Aug 172017
 August 17, 2017  Non-U.S. No Responses »

Natalia Gulyaeva, Maria Sedykh, and Bret Cohen write:

On 31 July, the Russian data protection authority, Roskomnadzor, issued guidance for data operators on the drafting of privacy policies to comply with Russian data protection law. Russia’s 2006 privacy law – Federal Law No. 152-FZ of 27 July 2006 “On Personal Data” (Personal Data Law) – requires, among other things, that Russian data operators must adopt a privacy policy that describes how they process personal data. This notice requirement is similar to the approach in Europe. Furthermore, data operators shall publish such a policy online when personal data is collected online or otherwise provide unrestricted access to the policy when personal data is collected offline. The guidance – although non-binding and recommendatory in nature – emphasizes the regulator’s compliance expectations and should therefore be taken into account by organizations acting as data operators in Russia.

Read more on Chronicle of Data Protection.

Aug 172017
 August 17, 2017  Business, Govt No Responses »

Cecilia Kang reports:

Uber has agreed to two decades of privacy and security audits to settle federal accusations that it did not keep promises to protect customer data.

The Federal Trade Commission announced the settlement with Uber, a ride-sharing company, on Tuesday, ending an investigation that began in 2014 when the company promised to strengthen its privacy and security. The promises were made after a public outcry over reports that Uber employees were peering into the travel logs of customers.

Read more on NY Times.

Aug 172017
 August 17, 2017  Announcements No Responses »

Have been traveling this week and next week, so updates to this site and Databreaches.net will be slim to non-existent, but I will get the sites caught up when I can.

I will not be available via Jabber until after Aug. 26th and email will be spotty, too.

This concept of “vacation” seems so alien by now….


Aug 112017
 August 11, 2017  Breaches, Business, Non-U.S. No Responses »

Salam Al Amir reports:

The developer of an online game called Mariam, which Sharjah and Dubai Police warned against using, denied accusations that his game uses information provided by players as a privacy breach.

On his Twitter account, Salman Al Harbi, a Saudi Arabian national, said that Mariam was just a game. “I developed the game along with a number of Saudi men last July and it is just for fun,” he tweeted. “It does not save answers nor information provided by players.”

The game, which sparked debates in several Gulf countries, is about a little girl who gets lost in a deserted area and asks players to help guide her back home.

Read more on The National (UAE).