Friday Five: 2/15 Edition
Learn how two decades of data was destroyed, doctors snooped on patient records, and how Netflix's honors GDPR requests - all in this week's Friday Five.
1. Netflix records all of your Bandersnatch choices, GDPR request reveals by Jon Porter
Some fascinating but probably not too surprising news re: GDPR and data storage this week. When Netflix released Bandersnatch, a choose-your-own-adventure style movie in December, it seemed like practically everyone was talking about it. It turns out Netflix knows exactly every little choice viewers made along the way, too. Michael Veale, a researcher at University College of London's Department of Science, Technology, Engineering and Public Policy, tweeted this week that he requested his viewing data, legal under GDPR's right of access rules. Sure enough, every choice he made was in there. The discovery has prompted some to voice concern over whether users should know their choices are being tracked, and whether they should be able to opt out from having data like this tracked in the first place.
2. Cyber Command looks to expand by Lauren C. Williams
With the U.S. government’s continued focus on threats to cyberspace, the U.S. Cyber Command - a division of the United States' Department of Defense, recently elevated to a full and independent unified combatant command – is apparently looking to hire some more workers. FCW reported this week that during a Senate Armed Services Committee hearing on the 2020 budget, Gen. Paul Nakasone, U.S. Cyber Command’s head, said it would likely need to up its workforce. We've outlined on this blog before about how cybersecurity workers are in high demand. Here's hoping the DOD gets the employees it needs.
3. “Catastrophic” hack on email provider destroys almost two decades of data by Dan Goodin
One of the biggest (and most brutal) news stories of the week ICYMI came on Monday when the email provider VFEmail said a hacker had essentially wiped out everything on the service. "We have suffered catastrophic destruction at the hands of a hacker, last seen as [email protected] This person has destroyed all data in the US, both primary and backup systems. We are working to recover what data we can," a notice on VFEmail’s site Monday read. It's unclear exactly who or what the motivation behind the attack may have been. The only thing that's clear is almost two decades of data is gone after hackers took down servers belonging to the service and reformatted hard drives containing "everything."
4. Cyber chief pushes audits as key to election security by Derek B. Johnson
Some more FedSec news for you this week, via a House Homeland Security Committee hearing: Christopher Krebs, head of the Cybersecurity and Infrastructure Security Agency trumpeted the importance of auditing voting machines, an action that isn't entirely mandated nationwide, on Wednesday. “Most election security experts endorse the two measures because they say that if a machine is hacked and vote totals are altered, the hacker would also be able to change the electronic image of the results that are used as a baseline for auditors to compare vote counts,” FCW’s Derek B. Johnson wrote Wednesday.
5. Doctors snooped into Humboldt Broncos patient records, privacy commissioner finds by Colette Derworiz
It's unfortunately a much too common occurrence in the healthcare industry: Employees snooping on patient records. A study carried out last year found that more than half (53%) of 1,138 healthcare data breaches were triggered internally. We also learned this week that the number of breached healthcare records in 2018 tripled. In Canada, Saskatchewan’s privacy commissioner said this week that doctors who didn't have "need-to-know" access still managed to snoop on patient records stemming from last year's Humboldt Broncos bus tragedy. Seven users, mostly doctors, accessed a system to view profiles belonging to 10 patients; the National Post reported this week. These profiles contained sensitive data, lab results, medication information, information on chronic diseases, and so on – all data that in theory could fall under Canada’s federal privacy law, PIPEDA, or the Personal Information Protection and Electronic Documents Act.