Data Privacy

Shape Security Launches Tool that Blunts Impact of Leaked Passwords

Shape Security Launches Tool that Blunts Impact of Leaked Passwords

Shape Security, a company composed of ex-Google employees and Department of Defense officials, recently launched a product that can mitigate the effects of stolen passwords from massive breaches. The tool called Blackfish works by identifying “credential stuffing” activities where where hackers use scripts to try the leaked passwords by bulk. Once Blackfish detects such activity, it will mark the passwords as compromised. In addition to Blackfish, the company is also creating a customer network to create a collective defense system against such activity. Source: TechCrunch

Data Privacy Principles and Rights

The Data Privacy Act of 2012 (hereinafter, DPA or Act) is the Philippines’ first data privacy law. This  landmark legislation is instrumental in obtaining the needed investments for the Philippine’s booming information technology-business process outsourcing (IT-BPO) industry.1 The industry involves the heavy processing of confidential and personal information.2 With the DPA, information collected is safeguarded from security incidents.3 In order to protect data privacy, an entity covered by the Act must, among other things, observe the data privacy principles4 and uphold the rights of the data subject5. I. Data Privacy Principles There are four general principles with respect to the […]

Hacker Holds Student Info of Canadian University for Ransom

Hacker Holds Student Info of Canadian University for Ransom

A Canadian university was recently attacked by a hacker who stole confidential student information and held it for ransom. The hacker demanded $23,000 from the management of the University of Fraser Valley and threatened to release the info if the ransom was not paid within 48 hours. The hacker apparently broke into the university’s network and obtained information which included names, email addresses, phone numbers, physical addresses, grades information, and partial financial details. The University admitted to the breach last Monday and took its email system offline until November 6 to prevent the circulation of emails containing the sensitive data. […]

Singapore’s Personal Data Protection Commission Launches DPMP and DPIA Guides

Singapore’s Personal Data Protection Commission Launches DPMP and DPIA Guides

Last Wednesday, Singapore’s Personal Data Protection Commission published two guides which intends to help organizations improve policies and practices in relation to personal data management. The Guide to Developing a Protection Management Programme (DPMP) details a systematic framework which organizations can use to set up a personal data protection infrastructure, while the Guide to Data Protection Impact Assessments (DPIAs) provides key principles and illustrations for use in assessments where data protection risks are identified and addressed. Source: PDPC

Data from Malaysian Breach May Have Been Available for Some Time

Data from Malaysian Breach May Have Been Available for Some Time

According to the founder of Lowyat.net, the personal data of million of Malaysians involved in the recently revealed data breach may have already been available online for some time. Vijandren Ramadass said that a user previously tried to sell him the the leaked data which contains the mobile phone numbers, identification card numbers, home addresses, and SIM card data of 46.2 Malaysians, and possibly tourists. Upon further investigation, he found that the data was already downloadable for free on the dark web, which led him to believe that the data had been there for a while. Ramadass told Reuters that […]

Yubico Launches World’s Smallest Hardware Security Module

Yubico Launches World’s Smallest Hardware Security Module

Earlier this week, hardware company Yubico launched the world’s smallest and cheapest Hardware Security Module (HSM) called the YubiHSM 2. The module, which is used by servers and IoT gateways for managing authentication and encryption, is a lot smaller than other HSMs currently on the market. It comes as an ultra-slim “nano” USB key the size of a thumbnail which addresses the problem of bulky hardware. It also equipped with features including Secure Microsoft’s Active Directory Certificate Services. It also provides enhanced protection for cryptographic keys, supports Windows, Linux, and Mac OS, and enables 16 concurrent connections.   Source: ZDNet

Compliance Requisites under the Data Privacy Act for Foreign Entities

I. Extra-territorial Application of the DPA The Data Privacy Act (hereinafter, DPA or Act) and its Implementing Rules (hereinafter, IRR) apply to both natural and juridical persons who are involved in the collection, recording, organization, storage, updating, consultation, erasure, or destruction of personal information. The DPA is applicable even if the processing is conducted abroad, so long as it relates to personal information of Philippine citizens or residents. For instance, dating websites which handle personal information of Filipino citizens or residents are therefore covered by the Act. Match.com, which is established in Texas and operated beyond the Philippines’ territorial jurisdiction, […]

Chrome May Deprecate Support for HTTP Public Key Pinning

Chrome May Deprecate Support for HTTP Public Key Pinning

Earlier this week, Google announced that support for HTTP public key pinning (HPKP) in Chrome may be deprecated. The IETF standard which was written by Google’s own engineers for the improvement of web security, but now considers it to be harmful. With HPKP, websites can instruct browsers to remember the public keys of a specific web server in a given duration, and researchers say that this can pose a security issue if an attacker were to install malicious pins or headers. Instead of HPKP, the Chrome team is now endorsing the use of Certificate Transparency and the Expect-CT header.    […]

Kaspersky Says Dating Apps Vulnerable to Hacking and Privacy Violations

Kaspersky Says Dating Apps Vulnerable to Hacking and Privacy Violations

Earlier this week, cybersecurity company Kaspersky said that a lot of dating apps may not be handling private user data as securely as one would expect. In a study that included nine popular mobile online dating apps –  Tinder, Bumble, OkCupid, Badoo, Mamba, Zoosk, Happn, WeChat, and Paktor, Kaspersky found that 4 apps may potentially reveal the real name of a user who uses an online nickname. The said websites and their developers were already informed of the privacy issue. Some acted on the information and made the necessary changes. However, not all promised to to fix all the vulnerabilities. […]

FCC Won’t be Voting on Net Neutrality, Chair Confirms

FCC Won’t be Voting on Net Neutrality, Chair Confirms

FCC Chairman Ajit Pai recently confirmed in a blog post that voting on the “Restoring Internet Freedom” proposal this November is not included in the agency’s docket. TechCrunch revealed however, a number of other things that the FCC will be voting on next month which includes the modernization of media ownership rules. The rule involves the elimination of rules that limit the cross-ownership of broadcast outlets and TV/radio stations, as well as striking the “eight voices” rule protecting independently owned stations. TechCrunch noted that even though many of the items on the FCC’s list were considerably “routine” and easy to […]

Read more about the Data Privacy practice at Disini & Disini Law Office