• ADG Consultants

Briefing: Global Data Governance Headlines (October 2019)


Global: 7 million Adobe Creative Cloud account records were left exposed on the internet. IT security analysts did not known when the database first appeared. The data was not particularly sensitive, those leaked data include email address, account information, member IDs and payment status etc. [1]


AUS: 7-Eleven fuel app suffered a data breach that allowed customers to view the names, email addresses, mobile numbers and dates of birth of other users. In Australia, companies are required to inform the Office of the Australian Information Commissioner regarding data breach that is likely to result in serious harm. [2]


HK: The Privacy Commissioner for Personal Data, HK (PCPD) has released a media statement in response to the recent increase of doxing activities on the internet in Hong Kong, which has become a major concern for privacy protection. The PCPD stated that it has encountered multiple difficulties in investigation and follow-up actions. The PCPD opined it is necessary to enhance its investigation and enforcement powers, such as: -


(1) giving the PCPD clear powers to conduct comprehensive investigation and direct prosecution of criminal offences under PDPO;


(2) amending the scope of protection to include platforms and webpages that have relatively close connection to Hong Kong;


(3) The PCPD being able to directly issue prohibitive orders to require the relevant social media platforms or websites to remove and stop uploading “doxing contents/posts and to require the relevant social media platforms to provide personal data of those posting “doxing” messages;


(4) Expanding the scope of legal assistance provided to the victims by the PCPD to assist the victims to apply to the court for an interim injunction;


(5) join forces with other jurisdictions to develop a mutual assistance mechanism in the investigations of criminal offences relating to personal data so that “doxing” acts on the internet could be tackled with concerted efforts. [3]


Legal: The Australian Competition and Consumer Commission (ACCC) began proceedings against Google in NSW, alleging it breached the law through series on-screen representations made as users. The ACCC alleges that when customers set up Google accounts on phones and tablets in 2017 and 2018, they would incorrectly believe that “Location History” was the only setting that affected whether Google was collecting user’s location information. In fact, “Web & App Activity” would also need to be switched off if users did not want their location data collected. [4]


[1] ‘7 million Adobe Creative Cloud accounts exposed to the public’, Comparitech, dated 25 October 2019 (https://www.comparitech.com/blog/information-security/7-million-adobe-creative-cloud-accounts-exposed-to-the-public/)


[2] ‘7-Eleven fuel app data breach exposes users’ personal details’, The Guardian, dated 25 October 2019 (https://www.theguardian.com/technology/2019/oct/25/7-eleven-fuel-app-data-breach-exposes-users-personal-details)


[3] ‘Privacy Commissioner’s Response to Media Enquiries about Chief Executive’s Suggestion of the Need for Legislative Amendment to Tackle Doxxing’, PCPD’s Media Statement, dated 18 October 2019

(https://www.pcpd.org.hk/english/news_events/media_statements/press_20191018.html)


[4] ‘Google sued by ACCC after allegedly misleading customers over location data collection’, The Guardian, dated 28 October 2019 (https://amp-theguardian-com.cdn.ampproject.org/c/s/amp.theguardian.com/technology/2019/oct/29/google-sued-by-accc-after-allegedly-misleading-customers-over-location-data-collection)

5 views

© 2020 by Aurum (Data Governance) Consultants Ltd