Monthly Archives: May 2020

Data Protection and Fingerprints

Under the EU General Data Protection Regulation (GDPR), biometric data is considered special category data, which requires more stringent conditions for processing.  Fingerprints are an example of biometric data, and employers need to consider carefully how and where they use such data.

When processing any personal data, an organisation needs to have legal grounds for doing so.  And, in the case of special category data such as fingerprints, an additional Article 9 Condition must be applied.

A company in Holland, who used fingerprints inappropriately to monitor their employee’s attendance and time registration, was recently fined E750,000.

The company had obtained Consent from its employees, but under the GDPR Consent must be freely given, which means that the individuals must be allowed to refuse to give Consent.  Because there is a significant imbalance in power between an employer and an employee, it can be difficult for employers to demonstrate that employees have been given an genuine opportunity to refuse Consent.

In this case, some employees had felt obliged to give Consent, so the Dutch DPA found that the company did not have valid legal grounds to process the data for this purpose. 

Though there may be an appeal, this illustrates the seriousness of processing special category data in a way that is not considered unnecessary or disproportionate.

If you have any questions about biometric data or data protection in general, please contact us via email team@datacompliant.co.uk or call 01787 277742.

Victoria Tuffill, 25th May, 2020

 

Cybercriminals are increasingly impersonating WHO and the UN

Research by British security software and hardware company Sophos found that coronavirus email scams tripled in the last week of March, and we can expect the volume to be increasing. Over 3% of global spam is related to coronavirus, with many of these fraudulent emails impersonating the World Health Organisation or even the United Nations.

Chester Wisniewski, Principal Research Scientist at Sophos, said:

“Cybercriminals are wasting no time in shifting their dirty, tried-and-true attack campaigns towards advantageous lures that prey on mounting virus fears. Criminals often dip a toe in the water when there is a new or sensational topic in the news.”

He detailed a case in which his company tracked an email pretending to come from a WHO address, purportedly giving health advice in an attachment. But after inspection, the text matched a previous spam campaign from “a familiar criminal.”

While most of these spam operations are used to get information from people, there are even more aggressive cybercriminals out there.

Threatening extortion campaigns are also being pursued. In these, messages over social media or email threaten to give the victim or the victim’s family coronavirus unless they pay up. With the amount of information online, and the procedures used to construct holistic user profiles based on miscellaneous knowledge, attackers can make it seem like they know everything about a victim just by giving a few details. This makes the attacker seem like they have the capacity to execute their threats, and inevitably, people end up being exploited.

Other more sophisticated scammers use HMRC or departmental logos and graphics to get information from consumers, offering spurious sums of money under the guise of lockdown or furlough relief. In the United States, there has been evidence of insurance scams, such as fake COVID-19 health insurance offered at competitive rates.

Scammers and con-artists are sensitive to the news cycle, trends and the current political or economic climate. They will often seem persuasive because what they claim will seem salient, despite the content having most likely been tweaked from a previous scam based on a different news item or trending phenomenon.

Do not let criminals make you take rash decisions over fear of current market turmoil.

If you have any questions about data protection, please contact us via email team@datacompliant.co.uk or call 01787 277742.

Harry Smithson, 10th April 2020