Facebook sued over 'stolen' DC designs; PayPal to pay $10m for sanction violations; Optus reviewed after privacy breaches

Optus has committed to completing a series of independent reviews following three incidents where the security of personal information held by the telco was compromised.

The Australian Privacy Commissioner, Timothy Pilgrim, last week said he had accepted an enforceable undertaking from Optus regarding the incidents.

In the words of the Office of the Australian Information Commissioner (OAIC), an enforceable undertaking is “an agreement between the OAIC and an organisation or agency that creates a binding commitment to take steps to ensure privacy compliance”.

Such an undertaking can be enforced by the Privacy Commissioner in the Federal Court or Federal Circuit Court.

In the Optus case, the enforceable undertaking finalises an investigation that Pilgrim began in July 2014, following a voluntary data breach notification by Optus of the three incidents, a statement from the OAIC said.

“The security of personal information of a large number of individuals was compromised as a result of each of these incidents (over 100,000 in each incident),” the OAIC said.

Optus took steps to contain the incidents once it became aware of them and cooperated with the OAIC during the office’s investigation into the incidents, according to the OAIC.

Optus has committed to engaging an independent auditor to conduct a series of reviews into the telco’s processes and security measures, the OAIC said.

Facebook sued over “stolen” data centre designs

British data centre company BladeRoom Group (BRG) has sued Facebook for allegedly stealing the designs, transportation and construction techniques used to build data centres for the latter company.

In a complaint filed in the San Jose, California District Court, BRG and its IP licensor Bripco alleged that Facebook’s ‘rapid deployment data centre (RDDC)’ approach was developed by BRG, ITnews reported.

“What Facebook did not disclose, however, was that this methodology and the detailed know-how supporting its use had in fact been stolen by Facebook from BRG,” ITnews quoted the complaint as saying.

According to Computerworld, BRG said it contacted Facebook in 2011 about using BRG’s modular, prefab data centre construction technique.

But Facebook stole BRG’s ideas and used them to build part of a data centre in Sweden, BRG reportedly claimed.

BRG is also claiming that Facebook encouraged others to use BRG intellectual property through the Open Compute Project, CW reported.

BRG is reportedly suing Facebook for, among other things, theft of trade secrets and breach of contract.

BRG is seeking injunctive relief from Facebook, including restitution sufficient to “disgorge Facebook of all profits, cost savings and reputational enhancement it realised and losses averted”, according to ITnews.

PayPal to pay $10 million for violating US sanctions

PayPal has agreed to pay almost US$7.7 million (about $9.9 million) to settle “potential civil liability” for processing payments “in apparent violation” of several US sanctions programs, including ones relating to weapons of mass destruction, terrorism, Iran, Cuba and Sudan.

That’s according to a US Treasury notice dated last week and available online.

The US$7.7 million settlement relates to 486 transactions totalling approximately US$43,934 (about $57,000).

“For several years up to and including 2013, PayPal failed to employ adequate screening technology and procedures to identify the potential involvement of U.S. sanctions targets in transactions that PayPal processed,” the US Treasury notice said.

“As a result of this failure, PayPal did not screen in-process transactions in order to reject or block prohibited transactions pursuant to applicable U.S. economic sanctions program requirements,” it went on.

The Treasury said that PayPal voluntarily self-disclosed the apparent violations involved in the case and noted that PayPal “substantially” cooperated with the Treasury’s Office of Foreign Assets Control (OFAC) investigation.

Computerworld quoted PayPal’s chief compliance officer, Gene Truono, as saying: “We recognise that prior to April 2013, PayPal did not have a system that could scan payments in real time in order to block prohibited payments.

“There was a delay in the scanning, which allowed some prohibited payments to be processed. In many cases, those payments were detected and reversed,” Truono was quoted as saying.

The WSJ reported that under the settlement, PayPal didn’t admit or deny the alleged violations.