Cyber SecurityWhat Is Tax-Related Identity Theft?

Fraudulent tax refunds issued as a result of identity theft occur when an individual steals a victim’s personally identifiable information (PII), such as a Social Security number (SSN), and files a tax return claiming to be the victim. More than 89,000 Americans filed complaints with the Federal Trade Commission (FTC) reporting tax fraud linked to identity theft in 2020. Similarly, businesses may also fall victim to tax fraud, where an individual steals a business’s employer identification number (EIN) to file fraudulent returns. In both scenarios, the victims usually discover they have fallen victim to such fraud when their tax returns are rejected, or when the business receives notice about Forms W-2 they didn’t file with the Social Security Administration or notices for balances due to the Internal Revenue Service (IRS) that are not owed. Most frequently, neither businesses nor individuals will have any reliable information as to how their information has been exposed. The IRS has noted such tax fraud tends to increase during tax season and time of crisis, and cybercriminals have undeniably taken advantage of the COVID-19 pandemic to unleash an unprecedented number of tax fraud schemes to steal information from taxpayers.
Continue Reading Best Practices to Avoid Tax-Related Identity Theft

In news that is likely to concern individuals and privacy activists alike, it has been reported that the NHS booking system for COVID-19 vaccinations has led to complaints that it could be used to reveal the vaccination status of individuals through the use of simple personal information.

The website allows users to book appointments for COVID-19 vaccinations, either by means of their NHS number, or by entering certain basic personal data, (including names, dates of birth and postcodes).  The website then provides a variety of responses based on the user’s vaccination status, with different responses being provided based on whether the individual has received no vaccinations, one vaccination, or both.
Continue Reading COVID-19 Vaccination Booking Site May Reveal Vaccination Status

The debate surrounding vaccine passports to assist with the easing of lockdown restrictions and controlling the spread of COVID-19 continues to raise a number of concerns in the UK.

Although the use of such passports is apparently under consideration, such proposals raise a number of different ethical, scientific and legal issues. A recent Royal Society report sounded a note of caution, suggesting that 12 tests should be met by any such proposal. Among other things, vaccine passports would need to meet various ethical and legal standards, including in respect of data protection.
Continue Reading Possible Use of COVID Vaccine Passports Raises Data Protection Concerns

Cyber SecurityAs we stand at the beginning of 2021 and a new presidential administration, we look back on the year behind us. Hindsight is always 2020, and 2020 may be best viewed in hindsight.  We saw rapid changes in the privacy space, prompted in part by the global COVID-19 response. Infrastructure and services across multiple sectors continue to rely on data and digital platforms to function. Five prominent developments shaped the data privacy environment in 2020.
Continue Reading Privacy Year in Review: 2020’s Hottest Topics

CAOn August 13, two California contact tracing bills, AB-660 and AB-1782, were approved by the California Senate Judiciary Committee.  These bills would affect how public agencies can collect, store and disclose personal information that is used to facilitate COVID-19 contact tracing.

  • If enacted, AB-660 would prohibit any use or disclosure of data collected for purposes of contact tracing other than further contact tracing efforts.
  • If enacted, AB-1782 would require businesses using or providing contact tracing technologies to provide individuals with the right to consent, access, correct, and delete personal information about them, and to carry out other measures regarding use, security. and maintenance of the data.

Continue Reading California Contact Tracing Bills Approved by State Judiciary Committee

Digital LockThe SEC’s Office of Compliance Inspections and Examinations (OCIE) released a Risk Alert related to Ransomware on July 10, 2020. In the publication, Cybersecurity: Ransomware Alert, OCIE alerts companies to the increase in sophisticated campaigns orchestrated to invade financial institution networks in order to obtain confidential information and plant ransomware. The attacks generally involve perpetrators using “phishing and other campaigns designed to penetrate financial institution networks … to access internal resources and deploy ransomware.” Once the ransomware is deployed, institutions typically lose control of the ability to use and maintain the integrity of their systems and data until they pay a ransom to the attackers.
Continue Reading OCIE’s Guidance on Ransomware Attacks

Article29Latin American privacy laws may pose special challenges for businesses considering when and how to reopen their facilities during the coronavirus pandemic.  As elsewhere, many companies operating in Latin America may decide to screen employees for their COVID-19 risk-levels before allowing them to enter a shared workspace.  Already in place in many European and Asian countries, screening options primarily involve contact tracing or temperature checks. As they focus on health and safety, however, companies should also bear in mind a potentially competing interest: protecting employees’ privacy.
Continue Reading Returning to the Office – Data Privacy Concerns for Companies in Latin America

UPDATE July 17, 2020: Representatives of the U.S., British and Canadian governments reported yesterday that Russian hackers affiliated with known hacking group APT29 (or “Cozy Bear”) are targeting attacks on health care organizations researching COVID-19 vaccines. Cozy Bear, previously involved in the 2016 hacking of the Democratic National Committee, has reportedly been using spear-phishing and malware in an effort to steal the research. This announcement comes on the heels of a spate of attacks against research universities and health care organizations in recent months, described below.”

While the pandemic has brought economic downturn to many industries, a recent uptick in data security breaches suggests business is booming for cybercriminals. Universities and health care institutions dealing with the coronavirus have been particularly targeted by hackers attempting to exploit the current climate of confusion, urgency, and stress. In this post, we discuss the attacks and provide steps organizations can take to prevent and respond to breaches.
Continue Reading Universities and Hospitals Facing Increased Cyber Attacks

Cyber SecurityIn addition to the adoption by the European Data Protection Board (“EDPB”) of Guidelines on the use of location data and contact tracing tools in the context of the COVID-19 outbreak, various other European guidance regarding the use of data and technology in connection with COVID-19 has also been published.
Continue Reading COVID-19 Contact Tracing Apps Essential Requirements and Best Practices

On April 21, the European Data Protection Board (“EDPB”) released guidelines on the processing of data concerning health for the purpose of scientific research in the context of the COVID-19 outbreak (“Guidelines”).

The Guidelines note that the GDPR includes various provisions which permit health data to be collected and processed for scientific research purposes connected with COVID-19 and also envisages specific derogations to the prohibition on processing certain special categories of personal data, such as health data, where necessary for scientific research purposes.
Continue Reading European Guidelines Adopted on Health Data Processed in the Context of the Covid-19 Outbreak