GAO on Executive Confidentiality. Phished Dropbox. NLRB on workplace surveillance. The collection of TikTok.
In one look.
- GAO calls for dedicated privacy leadership within the executive branch.
- The Dropbox data breach stems from a phishing scam.
- The NLRB’s top lawyer focuses on reducing employee surveillance.
- TikTok policy update confirms Chinese employees’ access to user data.
GAO calls for dedicated privacy leadership within the executive branch.
A recent report from the US Government Accountability Office (GAO) indicates that executive branch departments and agencies need dedicated leadership to focus on privacy issues, CSO Online reports. Among the approximately sixty individual recommendations outlined in the document, GAO is asking Congress to consider legislation that would require these executive branch organizations to appoint a senior official who would be responsible for confidentiality. Many of the twenty-four entities reviewed already have privacy staff in place, but often they lack computer training, and privacy is often just one of many job duties. individual, which makes it difficult for them to give it the attention it deserves. In a podcast released after the report, GAO’s Director of Information Technology and Cybersecurity, Jennifer Franks, said, “Now is the time to ensure that privacy receives sufficient attention at the highest levels of the management of all our branches; and that all of our agencies take privacy fully into account at every stage so that when new technologies are deployed and we collect personal information, we consider all appropriate safeguards.
The Dropbox data breach stems from a phishing scam.
File hosting service Dropbox has revealed that it suffered a data breach in which an intruder gained access to data contained in its internal GitHub code repositories after a company developer was scammed by Phishing. Impersonating a representative of CircleCI, a popular CI/CD platform used internally at Dropbox, the scammer lured the employee to a fraudulent CircleCI login page where the user entered their credentials GitHub, GitGuardian Blog Explain. Armed with this information, the bad actor infiltrated the developer’s GitHub account and, in turn, about one hundred and thirty repositories of internal code. Although Dropbox claims that these repositories contained internal tools and were not connected to their core applications, the company confirmed that certain sensitive data, including API keys and other credentials, as well as “a few thousand names and email addresses belonging to Dropbox employees” were exposed. . The full extent of the breach was not disclosed, but Dropbox said in a statement, “We believe the risk to customers is minimal. Because we take our commitment to security, privacy and transparency seriously, we have notified those affected and are sharing more here… We also reviewed our logs and found no evidence of successful abuse. Still, experts say the hacker’s knowledge that Dropbox was using CircleCI demonstrates a high level of sophistication and users should be on the lookout for suspicious activity in their accounts.
The NLRB’s top lawyer focuses on reducing employee surveillance.
On Monday, General Counsel Jennifer Abruzzo of the US National Labor Relations Board (NLRB) issued a memo calling on the organization to crack down on electronic surveillance and automated management practices that violate workers’ rights. Spurred by concerns that employers could use such technology to interfere with labor organizing or other federally protected activities, Abruzzo wrote, “One issue that particularly concerns me is the potential for pervasive surveillance and other algorithmic management tools to interfere with the exercise of Article 7 rights by significantly impairing or nullifying the ability of employees to engage in protected activity and to keep that activity confidential from from their employer, if they wish. As Vice Remarks, the NLRB has previously said that workplaces are not allowed to target workers engaged in actions protected by national labor relations law with surveillance technology. However, problems persist even at top companies like Amazon, where warehouse workers say surveillance technology has suppressed their desire to unionize and drivers say in-vehicle tracking devices push them to work at dangerous rhythms. (Amazon says the technology is necessary to maximize employee safety.) Abruzzo is pushing for a framework that would require employers to disclose details about this technology to the NLRB, allowing the board to ensure employee rights do not are not abused.
TikTok policy update confirms Chinese employees’ access to user data.