Worldwide: Global Data & Privacy Update - 18 June 2015

French Court: right to be forgotten extends to international search results

France's privacy watchdog said last week that the "right to be forgotten" extends beyond EU versions of the Google search engine to cover sensitive or embarrassing results internationally. The Commission nationale de l'informatique et des libertés (CNIL) said the move was needed to ensure the effectiveness of last year's European Court ruling giving individuals the right to request the delisting of personal information. Google has two weeks to comply, or it could face sanctions or the prospect of being taken to court by the French regulator.

EU ministers take step towards "one-stop shop" data protection regulation

This week ministers from all 28 members states of the EU agreed a general approach to work towards a single set of reformed data protection rules for European businesses and citizens. Among the measures agreed in principle is "one-stop shop" supervision, under which complaints can be taken to one data protection commissioner in the home state of the business or citizen. The next stage in the progress of the Regulation will see negotiations between the Council of Europe and the European Parliament. It is estimated the Regulations could take effect in 2018.

Skype sued by Belgian court over failure to share data

Skype, the voice over internet protocol company, is being taken to court in Belgium for failing to hand over customer data in a criminal investigation, it emerged this week. The company argues it is not bound by Belgium's Telecommunications Law, because it does not meet the definition of a telecoms company. If the court disagrees, Skype could be fined and forced to hand over the requested records of calls.

Password manager app compromised by hackers

A popular program which remembers users' online passwords has been hacked, it emerged this week. LastPass admitted hackers had breached its systems by cracking some of the master-passwords used to secure access to customers' accounts. Log-in codes for other sites are encrypted and decrypted on the customers' devices, meaning LastPass itself does not hold the details, but the company fears that customers who used their master password on other sites could be at risk of further breaches. LassPass is urging their customers to change passwords that are weak.

True scale of OPM breach revealed

There were reports last week that up to 10 million former US government employees and contractors may have had deeply personal details stolen in the hack on the Office of Personnel Management (OPM). Previous reports put the scale of the breach at 4 million current employees. Anonymous government officials told the Guardian newspaper hackers had gained access to forms which recorded details of employees' mental health, drug abuse, past convictions and next of kin, potentially putting intelligence officers at risk of coercion.

Major League Baseball team investigated over breach of rival's database

A Major League Baseball team is being investigated by FBI and state prosecutors for allegedly hacking one of its competitors, according to reports this week in the New York Times. The St Louis Cardinals say they are cooperating with officials who are looking into the claims that high-ranking staff gained access to information on swaps and scouting reports belonging to the Houston Astros. Law enforcement agencies have neither confirmed nor denied reports of the hack, which would be the first case of corporate espionage involving sports teams.

Canadian Parliament under cyber attack

There were reports this week that a large-scale cyber attack targeting employees of Canada's lower house of parliament is under way. It is feared a large volume of personal data has already been stolen in the attack, which was discovered last week. Employees have been warned not to open suspicious-looking emails.