Daily Digest (5/5)

Acting US Intelligence Chief Orders Review of Data-Handling by 17 Agencies; UK Officials Release Privacy Guidelines for COVID-19 App; Ireland Backs Apple-Google Coronavirus Tracking Device; Indonesian E-Commerce Platform Probes Data Leak of 91M Users. Click “Continue reading” below.

Acting US Intelligence Chief Orders Review of Data-Handling by 17 Agencies

Acting Director of National Intelligence Richard Grenell has ordered all 17 intelligence agencies to review how to handle and share information that identifies individual citizens to ensure compliance with privacy policies and procedures.

The review concerns whether citizens, including those with permanent residency, are in compliance with strict privacy policies and procedures, according to a memo Grenell signed last week that was reviewed by CBS News.

The agencies — the CIA, National Security Agency, military intelligence and Homeland Security, among them — have 30 days to report findings and to identify necessary actions, according to CBS.

Grenell, who became the acting chief in February, signed the memo — “Protecting the Privacy and Civil Liberties of U.S. Persons” — on April 29.

The document does not specify the impetus for the review, however.

The goal of the review, in part, is to “ensure the rules … are consistently applied,” Grenell said.

A senior administration official told CBS that the review reflected continuing concern over the handling of such individual information during the last election cycle.

Source (external link):
CBS News, Acting Intelligence Chief says he’s “increasingly concerned” over handling of sensitive U.S. person information among agencies and orders broad review 

UK Officials Release Privacy Guidelines for COVID-19 App

The U.K. Information Commissioner’s Office released a 10-point outline of its data-protection expectations for NHSX’s contact-tracing app.

“The ICO recognizes the importance of the app as one part of a package of measures in the U.K.’s fight against the COVID-19 pandemic,” the office said in a statement, “while recognizing that an app cannot be used to address all the challenges of supporting citizens appropriately.”

The guidelines included such rules as “be transparent about the purpose” of the app, “be transparent about your design choices,” “be transparent about the benefits,” “collect the minimum amount of personal data necessary” and “protect your users.”

Source (external link):
ICO org, COVID-19 Contact tracing: data protection expectations on app development 

Ireland Backs Apple-Google Coronavirus Tracking Device

Ireland has opted for a virus contact-tracing telephone app backed by Apple Inc. and Google, saying the device “maximizes the protection of privacy.”

Ireland Health Minister Simon Harris said the app was “ensuring continuing alignment with the EU guidance” on data protection, BBC News reports.

But Harris cautioned that the option also should be the most effective.

“The Irish team is working closely with EU counterparts and with the NHS to support the achievement of interoperability, recognizing that no one country alone can resolve that,” Harris said in a statement.

Despite potential obstacles, the goal is “to ultimately achieve interoperability internationally within the EU and between Ireland, Northern Ireland and the U.K.,” he said.

Source (external link):
BBC, Coronavirus: Ireland and UK opt for different tracing approaches 

Indonesian E-Commerce Platform Probes Data Leak of 91M Users

Tokopedia, Indonesia’s largest e-commerce platform, said it was investigating an attempted hack and claims that the details of millions of its users had been leaked online.

“We found that there had been an attempt to steal data from Tokopedia users,” a company spokesman told Reuters over the weekend.

“However, Tokopedia ensures that crucial information such as passwords remains successfully protected behind encryption.”

On Saturday, Under the Breach data-monitoring firm published a Twitter post showing screenshots from an unnamed individual who claimed he had acquired the personal details of 15 million Tokopedia users during a hack in March on the site.

The screenshots showed names, emails and birthdays. The hacker also alleged to have possession of a much larger user database and asked for assistance to “crack” passwords.

Under the Breach said Sunday that the hacker had updated the post to offer the details of 91 million users for “$5,000 on the Darknet.”

The firm shared a screenshot of the hacker’s proposed offer that was posted online, Reuters reports.

Source (external link):
Reuters, Indonesia’s Tokopedia probes alleged data leak of 91 million users

— By DPN Staff