|
Cyber Daily: Canada's Privacy Overhaul Takes Cue From Europe
|
|
|
|
|
|
Hello. Canada's proposed Consumer Privacy Protection Act is intended to update an existing law that has governed the country's private sector since 2001. The act calls for hefty fines for violators, though similarities with European privacy regulations mean companies that do business in Europe may be able to tweak existing compliance programs to meet the new rules, WSJ Pro's David Uberti reports.
Other news: Tesla Model X cars vulnerable to key-fob attack; Australian spy agencies inadvertently gather Covid-19 app data; United Nations warns about potential abuses of pandemic surveillance tech; and ZTE remains a national-security threat, the U.S. says.
Readers, please note: We are taking a break for Thanksgiving and will be back in your inbox on Monday, Nov. 30.
|
|
|
|
Join us virtually for the WSJ Pro Cybersecurity Executive Forum on Wednesday, Dec. 2. The Covid-19 crisis created a huge shift in business operations and the practice of cybersecurity. We will explore how companies have adapted and incorporated the latest thinking on staying secure. Check out the agenda and register here.
|
|
|
|
|
Navdeep Bains, Canada's Minister of Innovation, Science, and Industry, has introduced far-reaching privacy legislation that allows for hefty fines for violators. PHOTO: DAVID KAWAI/BLOOMBERG NEWS
|
|
|
Canada’s proposed privacy overhaul leans toward European-style rules. Companies that misuse Canadians’ personal data could face fines reaching tens of millions of dollars under an overhaul of the nation’s privacy law proposed last week. But privacy experts and industry groups say the blueprint could also come with a silver lining for international businesses.
The similarities between the Canadian government’s legislation and the European Union’s General Data Protection Regulation mean companies that already do business in Europe may be able to tweak existing compliance programs if and when the new legislation becomes law, they say.
Minister of Innovation, Science, and Industry Navdeep Bains’s proposal would generally require companies to obtain consent to collect user data and allow consumers to request their information be corrected, disposed of or transferred to a different firm.
Fines for violations, such as collecting or disclosing data for inappropriate purposes, could in some instances reach 25 million Canadian dollars ($19 million), or 5% of global revenues, whichever is higher. EU penalties, by comparison, similarly can reach the higher of two sums: €20 million ($24 million) or 4% of a company’s international revenue.
Read the full story.
|
|
|
|
|
75%
|
Percentage of consumers who aren't fully confident in online retailers' ability to keep transactions secure, according to a survey of 2,000 individuals in France, Germany, the U.K. and the U.S. by cybersecurity firm CyberArk Software Ltd.
|
|
|
|
|
|
A Tesla Model X on display at a trade show in Beijing on Sept. 5. PHOTO: WU HONG/SHUTTERSTOCK
|
|
|
Guard your Tesla Model X. Hackers can rewrite code that controls fobs for keyless entry to Tesla’s Model X vehicles, allowing them to steal the cars, ZDNet reports. A doctoral student in Belgium discovered the weakness in the company’s software update process, which is accessible through Bluetooth. The student said he reported the problem to Tesla in August. Tesla said it is issuing a fix this week to Model X owners. Here’s a video of how the hack is done.
Australian intelligence groups collected Covid-19 app data. Information about individuals using Covid-19 tracking apps in Australia was collected inadvertently as part of wider surveillance efforts by the country’s spy agencies, TechCrunch reports, citing a report from Australia’s Inspector General for Intelligence and Security. The agencies didn’t intend to collect the data, the watchdog found. “Incidental collection in the course of the lawful collection of other data has occurred,” the report said, adding that there is no evidence
that any of the agencies decrypted, accessed or used the Covid-19 data.
U.N. warning: Separately, the United Nations with several other global groups this week released a statement warning that surveillance methods deployed to help fight the pandemic could, if abused, violate “fundamental human rights and freedoms.” The groups specified several privacy principles, including that data collection should be limited in scope and time and that “time-bound retention and proper destruction” of information should occur.
|
|
China's ZTE remains a national-security threat, FTC says. The Federal Trade Commission rejected a petition from the telecom giant asking the U.S. agency to remove it from a list of such threats, Reuters reports.
|
|
|
|
|
|