Home Editor's News Could eBay face California privacy wrath?

Could eBay face California privacy wrath?

May 22, 2014 | Posted by Dan Raywood

The next challenge for eBay could be the California Online Privacy Protection Act (OPPA).

 

The San Jose headquarted company could face the wrath of the California privacy enforcer over the massive hacking and potential data breach, which has seen 145 million user records potentially breached.

 

The 2003 California act, approved under the governance of Arnold Schwarznegger, details of the duty of Attorney General require that they “work with companies on privacy trends and offers best practice guidance” and that businesses advise “the Attorney General on privacy matters”.

 

Asked if eBay will face sanctions on its time to report, barrister and solicitor Stewart Room, told IT Security Guru that unlike the proposed European Data Protection Directive, for California there isn’t a set time period for the giving of notifications.

 

Room said: “The rule in California is that notice must be given in the most expedient time possible and without unreasonable delay, though there is a five-day rule for medical or health info. Judging from what I’ve read; eBay only discovered the hacks a fortnight ago, so, I think it’s hard to say that Californian law has been breached on this occasion.”

 

Jonathan Armstrong, partner at compliance group Cordery, told IT Security Guru that there will be some time restraints in other countries and some US states and they tend to dictate what happens in a global breach like this. He said: “Companies should not be too UK-centric when it’s a global breach.”

 

Asked what he thought about the time to detect the breach, Armstrong said: “I think we are seeing an increasing focus on the time taken to respond to a breach. Whether that becomes a big problem will depend on a number of factors including what (if anything) eBay were asked to do by law enforcement.

 

“As a general rule people need to be told quickly where there is a risk of harm. However sometimes there’s a need to delay – either to plug a gap before its public or to try and catch bad guys. Most US legislation allows extra time to report when law enforcement are still at the crime scene.

 

“Unfortunately, the draft EU proposals do not have a similar extension which may have the effect of increasing the harm victims suffer and lead to less chance of the bad guys getting caught. It is likely that people will be asking eBay exactly what went on – if they delayed we’re likely to see action from credit card companies and banks, US regulators, aggrieved customers and possibly regulators in Europe too.”

 

Toyin Adelakun, vice president of products for Sestus, said: “Generally, institutional, regulatory and legal responses to identity theft are immature and still under development, so personal responsibility needs to be the fore, for now.”

Recent

Google defends decision not to patch the Jelly Bean WebView vulnerability

According to Google’s head of Android security, Adrian Ludwig, support for the WebView extension used in Android versions 4.3 Jelly Bean is too time consuming and costly. Ludwig explained in a Google+ blog post that “WebKit alone is over 5 million lines of code and hundreds of developers are adding thousands of new commits every (…read more)

January 26, 2015

Lizard Squad hijacks Malaysia Airline DNS

Hackers purporting to be from the “Lizard Squad – Official Cyber Caliphate” group have attacked the official website of Malaysia Airlines, leaving visitors to see a message that read: “ISIS WILL PREVAIL”. The airline’s ticket-booking and other services were also unavailable. Instead, a large picture of a Malaysia Airlines A380 plane and the words “404-Plane (…read more)

January 26, 2015

ICO says Scouts investigation is unlikely

The Information Commissioner’s Office has said that it has no plans to investigate the issue regarding a reportedly unsecure database of personal details of members of the Scouts.   According to The Register, the Scout Association’s database holds the contact details of 450,000 young people and volunteer adults, and a Scout leader contacted The Register to (…read more)

January 23, 2015