Data Privacy News Bytes 13th January 2020

The California Consumer Privacy Act (CCPA) Comes Into Force

On the 1st January the highly anticipated CCPA came into force, with implications globally for businesses who process the personal data of Californian citizens.

To find out more about the CCPA, including who it applies to and what the requirements are, take a look at our CCPA blog post and keep an eye out for Sovy’s CCPA Privacy Essentials, coming soon.

ICO Delay BA and Marriott Fines

The ICO issued a delay to the fines due to be imposed on British Airways and Marriott. The fines will now be issued on the 31st March 2020. Between then and now, both companies will be given the opportunity to contest the value of the fines.

Most Cookie Consent Managers Flout EU Rules, Study Finds

A study carried out by MIT, UCL and Aarhus University suggests the 11.8% of the most popular Consent Management Platforms (CMP) fail to adhere to the EU rules around cookie consent, which must be informed, specific and freely given.

Unlike many alternative providers, the Sovy Cookie Consent Manager is adheres to the requirements set out in the GDPR, and is available to users on all of our GDPR Privacy Essentials packages, including the Free Start package.

DSG Retail Limited Fined £500,000 Under GDPR

The ICO issued a fine to DSG Retail Limited after a cyberattack affecting at least 14 million people. Personal data including card details, names, email addresses, postcodes and failed credit checks were accessed.

The retailer was found to have inadequate safeguards in place to protect the personal data from attack.

HSE Ireland Must Pay Millions to Secure Files

The HSE, Ireland’s healthcare authority, will have to hand over millions in unnecessary fees to Microsoft after failing to upgrade most of their systems to protect against cyberattacks.

Many PCs were still running Windows XP or 7, making them highly vulnerable to cyberattacks, despite repeated warnings from Microsoft and IT security experts.

Travelex Suffers Massive Cyberattack – Halts Currency Service

After a massive ransomware cyberattack, currency service Travelex shuts down its currency service causing problems at Lloyds, RBS, Barclays, Sainsburys and Tesco – all of whom buy their foreign currency from the firm.

Travelex claim there is no evidence that customer data has been compromised, but the hacker group claiming responsibility says it has downloaded 5GB of customer data and are threatening to sell it online if Travelex don’t pay a six-figure ransom. An ICO spokesperson said Travelex had not made any data breach report to them, as of the 9th January 2020.

Facebook Claim CCPA Doesn’t Apply to Them

Despite holding one of the world’s biggest repositories of personal data, Facebook claim that the CCPA doesn’t apply to them and they therefore will not change the way the process personal data.

Their reasons for this decision are complex but hinge on one key argument around the way the enable advertisers to target their ads.

Ultimately it is a risky decision, since Facebook could faced penalties of thousands of dollars for each individual who successfully raises a complaint. No doubt they will rely on being able to prove their logic in court.

Austria’s Foreign Ministry Subject to Serious Cyberattack

Austria have reported a serious cyberattack levelled at their foreign ministry, thought to have been carried out by another country. The ministry said they recognised it very quickly and took immediate steps to rectify the situation.


Protect your organisation with eLearning, tools and advisory services from Sovy.