Privacy Experts Alarmed at Oracle’s Role in Proposed TikTok Deal

By Charles McDermid

The impact of the White House’s decision to ban TikTok and WeChat that began Sunday remained unclear, but global privacy experts were alarmed that Oracle Corp. could still become the “trusted technology partner” of the Chinese owner of the two widely popular apps.

They told Digital Privacy News that the possible deal marked the start of a global era of data localization, as nations scrambled to keep citizens’ personal data within their own borders. 

“It’s easier for a government to request data stored on its territory, provided that its laws authorize it,” said Emmanuel Pernot-Leplay, a researcher in data-protection law at Tilburg University in the Netherlands. “It’s much more difficult when it has to make a request for such data when they are stored abroad.

Schools See Rise in Cyberthreats With Online Learning

By Samantha Cleaver

This fall, back to school means back on defense.

Schools in Haywood County, N.C., started remote learning last month. They then closed abruptly because of a cyberattack.

Later in the month, Palm Springs Unified Schools in California, also virtual, reported having to clear a hacking attack. The district addressed it with teacher, student and parent training.

This is the landscape for schools for the 2020-21 year. With networks branching out into households, and hackers well aware of the value of education data, phishing and ransomware attacks are expected to be a common occurrence, experts told Digital Privacy News.

By Felix Okendo

A flaw discovered this spring within Apple Inc.’s “Sign in With Apple” feature by an India-based developer brought him $100,000 through the company’s Security Bounty Program, part of an industry genre known as “bug-bounty programs.”

“Bug-bounty programs are likely becoming an important best practice for a widening swath of industries,” Graham Dufault, senior director for public policy at ACT-The App Association in Washington, told Digital Privacy News.

Such programs offer rewards to researchers for discovering and reporting bugs in software and hardware. In most cases, the flaws are related to vulnerabilities and exploits in the products — and companies pay well for the discoveries.

By Nora Macaluso

Hacking-for-hire is becoming a bigger and more sophisticated tool in corporate espionage — and the market for such services is likely to continue, even as reports of high-profile, targeted attacks come to light, experts told Digital Privacy News.

Hacking-for-hire has become “more than just cracking a database and selling the information,” said Robert Siciliano, chief security architect at Protect Now in Boston. “Hacking today is a service, like hiring a lawyer or an accountant.”

Citizen Lab, a Toronto-based research laboratory focused on the intersection of digital technologies, human rights and global security, recently exposed a massive hacking operation targeting individuals and high-profile institutions worldwide.

By David Gargaro

Saskatchewan has the highest rates of domestic violence per capita of all the 10 Canadian provinces — 1,066 incidents reported to police per 100,000 people in 2018, for instance — and officials recently took steps to curb such actions.

In June, Saskatchewan was the first province to enact the Interpersonal Violence Disclosure Protocol Act, also known as Clare’s Law.

Municipal police can now disclose information about an individual’s history of violent or abusive behavior to help protect potential future victims of domestic abuse.

By David Tobenkin

Data stakeholders in the health care industry continue to express privacy concerns over two new U.S. Department of Health and Human Services (HHS) rules for sharing sensitive, private patient information by providers.

“We remain gravely concerned that patient privacy will still be at risk when health care information is transferred outside the protections of federal patient privacy laws,” said Matt Eyles, president and CEO of America’s Health Insurance Plans (AHIP), after the rules were issued in March.

“Individually identifiable health care information can readily be bought and sold on the open market and combined with other personal health data by unknown and potentially bad actors.