The Weekly Privacy Rewind

Author:Mr Aaron R. Lancaster


Global Shipping Company Svitzer Announces First Data Breach Under Australian Data Breach Notification Laws

" Global shipping company Svitzer has the dubious distinction of being the first company to provide notice under Australia's new data breach notification law, notifying the Office of the Australian Information Commissioner (the OAIC) and almost 500 Australian employees of a breach that exposed tax file numbers, superannuation account numbers and the names of next of kin, among other things.

" Under the new law, companies and Australian government agencies are required to disclose a breach if the data includes personal information that is likely to result in serious harm.

" The OAIC said that it "will assess the information in the notification and decide if any further action is required."

Class Actions

Illinois Hospital Worker Files Putative Class Action Under BIPA

Suburban Chicago's Northshore University Health System was sued on Monday in Cook County Circuit Court for violating Illinois' Biometric Information Privacy Act (BIPA) by requiring employees to scan their retinas or hands before accessing certain restricted hospital areas. The complaint alleges that Northshore failed to inform the defendant or the putative class of the purposes for collecting employees' biometric data or for how long such data would be collected, stored or used. The complaint seeks statutory damages of $5,000 for each willful or reckless violation of BIPA or $1,000 for each negligent violation. Data Breaches

Orbitz Announces Data Breach of Approximately 900,000 Payment Cards

Online travel company Orbitz announced on Tuesday a potential data breach that may have exposed payment card data for as many as 880,000 Orbitz customers. The breach likely took place between Oct. 1 and Dec. 22, 2017, and was discovered by Orbitz on March 1, 2018, while it was investigating an older platform. According to Orbitz, which was acquired by Expedia in February 2015, although the information was unsecured, there was no direct evidence that the information actually was exfiltrated from its platform. Orbitz also announced that it did not find "any evidence of unauthorized access to other types of personal information, including passport and travel itinerary information. For U.S. customers, Social Security numbers were not involved in this incident, as they are not collected nor held on the platform." Data on 1.3M Consumers of Walmart Jewelry Partner...

To continue reading