In one look.
- GAO calls for dedicated privacy leadership within the executive branch.
- The Dropbox data breach stems from a phishing scam.
- The NLRB’s top lawyer focuses on reducing employee surveillance.
- TikTok policy update confirms Chinese employees’ access to user data.
GAO calls for dedicated privacy leadership within the executive branch.
A recent report from the US Government Accountability Office (GAO) indicates that executive branch departments and agencies need dedicated leadership to focus on privacy issues, reports CSO Online. Among the approximately sixty individual recommendations outlined in the document, GAO is asking Congress to consider legislation that would require these executive branch organizations to appoint a senior official who would be responsible for confidentiality. Many of the twenty-four entities reviewed already have privacy staff in place, but often they lack computer training, and privacy is often just one of many job duties. individual, which makes it difficult for them to give it the attention it deserves. In a podcast released after the report, GAO’s Director of Information Technology and Cybersecurity, Jennifer Franks, said, “Now is the time to ensure that privacy receives sufficient attention at the highest levels of the management of all our branches; and that all of our agencies take privacy fully into account at every stage so that when new technologies are deployed and we collect personal information, we consider all appropriate safeguards.
The Dropbox data breach stems from a phishing scam.
File hosting service Dropbox has revealed that it suffered a data breach in which an intruder gained access to data contained in its internal GitHub code repositories after a company developer was scammed by Phishing. Impersonating a representative of CircleCI, a popular CI/CD platform used internally at Dropbox, the scammer lured the employee to a fraudulent CircleCI login page where the user entered their credentials GitHub, explains the GitGuardian blog. Armed with this information, the bad actor infiltrated the developer’s GitHub account and, in turn, about one hundred and thirty repositories of internal code. Although Dropbox claims that these repositories contained internal tools and were not connected to their core applications, the company confirmed that certain sensitive data, including API keys and other credentials, as well as “a few thousand names and email addresses belonging to Dropbox employees” were exposed. . The full extent of the breach was not disclosed, but Dropbox said in a statement, “We believe the risk to customers is minimal. Because we take our commitment to security, privacy and transparency seriously, we have notified those affected and are sharing more here… We also reviewed our logs and found no evidence of successful abuse. Still, experts say the hacker’s knowledge that Dropbox was using CircleCI demonstrates a high level of sophistication and users should be on the lookout for suspicious activity in their accounts.
The NLRB’s top lawyer focuses on reducing employee surveillance.
On Monday, General Counsel Jennifer Abruzzo of the US National Labor Relations Board (NLRB) issued a memo calling on the organization to crack down on electronic surveillance and automated management practices that violate workers’ rights. Spurred by concerns that employers could use such technology to interfere with labor organizing or other federally protected activities, Abruzzo wrote, “One issue that particularly concerns me is the potential for pervasive surveillance and other algorithmic management tools to interfere with the exercise of Article 7 rights by significantly impairing or nullifying the ability of employees to engage in protected activity and to keep that activity confidential from from their employer, if they wish. As Vice notes, the NLRB has previously stated that workplaces are not permitted to target workers engaged in actions protected by state labor relations law with surveillance technology. However, problems persist even at top companies like Amazon, where warehouse workers say surveillance technology has suppressed their desire to unionize and drivers say in-vehicle tracking devices push them to work at dangerous rhythms. (Amazon says the technology is necessary to maximize employee safety.) Abruzzo is pushing for a framework that would require employers to disclose details about this technology to the NLRB, allowing the board to ensure employee rights do not are not abused.
TikTok policy update confirms Chinese employees’ access to user data.
Amid political and regulatory concerns over Chinese access to user information on TikTok, as well as an ongoing investigation by the Irish Data Protection Commission (DPC), the popular video streaming app has confirmed that European user data can be viewed by employees outside the continent, including in China, reports the Guardian. In an update to its privacy policy to be posted in the UK, European Economic Area and Switzerland in December, TikTok says staff in China as well as Brazil, Canada, the United States United States and Singapore is authorized to access user data to ensure their experience of the platform is “consistent, enjoyable and safe”. TikTok, which is owned by Chinese company ByteDance, added that its security controls consist of system access restrictions, encryption and network security, and noted that it does not collect location information. accurate with European users, reports HackerNews. The DPC told TechCrunch that its investigation into TikTok data transfers will move to the next stage in the coming months and that a draft decision is expected to be sent to other EU DPAs for consideration over the course of the year. first quarter of 2023. Whether TikTok’s privacy policy update is related to the probe is unclear, but experts say the move could be an effort by the company to pre-empt regulatory enforcement on its data transfers by demonstrating that it has already made an effort to increase its transparency with European users.
