself appears to be a breach of the Australian Privacy Act [oaic.gov.au]. Specially, "open and transparent management of personal information [oaic.gov.au]". I have asked what exactly they are doing with the scan of photo ID information for which they refuse to say. CBA also appear to be violating APP3 [oaic.gov.au] - Collection of solicited personal information - Personal information must only be collected by lawful and fair means and Collecting personal information that is ‘reasonably necessary’ for an APP entity’s functions or activities. CBA cannot answer why a scan of a photo ID is required as opposed to sighting the ID or using the ID number to validate it. They cannot or will not answer these questions, and they must do so.
How can we trust these people?
(Score: 0) by Anonymous Coward on Tuesday January 31 2023, @04:36AM
the Optus data breach [cyber.gov.au] affected half the Australian population. do businesses really need to store a scanned copy of everyone's ID? is this just to collect people's face information for biometrics? is there any way to find out?
(Score: 3, Interesting) by jb on Wednesday February 01 2023, @04:49AM
Why look for a way to trust the untrustworthy?
More useful questions might be: which banks do not practice such skulduggery? And how quickly can you move all of your accounts there?
In other words, vote with your wallet.
(Score: 1) by shrewdsheep on Tuesday January 31 2023, @10:47AM (3 children)
I am not aware of any breach of actual transaction data of banks. It seems to me that data can be protected if there is willingness and funding to implement appropriate procedures. It just seems that shortcuts are being made as soon as punishment seems mild enough. The only way forward seems to fine companies or institutions heavily not just for consciously breaking the law (Meta) but also for any data breach whatsoever.
(Score: 4, Interesting) by HiThere on Tuesday January 31 2023, @02:18PM (1 child)
No. The only way forwards is to fine the MANAGEMENT of the companies. Fining the companies doesn't help when the managers that made the decision may have left already. Companies don't really exist as entities, but only as organizations. The procedural decisions come from the management.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 3, Insightful) by acid andy on Tuesday January 31 2023, @03:36PM
Won't that lead to some sneaky tactics where somehow the little guys are forced into being dressed up as the legal "management" whilst somehow deprived of any true decision making power (probably via some kind of pressure) and not paid as much as the original management of course. Those figureheads become the future scapegoats while the guys making the big bucks go free. In that situation you'd have to go after whoever's making a large income from the organization and you'd better be sure the income's not being hidden. Constant scrutiny is needed.
If a cat has kittens, does a rat have rittens, a bat bittens and a mat mittens?
(Score: 0) by Anonymous Coward on Wednesday February 01 2023, @12:16PM
Then how is this still happening: https://www.news.com.au/finance/business/ubank-hacking-man-has-20k-drained-from-bank-account-after-details-leaked-by-optus-medicare/news-story/171dd9d5aeb425162f32a6fadd85198a [news.com.au]