H&M fined $41M for tracking workers’ personal lives using company database

The Data Protection Authority of Hamburg has fined retailer H&M more than €35 million for allegedly tracking hundreds of employees’ personal lives on a company database.

Meticulous notes were kept on workers’ vacations, illnesses, religious beliefs and family problems starting in at least 2014. These were then used to evaluate work performance and make decisions on their employment.

The tracking only came to light when, in 2019, a data breach caused by a configuration error revealed how much data H&M was collecting about the private lives of its employees. 

School payments service Wisepay hit by cyber-attack

Parents who have in recent days made payments using this service have been warned their card details may have been stolen. Wisepay confirmed a hack on its website allowed hackers to harvest card details between 2nd and 5th October via a fake website. The hack affected payments to approximately 300 schools.

ICO fines company £40,000 for sending up to 9,000 spam emails

Studios MG Ltd sent the email at the height of the pandemic in an attempt to sell facemasks. The ICO’s investigation found that the company was not in the business of selling PPE but the director of the company had decided to buy sell masks to try and sell on at a profit.

Chastity Belt security flaw

Security firm Pen Test Partners found a security flaw in a male chastity belt made by a Chinese manufacturer. The flaw allows hackers to lock the device without any manual release. The Chinese firm was slow to react to the revelation but have since revealed users can open the device using a screwdriver.

Parliamentary enquiry concludes there is “clear evidence of collusion” between Huawei and the Chinese Communist Party

The House of Commons defence committee based its findings on the testimony of academics, cyber security experts and telecom industry insiders. The Chinese giant responded by stating “this lacks credibility as it is built on opinion rather than fact”.

Troubled former tech giant John McAfee arrested in Spain

The former anti-virus and bitcoin entrepreneur now faces extradition to the US where he has been charged with tax evasion. If convicted he could face up to 30 years in prison.

Statement on the outcome of the ICO’s compulsory audit of the Department for Education

The Information Commissioner’s Office (ICO) has published the outcome of a compulsory audit of the Department for Education (DfE) carried out in February 2020.

The audit found that data protection was not being prioritised and this had severely impacted the DfE’s ability to comply with the UK’s data protection laws. A total of 139 recommendations for improvement were found, with over 60% classified as urgent or high priority.

The ICO’s primary responsibility is to ensure compliance with the law and its policy is to work alongside organisations committed to making the necessary changes to improve data protection practice.

Throughout the audit process the DfE engaged with the ICO and showed a willingness to learn from and address the issues identified. The Department accepted all the audit recommendations and is making the necessary changes.

The ICO continues to monitor the DfE, reviewing improvements against pre agreed timescales. Enforcement action will follow if progress falls behind the schedule.

The ICO carried out the compulsory audit following complaints received in 2019 regarding the National Pupil Database.