Greetings from Portsmouth, NH,
Though we're in the heart of the summer, many infosec and privacy pros traveled to Las Vegas this week to brave 110-degree desert temps. At least it's a dry heat, right?
The annual Black Hat USA Conference, sidled by the more low key Defcon, reportedly drew its biggest crowd this year. And though it's one of the premier security events in the world, privacy was top of mind. To wit: Black Hat founder Jeff Ross, also known on Twitter as the Dark Tangent, discussed the EU General Data Protection Regulation and the California Consumer Privacy Act of 2018 during his opening keynote. “The General Data Protection Regulation, that’s political, and soon we might have a California law to deal with,” he said. “Business models are running smack into political models.”
Plus the event is always chock full of new privacy and security research, and this year, there were a couple panel sessions focused directly on privacy. For more details on the event, the IAPP's Ryan Chiavetta rounded up some of the latest reporting for Privacy Tech.
One news story that struck me as interesting this week was a report from The Wall Street Journal noting that several major U.S. banks were contacted by Facebook to discuss a potential data-sharing program involving financial information. The reported concept would help users check their account balances, buy and sell goods, and receive fraud alerts. Of course, financial information is a touchy area for most consumers, and it appears the banks are being cautious. One bank has apparently already declined to participate due to data privacy concerns. Though details of the program are pretty vague right now, it's interesting to see this potential convergence of the social media and financial industries.
The Washington Post followed up with a report looking at the idea more broadly, noting there is interest; Facebook's stock jumped 4 percent as a result of the WSJ report. No doubt, the bottom line is driving new, and perhaps risky, business ideas, but data privacy looks like it's playing a role here as well.
Finally, the Consumer Financial Protection Bureau released news Friday that it's updating Regulation P to implement legislation amending the Gramm-Leach-Bliley Act. The finalized amendments would allow "financial institutions that meet certain requirements to be exempt from sending annual privacy notices to their customers." The reasoning, according to the CFPB press release, is that it will "ease the burden on financial institutions and reduce risk of consumer confusion." For privacy pros in this industry, I'm curious, is this a good thing for both consumer and industry, as the CFPB states? For more details, you can check out the final rule here.
Happy reading and enjoy the weekend!
If you want to comment on this post, you need to login.