Uber hides US driver data breach
It has been revealed that Uber, the app-based taxi service, hid a security breach that may have affected approximately 50,000 of its US drivers for several months. In a blog on Uber's website, the company said that the breach occurred on 13 May 2014, and was not discovered until 17 September; however, drivers have only recently been notified. Uber said that there have been no reports so far of the information being used for fraudulent purposes.
Obama releases Draft Consumer Privacy Bill of Rights Act
Last Friday, the White House released its draft Consumer Privacy Bill of Rights Act, following President Obama's announcement that cyber security would be a priority of the administration. The Act broadly tracks the language of a 2012 draft and covers any "person that collects, creates, processes, retains, uses, or discloses personal data". The proposal has been criticised for giving people too little control over their data and companies too much power to use consumers' information.
US establishes new agency to collect cyber security intelligence
Last week, President Obama instructed the Director of National Intelligence to establish the Cyber Threat Intelligence Integration Center (CTIIC). The CTIIC combines intelligence from various sources, including the FBI, CIA and NSA to provide "a cross-agency view of foreign cyber threats, their severity, and potential attribution".
European Data Protection Supervisor announces its 4 year strategy
The European Data Protection Supervisor (EDPS), an independent supervisory authority devoted to protecting personal data and privacy in EU institutions, released its 2015-2019 strategy this week. The EDPS outlined three main strategic objectives: (i) the digitalisation of data protection; (ii) forging global partnerships; and (iii) adopting and implementing new data protection rules. Special attention will be given to the challenges of cloud computing, big data analytics, the internet of things and techniques for electronic mass surveillance.