1. Sweden targets biometric data in first GDPR fining decision by Sam Clark

Slowly, one by one, countries have begun penalizing companies for violations of the General Data Protection Regulation. GDPR went into effect more than a year ago, in May 2018, but some nations have been slower than others when it comes to imposing fines. This week Sweden became the latest county after levying a €19,000 fine on a school system in Skellefteå, a small town about 479 miles north of Stockholm, after it put a facial recognition camera in a classroom. While the camera was designed to track student attendance, it collected personal data without providing a valid reason to do so. The school also failed to prepare a data protection impact assessment, something that’s required under GDPR if a project is likely to involve "high risk" data. Sweden's action follows in the footsteps of the Netherlands, which just a month ago issued its first GDPR fine, against a hospital that failed to secure its medical log files.

2. Six Ways CIOs Can Be Smart Community Leaders by Paul Brandenburg

Some helpful advice here on how CIOs can be smart community leaders via Paul Brandenburg in Government Technology. The column frames the tips as beneficial to smart communities, or collections of systems, devices, sensors, and data that are interconnected. Some of the tips? Focus on community, never omit security - especially when it comes to IoT and smart communities, and modernize your infrastructure, including processes and routine IT operations. If CIOs follow these rules, it can result in the establishment of a smart community initiative.

Read more

3. Ransomware Attacks Are Testing Resolve of Cities Across America by Manny Fernandez, David E. Sanger and Marina Trahan Martinez

In many ways these articles are a dime a dozen, popping up every couple of months whenever there’s a big ransomware attack; still, it doesn’t make them any less interesting to read. The New York Times has an interesting profile of the latest such attack – in reality a series of 22 attacks – to hit local city halls and public libraries in towns in Texas over the last several weeks. According to the mayor of one of the towns hit, the attackers are asking for $2.5 million to unlock the encrypted files. The Times gets quotes from Chris Krebs, the Director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, experts with FireEye, and victims of other ransomware attacks, like one that hit Allentown, Pennsylvania last year. This particular attack was caused after what the Times calls "a once-trusted communications channel often used by law enforcement agencies" was compromised and used to deploy ransomware.

Read more

4. Google, Intel and Microsoft form data protection consortium by Jon Fingas

Some encouraging news via Microsoft, Google and Intel, which along with a handful of other firms, announced this week plans to form a data protection consortium.  The group, which also counts Alibaba, ARM, Baidu, Google Cloud, IBM, Red Hat, Swisscom and Tencent, among its members, is designed to define and accelerate open source technology that delivers private data access. The group, dubbed the CCC or Confidential Computing Consortium, will be hosted by the Linux Foundation.

Read more

5. Justice Department indicts 80 individuals in a massive business email scam bust by Zack Whittaker

Perhaps the biggest news of the week came Thursday morning in the shape of a massive 145-page indictment via the Justice Department alleging that 80 individuals, many Nigerian nationals, were involved in a business email scam and money laundering scam. The individuals in question carried out several hundred attacks according to the DOJ, in some instances hacking into email accounts in order to further trick victims into wiring money from their bank account. Commonly known as a BEC or business email compromise, this particular campaign net the attackers more than $40 million. The numbers around BEC scams never fail to raise eyebrows; according to this year’s FBI Internet Crime Report, BEC complaints to the agency in 2018 totaled losses of over $1.2 billion. Those numbers complement findings from the U.S. Treasury this summer which said BEC scams cost companies more than $300 million a month.