Browsing Category
Uncategorized
49 posts
“Brazil’s ANPD Initiates Public Consultation: Anonymization, Pseudonymization, and Data Subject Rights in Focus for Data Privacy”
As a data privacy consultant, it’s encouraging to see the Brazilian Data Protection Authority (ANPD) taking proactive steps…
Breaking News for the iGaming Community: Strive Gaming Attains Certification and Provisional Gaming Supplier License in Michigan
Strive Gaming has secured both certification and a provisional gaming supplier license in Michigan, marking a significant milestone…
Turkey’s Entire Population Has Data Leaked
It was discovered that roughly 85 million people’s data (the entire population of Turkey) had their information added…
Florida Privacy Bill maintains PRA
iapp.org/news/a/florida-privacy-bill-maintains-pra-ahead-of-house-floor-vote/
Ransomware Industrial Services
www.zdnet.com/article/ransomware-industrial-services-are-still-the-most-popular-target-but-now-cyber-criminals-are-diversifying-attacks/?ftag=COS-05-10aaa0g&taid=6177c71f35a2610001afc9a9&utm_campai…
Live From The Field
www.zdnet.com/article/personal-data-protection-to-become-a-fundamental-right-in-brazil/?ftag=COS-05-10aaa0g&taid=617591120fbc4500016c6a3f&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=true…
Cardholder Data: Pennsylvania Court Approves Breach Settlement
After hackers used credit card-stealing malware on a chain of convenience store/gas stations over a 9 month period,…
Due Diligence: Financial Regulators Seek Feedback on Managing Third Party Relationships
Proposed guidance requires financial companies to conduct in-depth due diligence, periodically update risk assessments throughout the third party relationship,…
Children and Minors: Tech Companies Urged to Expand Protections for US Users
Following the release of the UK ICO’s AADC for safeguarding children’s personal data, several members of Congress issued…
Marketing Communications: FTC Fines Septic Tank Companies $1.6 Million
Company representatives called at least 31 million people on the do not call registry to promote septic tank…
Marketing Communications: FTC Fines Septic Tank Companies $1.6 Million
Company representatives called at least 31 million people on the do not call registry to promote septic tank…
Mexico – INAI Mexico Recommendation on Breach Response
Cyber attacks orchestrated by organized crime continue to be a problem and organizations must work to ensure the…
New York City’s Tenant Data Privacy Act
The New York City Tenant Data Privacy Act (TDPA) was passed on May 28, 2021. Scheduled to go into effect on…
Biometrics: Brazilian Authority Investigates Collection of Fingerprints
The Brazilian Consumer Defense Institute has begun inquiry into two pharmacies for the collection and use of biometric…
Morgan Stanley Personal Data Breach
www.reuters.com/business/finance/morgan-stanley-says-some-personal-data-stolen-after-data-breach-2021-07-08/
Ransomware : Only 50% of organizations are able to effectively defend against attacks warns report/
www.zdnet.com/article/ransomware-only-half-of-organisations-can-effectively-defend-against-attacks-warns-report/
Reporting to Regulators: New Registration Portal for Peru Controllers
Legal and natural persons and public entities that administer personal data banks (such as the data bank of…
Connecticut Attorney General concern about Amazon Sidewalk privacy feature
The Connecticut Attorney General warned consumers of Amazon’s new shared network called Amazon Sidewalk feature; smart home devices…
Nevada Privacy Legislation updates
Nevada Governor Sisolak signed SB260 on June 2nd, a bill that will amend the state’s existing privacy notice legislation…
Cardholder Data: Online Retailer Settles with NY AG for $200,000 Following Data Breach
The retailer failed to implement a security patch for a known vulnerability in code used in its online…
Privacy Principles: OAS Adds New Privacy and Data Protection Principle
Updated guidance for Member States includes an additional principle on the establishment of data protection authorities in each…
LGPD: ANPD Clarifies Role of Controller and Processing Agent
Defining Data Controller, Defining Data Processor, Appointing a Data Protection Officer, Outsourcing, Understanding Enforcement Actions Controllers are responsible…
HIPPA Records Request: Healthcare Provider to Pay $5000 HHS Fine
A covered entity refused to comply with an individual’s request for their child’s PHI in violation of the…
Transparency: Brazil Regulators Find Non-Compliance by Global Messaging Network
Substantial differences between the Brazilian and EU versions of the network’s new privacy policy prompted the regulators’ review, which found unclear…
Legislation: North Dakota Bill Imposes Licensed Insurer Security and Breach Obligations
It sounds like the NYS DFAS law, good to know and learn more. William Feher, CPA Chief Financial &…
Children: Video Game Publisher Lacked Interest-Based Advertising Disclosures
The video game publisher collected user data for interest-based advertising without providing information required under the Digital Advertising…
Data Scraping: California Court Finds Terms of Service Violated
A marketing intelligence company countersued a social network for blocking access to its network to prevent data scraping;…
CEO of Encrypted Chat Platform Indicted for Aiding Organised Criminals
Check out this article from The Hacker News. CEO of Encrypted Chat Platform Indicted for Aiding Organised Criminals…
National Security Commission on AI Pinpoints Chinese Threat by Debra Kaufman
National Security Commission on AI Pinpoints Chinese Threat By Debra Kaufman The National Security Commission on Artificial Intelligence…
Florida PI
This bill amends and reintroduces another House bill that, if passed, would require website and online businesses (that…
The Weakest Link in Your Security Posture: Misconfigured SaaS Setting
Check out this article from The Hacker News. The Weakest Link in Your Security Posture: Misconfigured SaaS Settings…
Data Breach: Online Retailer to Settle CCPA and UCL Allegations
Unredacted, unencrypted customer PII stored on the ecommerce platform was scraped by hackers and offered for sale on…
Legitimacy: AEPD Spain Fines Telecom EUR 75,000 for Willful GDPR Breach
The telecom failed to resolve an individual’s complaint after it charged him another individual’s invoice 5 times (the…
Legislation: EU Parliament Approves Class Action Model
Qualified entities designated by Member States (after demonstrating that they meet specific criteria) can bring actions for protection…
Hacker: ICO UK Fines Ticket Company £1.25 Million For Data Breach
An attacker inserted malicious code into the chatbot on the company’s payment page, potentially compromising the financial data…
ICO issues enforcement notice against Experian
October 27th 2020 saw the Information Commissioner issue an ‘Enforcement Notice’ against Experian, under DPA18, for its processing…
Data Breach: NY Regulator Finds Social Network Lacked Appropriate Security
A social network platform was breached by hackers taking advantage of remote working vulnerabilities (i.e., the hackers exploited…
Data Breach: Retailer to Pay NJ AG $235,000 for Improper Disposal by Supermarket Pharmacies
Supermarkets operating in-store pharmacies failed to properly dispose of electronic devices used to collect the signatures and purchase…
Data Breach: Health Provider to Pay AGs $5 Million -USA
Data Breach: Health Provider to Pay AGs $5 Million Compromise of the company’s administrative credentials resulted in exfiltration…
Data Breach: ICO UK Fines Airline £20 Million for Insufficient Security
Data Breach: ICO UK Fines Airline £20 Million for Insufficient Security An attacker gained access to the company’s…
LGPD: MPDFT Brazil Files First Public Civil Action
A preliminary injunction is sought against a company that unlawfully sells personal information (i.e., name and contact details) to professionals…
COVID -19 has forced retailers into the cloud and on-line – which presents additional privacy and security challenges
Companies are reacting to the changes in consumer behavior and moving on-line – that bring additional challenges and…
Secret contracts may soon bring privacy features to public Blockchains
Interesting development around blockchain privacy https://cointelegraph.com/news/secret-contracts-may-soon-bring-privacy-features-to-public-blockchains #privacy #blockchain #emergingrisk #data
What’s The Impact Of Data Privacy Regulation On Loyalty Marketing?
…Consumer-facing brands in the U.S. are contending with a growing array of consumer privacy laws. There has been…
Opt-In: Advertising Industry Urges Texas to Reject Restricted Privacy Approach
https://www.networkadvertising.org/sites/default/files/final_response_to_texas_privacy_council_survey_8.21.2020.pdf “The Texas Privacy Council should be mindful of unintended side effects of a legislative approach that…
COVID-19: South Carolina Department of Health Best Practices for Businesses – Privacy Concerns
Where an employee tests positive, HR, Employee Relations or a supervisor should collect from the employee relevant information…
The Connecticut Insurance Data Security Law goes into effect on October 1, 2020.
The Connecticut Insurance Data Security Law goes into effect on October 1, 2020. Licensed insurance companies, and…
New York Department of Financial Services announced cybersecurity charges against First American Title Insurance Company.
Continuing our updates on Privacy Risk and Readiness Management Despite the massive impacts of the pandemic on…
Legislation: US Bill Requires Mandatory Encryption Backdoors
If passed, Lawful Access to Encrypted Data Act (“Act”) is introduced in the United States Senate – if…