Recently, data leakage incidents have once again attracted public attention. Sweden experienced the most serious data leak in history, with more than 100 million users of India’s telecom operator Jio information “stuck.” Under the UK New Data Act, companies such as Google and Facebook, which have a large amount of data and user information, have received heavy penalties. The battle to defend data privacy worldwide has been further upgraded.
Data leakage is everywhere
There have been a number of data breaches in the recent past, involving various types of data from multiple countries, indicating that the risk of global data leakage has not received sufficient attention.
Last month, Sweden experienced the largest data breach in history. Swedish Prime Minister Levin announced the removal of the duties of the Minister of the Interior, Anders Yyeman, and the Minister of Infrastructure, Anna Johansson, on the grounds that the two had improperly dealt with a traffic data leak incident. Swedish media quoted Levin as saying that this was a disaster.
On July 24, the Swedish government admitted that large-scale data leakage occurred in the outsourcing of Internet engineering services. According to Swedish television, in order to save costs by streamlining the process, the Swedish Transport Authority outsourced the IT system management and maintenance project in 2015. However, during the outsourcing process, it illegally operated and uploaded the uncensored traffic database to the outsourcing company in another country. database.
One of the outsourcing companies is the IBM Sweden branch. The company's servers are actually located in the Czech Republic, meaning Czech computer engineers employed by the company can easily access sensitive data. Another outsourcing company is a Serbian communications company that is responsible for maintaining the Swedish Transport Authority's network firewalls and communications systems, as well as having access to relevant data.
Information that may have been leaked includes information on Swedish motor vehicle drivers, sensitive information on bridges, subways, roads, and ports, and even the Swedish police and military’s vehicle information and defense plans.
Another message revealed that the Swedish Transport Authority also had major security risks in uploading data. For example, the staff first uploaded all data to an unprotected cloud server, and then sent the link to the outsourcing company via email.
The former head of the Swedish Transport Authority, Maria Agron, was dismissed in January this year and was fined 70,000 Swedish kronor (about 5.8 million yuan), but the government did not disclose the reasons for the first time. The Swedish Transport Authority only recently admitted that Agglunn bypassed a number of laws and regulations and internal regulations that protect sensitive information during the outsourcing process.
Hacking also exposes user information. The US “Fortune” website reported that Trump International Hotel Management Co., Ltd. on July 11 said that due to the hacking of a service provider’s system, customer’s credit card payment details of 14 hotels were leaked.
A notice on this hotel website showed that hackers attacked Sabre's central booking processing system, which caused the disclosure of customer booking information in some hotel chains. The information leaked included the payment card number and the security code of the card. . The attack was part of a cyber attack on the Sabre booking system disclosed in May this year. Worldwide, Sabre's reservation system is used by nearly 32,000 hotels. Sabre informed Trump hotels on June 5 that customer information was leaked at Trump chain hotels in Las Vegas and Chicago. Sabre said that the leak occurred only at Sabre Hospitality Solutions, the hotel's reservation service system. The hotel computer system itself was not affected.
It is worth mentioning that last year Trump Hotels had more than 70,000 credit card numbers and more than 300 social security number leaks. As the guests were not informed immediately, Trump Hotel was fined $50,000 by the State of New York. As part of the settlement agreement, the hotel agreed to pay a fine and agreed to update safety technology. Obviously, the system was attacked again means that the hotel failed to fulfill its commitment to protect the security of the system.
According to the UK’s technology news site The Register, it was reported that in July of this year, the data.gov.uk website users’ names, emails, and passwords were found to be accessible on third-party websites. Users who registered this site before June 20, 2015 were affected. The British Government Digital Services Agency stated that it immediately removed the data from the public area and reported it to the relevant agencies. The British government has suggested that users who are leaked information need to reset their passwords.
A similar situation has occurred in India, but it is bigger and more harmful. In early July, some media reported that the information of more than 100 million users of Jio, a telecommunications operator in India, was leaked. Users found that entering a mobile phone number under the Jio network on the Magicapk.com site to make inquiries will include users of this number. The name, email address, activation date of the number, network access location, personal identification number and other personal information. This is seen as the largest data breach in the history of the Indian telecommunications industry. Subsequently, the website suspected of divulging information has been unable to open.
Network security analyst Srinivas Kodayi said that these user information appeared on a web forum as early as June of this year. It also appeared in the “dark network” (the huge number of “stealth” websites on the Internet). Screenshots of user information. Jio is affiliated with Indian Reliance Industries and is a rising star in India's mobile communications market. The faithful chairman Mukesh Ambani was named the richest man in India by Forbes magazine.
Data security supervision needs to be improved
The frequent occurrence of data leakage events exposes the governance loopholes in the Internet era. It also exposes many contradictions in data privacy protection and supervision, protection and sharing in the Internet era, and sets higher requirements for the formulation and implementation of relevant laws and regulations in various countries.
After the disclosure of the Swedish Transport Authority’s disclosure of information, although there is no evidence that such information has fallen into the hands of criminals, it has caused the turmoil in the Swedish political arena. The chairman of the opposition party at the press conference severely accused the current government of protecting Swedish national security. Seriously blamed. The opposition coalition plans to launch a vote of no confidence in the defense ministers and other officials and demand that they step down to be responsible for the leak.
Swedish Prime Minister Levin admitted that the leak was a failure of Swedish cyber security. He revealed that the Swedish government is drafting a new security act that imposes stricter regulations on outsourcing businesses that involve national security. The bill will take effect in January 2019.
In fact, in the EU, the protection regulations for data security are constantly improving.
In December 2015, the European Union adopted the "Regulations on General Data Protection." In the form of European Union legislation, the principle of protection of personal data and supervision methods have been established to prevent personal data from falling into a "streaking" situation. Regarding the question of the free flow of information that plagued the EU and the United States, the European Court of Justice also issued a ruling rejecting the EU’s agreement with the United States “Information Security Harbour”.
After the “Prism Gate” incident, the United States set off a climax of personal information protection. In addition to the “Privacy Protection Law,” laws such as the “Children's Online Privacy Protection Act,” “Email Privacy Act,” and new regulations for privacy protection of broadband users have been issued one after another. Regulations. In addition, the United States has also joined hands with the European Union to create an "European and American Privacy Shield" agreement to replace the previous "Information Security Port" agreement to protect the security of transnational personal data.
Some major British institutions have been hacked to varying degrees this year. For example, after the British National Health System service system was invaded by ransomware viruses in May, many hospitals were paralysed and had to stop receiving patients. Medical services such as ambulances were also affected, which led many experts to urge the government to strengthen data protection.
The United Kingdom itself has long had data protection laws. But many years ago, the United Kingdom had an “age” plan and shared the United States National Security Agency’s determination of suspected targets and access to communications records of the people, such as reading call records, email content, and social networking sites. Information such as login method. Some telecom companies were forced to choose to transfer “part or all” of their communications services overseas. Enterprises and overseas communications service providers had to agree privately with the British authorities to allow intelligence agencies to have access to communications data outside the United Kingdom under “appropriate legal authority”. .
As data privacy and security issues become more and more prominent, the British government announced that it will revise relevant legal provisions and strengthen the protection of personal data privacy.
The situation in the UK reflects the gradual progress from disharmony to perfection in supervision and privacy protection. In fact, this situation also exists in other countries.
For example, in order to prevent organized terrorist acts, Australia’s “Compulsory Retention of Communications Data Act” took effect in March 2015. Through legislation, the Australian government requires its domestic telecommunications operators Telstra and Optus to save user's communication data, such as telephone records, IP address, detailed information of SMS, address of data, etc., and the retention period is 2 years.
In this regard, Australians have their own opinions. Most people expressed support for this, agreeing to use the taxpayer’s money to apportion the high cost of A$131 million per year required for the network company to store its data. There are also civil liberties advocates believe that this may reveal personal privacy instead. This new data law was implemented in the dispute.
In India, in 2013, its government launched a wide-ranging surveillance system that allows the government to eavesdrop on conversations in recorded telephones, read private emails and text messages, monitor postings on social networking platforms such as Facebook and Twitter, and track individuals Search targets and traces on Google. The security department does not need the court's monitoring orders, nor does it need to tell the operator to obtain communication materials. Until now, India has no formal privacy laws.
Germany has the strictest privacy protection law in the world. In 1977, the Federal Government of Germany introduced the "Federal Data Protection Act" applicable to Germany as a whole. The scope of the restriction includes areas such as electronic communications and the Internet to prevent privacy violations caused by leakage of personal information. Within the government, the Federal Commissioner for Data Protection and Freedom of Information has also been set up to oversee the actions of government agencies in the protection of personal data. German states also have data protection commissioners to supervise the behavior of state government agencies in a similar manner.
Even so, there is controversy regarding the protection of personal information. After the famous "Wings of Germany" crash, this controversy never stopped in Germany.
Business opportunities and restricted areas coexist
Protecting data privacy is becoming more and more important, which is undoubtedly a boon to users. For different companies, the protection of data privacy means not only business opportunities but also more restrictions.
Data privacy protection brings business opportunities. Intel recently announced at the "Intel Xeon Scalable Processor Conference" held in New York that it is working with financial innovation company R3 to strengthen data privacy and security of its Corda blockchain platform.
As part of solving Corda data privacy and security, the platform only sends data to “need to know” people, unlike most blockchain applications. This feature stems from the requirements of financial institutions and needs to ensure the confidentiality of trade and agreements. Corda has solved many problems identified by more than 80 members worldwide. For Intel and R3, the need for data privacy protection has undoubtedly spawned new business opportunities.
Emerging companies are also involved in the data privacy protection industry.
Privitar, a UK fintech start-up, recently announced that the company has secured a $16 million Series A round of financing that will be used to expand its technology platform and expand its business in the US market. The company’s co-founder and chief executive officer, Jenson Bretz, characterized it as “private engineering” and stated that its goal is to predict customer behavior through big data analytics, while ensuring that customer privacy information is kept strictly confidential. Increase the value of your data.
At the same time, due to data privacy issues, some companies have been warned or convicted of breaking the law.
British media reported in August that the British government will introduce a new law designed to supervise and force social media companies and online traders to delete people’s personal data and protect their rights and interests. The British Digital State Minister Matt Hancock said that this is a "forgotten right" for these companies. From then on, they can no longer use the default online "tick check box" to unconditionally use the people's personal information.
According to the Act, the Office of the UK Information Commissioner has the power to impose a fine of up to 17 million pounds (approximately 149 million yuan) on companies that violate the data laws, or to collect 4% of the company’s global turnover. However, one of the main purposes of the bill is to replace the data protection law and ensure that the UK's laws comply with the EU's General Data Protection Act so that the data can continue to circulate in the UK after the Brexit. The definition of “personal data” will also be expanded to include IP addresses, Internet cookies and DNA. At the same time, new criminal offences will be defined, preventing some companies from identifying anonymous information on a deliberate or reckless basis.
Although the new data bill has yet to be announced in more details, the outside world believes that this move by the UK is undoubtedly the strongest warning to Google, Facebook and other technology companies that use user data to push advertisements and sell products. Facebook ads that pop up from time to time on Facebook will disappear on the UK regional page, and users are expected to switch from being forced to sign commercial email messages to the mode of obtaining such information if they need to expressly agree.
In early July of this year, the UK’s highest privacy protection regulator also ruled that DeepMind’s important medical experiment violated the UK’s data protection law.
Google’s DeepMind has reached an agreement with the UK National Health Service NHS Trust to allow access to the medical records of approximately 1.6 million patients in three NHS hospitals. However, the UK’s highest privacy protection regulator stated that the experiment did not tell patients how to use medical record data.
The department believes that when DeepMind launched the experiment, the main purpose was to see if the mobile application APP worked properly and whether the medical staff liked the interface, rather than trying to improve the treatment effect. Elizabeth Denheim, the UK information commissioner, said: “Patients do not want their information used in this way.” Later, DeepMind and the NHS signed a commitment to change the way data is processed.Acrylic Anti Blue Light Filter, Blue Light Screen Protectors, Blue Light Filter For Pc, Anti Blue Light Filter
