The DPOInsider covers the latest news and developments in data compliance and privacy. The DPO's favourite weekly read ☕️
The first look at the Cyber Resilience Act
The European Commission has recently published its proposal on the CRA or the Cyber Resilience Act.
Its aim is to prove more secure hardware and software products across its member states.
It exists due to the increased number of cyber-attacks along with the increased impact of these.
But what does it mean exactly?
Well a product is defined as:
any software or hardware product and its remote data processing solutions, including software or hardware components to be placed on the market separately
It has two main objectives:
1. Creating conditions for the development of secure products by reducing vulnerabilities for the whole of a product's life cycle; and
2. Providing cybersecurity information to individuals when selecting and using products with digital elements.
It’s definitely worth a read if your company produces (or is looking to produce) a product that fits this description.
Is real estate the next data breach time bomb?
After the Optus data breach, more consumers are aware of what can happen when companies don’t take data privacy seriously.
Of course, telcos are a huge target for data breaches, but could real estate be next in line for a similar attack?
This article seems to think so. Real-estate companies ask for a lot of information from renters and prospective buyers. Sometimes this is extensive, with years worth of sensitive data used to verify identity and affordability.
For these reasons, a data breach could be devastating. As the piece states:
Many small real estate agents aren’t covered by the Privacy Act, and those that appear to be seriously massaging the law around data collection and handling that is “reasonably necessary”.
Each state also has its own tenancy law, which may place some limitations on what agents are allowed to collect. For example, in Victoria, real estate agents are not allowed to require any information that relates to a protected attribute without telling you why in writing. This includes age, gender, race, disability, sexual orientation, profession, religious belief and marital or parental status. They’re also not allowed to ask for bank statements that contain daily transactions.
This isn’t just an Australian issue. In the UK the rental market has been heating up for a while. Renters have little choice in such a competitive market to withhold their details from companies.
It seems that the Optus breach will have a wide-reaching impact on data privacy in Australia. DPOs focused on this region would be well advised to read up on prospective changes and discussions in the aftermath of the breach.
Other data privacy news
Shein owner Zoetop fined $1.9m over data breach response
Former Uber security chief found guilty of concealing data breach
Data ethics: What it means and what it takes
UK Home Secretary Resigns after sharing an email from a personal account
Post of the week
