OneTrust_Leaderboard_Banner_ROS_728x90_01_19
MediaPro_Ldbd_ROS_iapp-executive-summary-ad-cta-1-728x90-opt
BNA_21569 BLW ACC 2016 AHLA Survey and Guidance Report BAN 728x90_Ldbd
iapp-privacycore
IAPP_Salary-Survey_300x250_FINAL
OneTrust_Square Banner_300x250_DD_ROS_01_19

(Feb 28, 2017) Smart toy manufacturer Spiral Toy's CloudPets database of 800,000 customer credentials and more than two million users messages was stored for a little over two weeks on an unsecured server and discovered by security researchers and potentially hackers, Motherboard reports. Researchers said that the exposed data has been overwritten twice, the report states. However, the company has not yet publicly disclosed the breach or notified victims. "They were very irresponsible because they had to know ... Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

New CDT study examines data-deletion 'disconnect'

(Feb 28, 2017) The Center for Democracy and Technology's new research paper, “Should it stay or should it go? The legal, policy, and technical landscape around data deletion," examines the "disconnect" between how companies delete data and how its consumers understand what deletion means, the CDT's Michelle De Mooy writes. While some companies have viewed data removal in the past as unfathomable, now embracing the practice could improve data quality. "As the novelty of big data wears off, companies are faced w... Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

Chinese government issues draft security review measures

(Feb 27, 2017) On February 4, the Cyberspace Administration of China issued draft Network Products and Services Security Review Measures for public comment. The measures are follow-on legislation to China's cybersecurity law and bring China one step closer to implementing a security review regime with respect to network products and services. Wei Fan, CIPP/C, CIPP/E, CIPP/G, CIPP/US, CIPM, CIPT, Jason Meng and Mark Zhang analyze the draft for Privacy Tracker, noting that it “emphasizes the supervision during and after the usage of the product and service, to ensure the network products' and services' operational safety.” The article also offers insight on the impact on trade, government authorities and how reviews will be conducted. Read More

Asia-Pacific Dashboard Digest, Daily Dashboard

Roundup: EU, India, US and more

(Feb 27, 2017) In this week’s Privacy Tracker legislative roundup, read about the Article 29 Working Party’s new implementation documents for EU-U.S. Privacy Shield agreement. India is launching a National Cybersecurity Coordination Center to monitor cyberattacks. The U.K. Home Office has stalled data collection plans under the new Investigatory Powers law after a European Court of Justice ruling. In the U.S., the Republican push to overturn the Federal Communications Commission’s broadband privacy rules may see a challenge, the House Judiciary Committee Chairman underscored the need for the Email Privacy Act, which is currently stalled in the Senate; two republican senators are proposing a bill to overturn the Cybersecurity Act of 2015; and states are tackling social media access, biometrics and more. (IAPP member login required.) Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

Yang: Privacy must be an inherent element to computer code

(Feb 27, 2017) Common computer languages make it difficult for computer programers to protect users' privacy and keep users from truly understanding how these programmers are using their information. As such, privacy must be less of a programming afterthought and instead an inherent element, Carnegie Mellon University's Jean Yang writes in an op-ed for The Conversation. Computerizing privacy settings, instead of relying on programmers to manually code them, is one solution. "We can — and should – develop programming models that allow us to more easily incorporate security and privacy into software," Yang writes.  Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

How do we honor the dead in the Digital Age?

(Feb 24, 2017) In an effort to make tragedies more visceral, to have their impact felt more readily, news organizations have taken to mining social media and other online resources to create digital memorials. While these humanize what might otherwise move through a newsfeed as a simple count of casualties, IAPP Staff Writer Courtney Gabrielson, CIPM, wonders if the media and others are doing more privacy harm than good with these listicles that boil lives down into publicly available data points. While everyone, surely, should think about how their digital footprint will carry on after they're gone — she argues for Privacy Perspectives — the media and other organizations should also think about their own ethical obligations when they seek to honor and memorialize the dead. Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

Podcast: Zoladz on how to get ready for GDPR and where many firms are falling short

(Feb 24, 2017) In this episode of The Privacy Advisor Podcast, Chris Zoladz, CIPP/E, CIPP/G, CIPP/US, CIPM, CIPT, of Navigate talks about what he’s seeing on the ground as he advises clients who’re aiming to comply with the GDPR as its effective date rapidly approaches. Zoladz says based on his experience, organizations are largely not going to be completely compliant by May 2018, in part due to budget cycles. He also describes how to be strategic about big data and the GDPR’s new consent requirements. A big p... Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

Privacy Shield? Let's talk about it

(Feb 24, 2017) While the Article 29 Working Party, and others, may have questions about the foundations of the EU-U.S. Privacy Shield framework, it has thus far weathered a variety of storms, and even been joined by the Swiss-U.S. Privacy Shield. In fact, more than 1,700 organizations are now actively participating and using the framework to transfer data from the EU to the United States. Looking to learn more? Want to talk it out? The IAPP has you covered. Those of you who've already registered for the sold-o... Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

Cloudflare bug exposes private data

(Feb 24, 2017) A bug discovered in Cloudflare's software earlier in February accidentally exposed data like private messages on dating sites, frames from adult sites, and hotel bookings, BBC News reports. "Unfortunately, it was the ancient piece of software that contained a latent security problem and that problem only showed up as we were in the process of migrating away from it," said Cloudflare Chief Operating Officer John Graham-Cumming. The company has since fixed the issue, and Graham-Cumming said he wasn't worried that the exposed data was misused. "I am not changing any of my passwords," he said. "I think the probability that somebody saw something is so low it's not something I am concerned about." Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

Cellebrite announces product that can crack locked phones

(Feb 24, 2017) CyberScoop reports Cellebrite has announced its Advanced Investigative Service tool can "unlock and extract" locked iPhones' full file system, including those from the 6 and the 6+. “These capabilities dramatically increase law enforcement’s ability to access critical digital evidence and solve cases faster, by providing forensically sound access and extraction capabilities not found anywhere else in the industry,” the company said. “Furthermore, we now make the world’s first ‘decrypted physical... Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest