Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Data Privacy Concerns. Show all posts

Open AI Moves to Minimize Regulatory Risk on Data Privacy in EU

 

While the majority of the world was celebrating the arrival of 2024, it was back to work for ChatGPT's parent company, OpenAI. 

After being investigated for violating people's privacy, the firm is believed to be rushing against the clock to do everything in its capacity to limit the regulatory risk in the EU. This is the primary reason why the company has returned to work on amending its terms and conditions. 

With a line of investigations in place to combat data protection issues concerning how chatbots process user data and how they produce data in general, including those coming from top watchdogs in the region, ChatGPT's powerful AI offering was accused of negatively impacting users' privacy. 

Things even got bad enough for Italy to temporarily halt the AI tool after determining that the company needed to modify some data and the degree of control granted to users generally. 

Now, OpenAI is sending out emails detailing how it has modified its ChatGPT service in the regions where the most concerns have arisen. They have made clear which entity, as stated in their privacy policy, is in charge of processing and regulating personal data.

The latest terms established the firm's Dublin subsidiary as the primary regulator for user data across the EEA region, including Switzerland. 

The company claimed that this would be effective as early as next month. If there is any disagreement on the matter, users are advised to delete their OpenAI accounts immediately. More discussion was conducted about how the GDPR's OSS would be implemented for firms processing EU data in order to better coordinate privacy oversights through a single supervisory body operating in the EU. 

The likelihood that privacy watchdogs operating in other parts of the world will take action on these issues is made less likely by such a status. They would have to go the path previously. The supervisor of the main firm can now receive complaints from them and address any issues. 

If an immediate risk arises, GDPR regulators would maintain the authority to intervene through local means. This year, we saw the company establish an office in Ireland's capital and hire numerous professionals for senior legal and privacy positions. However, the majority of the company's open roles are still in the United States. 

However, due to Brexit, the company's users in the United Kingdom are excluded from the entire legal basis on which OpenAI's transfer to Ireland operates. Since its inception, the EU's GDPR has failed to function and apply to those in the United Kingdom. 

A lot is going on here, and it will be interesting to see how the change in OpenAI's terms affects the regulatory risk at its peak in the EU.

Here's Why You Need To Protect Private Data Like It’s Currency

 

Data is the currency of the information age. We'd all be a lot better off if we treated data as though it were money because we'd be considerably more cautious about who we let access to it and with whom we share it. Brick-and-mortar banks physically safeguard our money with security measures like alarm systems, bank guards, and steel-walled vaults, so we feel comfortable entrusting them with our hard-earned money. 

But far too frequently, we trust third parties to hold our personal information without the data equivalent of alarms, guards, and vaults. The businesses that we trust with our private data appear to be concealing it under their digital mattresses and hoping that no one breaks in while they are away. 

No data currency is more private or valuable to us than our healthcare information, making it the most significant privacy risk in the United States today. The government incentivizes and penalises healthcare providers who do not use electronic medical records. The authorised electronic sharing of patient information between doctors enables for faster and more accurate patient treatment, ultimately saving lives and money. 

However, if the data cannot be safeguarded, the apparent benefits do not exceed the risks involved.Policymakers felt they could regulate privacy, forcing the American healthcare system to digitise private information before it could secure security. 

As a result, simply the possibility of a breach can deter people from getting the necessary medical attention. One in every eight patients, for example, compromises their health in order to safeguard their personal privacy by postponing early diagnosis and treatment and concealing other crucial information. The fear of losing control of their privacy prevents millions of people from seeking medical assistance, particularly those suffering from stigmatising diseases such as cancer, HIV/AIDS, other sexually transmitted diseases, and depression. 

Electronic medical records are supposed to benefit our health, but they are instead contributing to a loss of trust in the medical profession and ultimately a more unhealthy society. 

 Mitigation tips

To address these dangers, numerous approaches for protecting data from unauthorised access and manipulation have been developed. In this article, we will go through the top three data security methods. 

Encryption: It is a critical component of personal data security. It entails turning sensitive information into a coded format, rendering it unintelligible to anyone who lacks the necessary decryption key. Only the authorised user with the decryption key can decode and access the information. 

This technology is commonly used to encrypt sensitive data during internet transmission as well as data saved on devices such as laptops and mobile phones. Furthermore, encryption technologies like AES and RSA are employed to scramble the data, making it nearly hard for unauthorised people to access it. 

Backup and recovery: Data backup is an important part of data security since it ensures that data is saved in the case of data loss or corruption. Companies can quickly recover their data in case of a disaster by making copies of their data and storing them in a secure location. 

Many businesses choose cloud-based storage services like TitanFile because they provide a safe and dependable way to store and restore data. Experts also recommend adopting the 3-2-1 strategy for data backup. The 3-2-1 data backup method involves making three copies of data and storing them on two local devices (the original device and an external hard drive) and one off-site (cloud-based). 

Access control: It is a means of limiting authorised users' access to sensitive information. Passwords, multi-factor authentication, and role-based access control can help with this. These approaches ensure that sensitive data is only accessed by those who have the right authorisation, lowering the risk of data breaches and unauthorised access.

Tesla Data Breach: 75,000 Users Affected Due to Insider Wrongdoing

 


There has been an investigation into a data breach that affected the car manufacturer Tesla earlier this year, which has ended up being the result of "insider wrongdoing", a data breach notification filed by Tesla has revealed.  

A notice filed with Maine’s Attorney General’s Office on Friday shed more light on Tesla’s May data breach, revealing that there was a massive theft of employee records and the company blamed “insider wrongdoing.” 

The affected individuals were notified by Tesla in a letter dated August 18 that laid out details about the problem. There was a letter from the company saying that the information that was leaked included the names and contact information of both current and former employees. Even though social security numbers were revealed, the letter did not mention them. 

In a large data breach that affected employees of more than 75,000 companies, Tesla has claimed that insider wrongdoing was responsible for the breach. It was confirmed by President Elon Musk, the owner of the electric car maker Tesla, that in a data breach notice that was filed with Maine's attorney general, two former employees had leaked more than 75,000 individuals' personal information to a foreign media outlet after a thorough investigation had been conducted. 

There were over 23,000 files within the data archive, and the data contained sensitive data that belonged not only to current but also to former employees of Telsa. There was data about employees' phone numbers, personal email addresses, and salaries, as well as bank information for their customers and confidential information about Tesla's production. As well as social security numbers, it also included some of Elon Musk, Tesla's CEO, who used social security numbers to operate the company.  

A further 2,400 complaints were also leaked from Tesla customers about their vehicles, which is part of the data revealed. On August 18, Tesla of America filed a data breach notice with the Maine Attorney General's office announcing a 75,735 employee data breach, which had been caused by a breach of security caused by “insider wrongdoing .” 

In its announcement, Tesla said that its investigation into the breach had revealed that two former Tesla employees tried to misappropriate the information by violating IT security policies and protecting the data as required by Tesla to gain entry to the report. Handelsplatt was allegedly the recipient of the data that had been shared by the former employees. 

Investigations and Lawsuits Following a Leak 


According to Tesla, two former employees are being sued for releasing the data and a court order has been issued that prevents them from using, accessing, or disseminating the data in the future. In its notice, Tesla said that it cooperated with law enforcement and external forensics experts to handle the investigation and would continue to take appropriate steps as needed in the future. 

A top German news organization, Handelsblatt, has confirmed that it received more than 100 GB of data from former Tesla employees over the last few weeks. This information was used as a basis for slamming Tesla for failing to adequately protect the personal information collected from customers, employees, and business partners, according to the news site. As reported by Handelsblatt newspaper, Musk's social security number was also included in the leak, which was made public by Bloomberg. 

A Tesla spokesperson confirmed that the data was shared with German newspaper Handelsblatt by two former employees. It says that it is "legally prohibited from inappropriately using the information" and says that it will not publish the information. 

There was a report in Handelsblatt in May that Tesla was affected by a "massive" data breach that revealed all sorts of information about Tesla employees, as well as complaints made by customers about their vehicles. 

There were approximately 23,000 files, including 100 gigabytes of confidential data, obtained by the publication dubbed the Tesla Files, which contained more than 23,000 internal Tesla documents. Among the personal information stolen were the details of Tesla employees, payment information from customers, production secrets, as well as complaints from customers about the features of Tesla's Full Self-Driving (FSD) car. 

Tesla's Data Privacy Concerns Continue to Mount 


In addition to the May incident, Tesla has had several privacy issues in the past. A letter sent in April by senators Edward J. Markey and Richard Blumenthal raised questions about Musk's handling of reports that employees had been sharing sensitive images captured by cameras in customers' vehicles between 2019 and 2022 and how the company handled them. Due to the content of the report, Tesla is now the subject of a class action lawsuit. 

Tesla workers were reported by Reuters in April to have shared sensitive images recorded by customer cars, but the details of this incident were kept under wraps. The reports stated that between 2019 and 2022, employees of the company shared images and videos that were captured by the cameras in their cars.