Tsaaro Weekly Privacy Newsletter
15th April, 2022
15th April, 2022
Tsaaro Weekly Privacy Newsletter
15th April, 2022
15th April, 2022
AI and Data Privacy
Artificial Intelligence (AI) at its most simple, is a sub-field of computer science with the goal of creating programs that can perform tasks generally performed by humans. ‘AI’ is used as an umbrella term to describe a collection of related techniques and technologies including machine learning, predictive analytics, natural language processing and robotics.
One of the most important reasons businesses want to have lots of data is to know as much about the market, us, as possible. AI has made that focus more and more accurate. While business has been becoming more invasive, governments have begun to look at and pass regulations that begin to provide certain limits. Privacy matters to the electorate, and smart business looks at how to use data to find out information while remaining in compliance with regulatory rules.
AI has made the challenge both more addressable and more of a risk. The ability to train a deep learning (DL) system on large amounts of data has increased the speed of analysis and results, but the need for more and more data increases the risk of lack of privacy.
Some privacy challenges of AI include:
- Data persistence – data existing longer than the human subjects that created it, driven by low data storage costs
- Data repurposing – data being used beyond their originally imagined purpose
- Data spillovers – data collected on people who are not the target of data collection
One of the instances of AI overstepping in terms of Privacy being, the Office of the Australian Information Commissioner found Clearview AI in violation of the Australian Privacy Act for the collection of images and biometric data without consent and announced its intent to impose a potential fine of over 17 million GBP for the same reason.
With increasing enforcement and new regulations underway, ensuring privacy compliance of AI systems will become a minimum requirement for the responsible use of AI.
Want to make sure your organization is using AI cognizantly? Click here to see how Tsaaro can help.
Major Privacy Updates of the Week
Dutch Government Agencies Fined for serious GDPR violations
The GDPR transparency principle establishes that people must be able to find and understand information that data processors share with them, and that processors must provide the information in a reasonable timeframe. Processors must also inform the data subjects of changes and further processing of their data.
It comes after the Dutch Data Protection Authority (DDPA) found flaws in the way data in the National Visa Information System (NVIS) was handled and shared. The Ministry of Foreign Affairs processes the ‘special personal data’ of roughly 530,000 visa applicants through the NVIS each year – including fingerprints and passport photos. Stricter security requirements apply to special personal data, which the DDPA said were not followed at various Dutch embassies and consulates abroad that accessed the NVIS.
Dutch Government Agencies Fined for serious GDPR violations
The GDPR transparency principle establishes that people must be able to find and understand information that data processors share with them, and that processors must provide the information in a reasonable timeframe. Processors must also inform the data subjects of changes and further processing of their data.
It comes after the Dutch Data Protection Authority (DDPA) found flaws in the way data in the National Visa Information System (NVIS) was handled and shared. The Ministry of Foreign Affairs processes the ‘special personal data’ of roughly 530,000 visa applicants through the NVIS each year – including fingerprints and passport photos. Stricter security requirements apply to special personal data, which the DDPA said were not followed at various Dutch embassies and consulates abroad that accessed the NVIS.
New malware could allow ‘low-skill’ hackers to disrupt critical infrastructure
US security agencies have warned of the emergence of new malware that targets industrial control systems. Although Russia is believed to be behind the new tools, their design could allow “lower-skilled” hackers to disrupt critical national infrastructure, researchers have warned. US security agencies including the FBI warned yesterday that “certain advanced persistent threat actors have exhibited the capability to gain full system access to multiple industrial control system /supervisory control and data acquisition devices using custom-made tools”.
New malware could allow ‘low-skill’ hackers to disrupt critical infrastructure
US security agencies have warned of the emergence of new malware that targets industrial control systems. Although Russia is believed to be behind the new tools, their design could allow “lower-skilled” hackers to disrupt critical national infrastructure, researchers have warned. US security agencies including the FBI warned yesterday that “certain advanced persistent threat actors have exhibited the capability to gain full system access to multiple industrial control system /supervisory control and data acquisition devices using custom-made tools”.
Attackers are abusing Spring4Shell vulnerability to spread Mirai botnet malware
Miscreants have started abusing the recently discovered Spring4Shell vulnerability as a vector for the spread of the Mirai botnet. Trend Micro researchers have noticed the active exploitation of Spring4Shell – a critical vulnerability in VMWare’s Spring Framework’s Java-based Core module – to hack into unpatched devices before infecting them with the Mirai malware. Exploitation began at the start of April in attacks focused on systems in Singapore, according to Trend Micro.
Attackers are abusing Spring4Shell vulnerability to spread Mirai botnet malware
Miscreants have started abusing the recently discovered Spring4Shell vulnerability as a vector for the spread of the Mirai botnet. Trend Micro researchers have noticed the active exploitation of Spring4Shell – a critical vulnerability in VMWare’s Spring Framework’s Java-based Core module – to hack into unpatched devices before infecting them with the Mirai malware. Exploitation began at the start of April in attacks focused on systems in Singapore, according to Trend Micro.
Fox configuration error leads to 13 million users’ data becoming public
A configuration error exposed millions of internal records traced back to Fox News, including personally identifiable information on employees. Per the findings of security researcher Jeremiah Fowler and the Website Planet research team, this included internal Fox email addresses, usernames and employee ID numbers for those using the company’s site.
“A large number of incidents and breaches can be traced back not to aggressive attacks, but rather to simple technical or human error,” “In this incident, a configuration error exposed millions of internal records, including PIIs on employees.”
Fox configuration error leads to 13 million users’ data becoming public
A configuration error exposed millions of internal records traced back to Fox News, including personally identifiable information on employees. Per the findings of security researcher Jeremiah Fowler and the Website Planet research team, this included internal Fox email addresses, usernames and employee ID numbers for those using the company’s site.
“A large number of incidents and breaches can be traced back not to aggressive attacks, but rather to simple technical or human error,” “In this incident, a configuration error exposed millions of internal records, including PIIs on employees.”
Cash app breach affecting 8m users
Fintech giant Block, formerly known as Square, has confirmed a data breach that affected 8.2 million users, involving a former employee who downloaded reports from Cash App that contained some U.S. customer information.
In a filing with the Securities and Exchange Commission (SEC) on April 4, Block said that the reports were accessed by the insider on December 10. “While this employee had regular access to these reports as part of their past job responsibilities, in this instance, these reports were accessed without permission after their employment ended,” the filing reads.
Cash app breach affecting 8m users
Fintech giant Block, formerly known as Square, has confirmed a data breach that affected 8.2 million users, involving a former employee who downloaded reports from Cash App that contained some U.S. customer information.
In a filing with the Securities and Exchange Commission (SEC) on April 4, Block said that the reports were accessed by the insider on December 10. “While this employee had regular access to these reports as part of their past job responsibilities, in this instance, these reports were accessed without permission after their employment ended,” the filing reads.
WEEKLY PRIVACY NEWSLETTER
Keep up to pace with this high-impact weekly privacy newsletter that
features significant data privacy updates, trends, and tools that can
help to make your life secure & easier every day!
*By clicking on subscribe, I agree to receive communications from Tsaaro