OneTrust_Square Banner_300x250_DD_ROS_01_19

(Feb 28, 2017) In 2003, California passed a groundbreaking data breach notification law. Since then, 47 states have passed breach notification laws, most modeled on California's law. As data collection has become more ubiquitous, technologies more advanced and consumer data more valuable, the definition of "personal information" within these laws has expanded to include things like login credentials, biometric information and health data. Emily Tabatabai, CIPP/E, CIPP/US, and Shea Leitch, CIPP/E, CIPP/US, write for Privacy Tracker about this trend, noting that it "will likely continue unabated as states seek to keep up with trends in cybersecurity and the threat landscape ... Persistent monitoring of new legislation will continue to be important, as legislative activity does not appear to be slowing down." Read More

Daily Dashboard

Justice Department: Trump's order won't affect Privacy Shield, Umbrella

(Feb 28, 2017) In a letter to the European Commission, the U.S. Department of Justice said President Donald Trump's executive order on illegal immigration will neither affect the EU-U.S. Privacy Shield nor the Umbrella Agreement, Reuters reports. "Section 14 of the Executive Order does not affect the privacy rights extended by the Judicial Redress Act to Europeans," writes Deputy Assistant Attorney General Bruce Swartz. "Nor does Section 14 affect the commitments the United States has made under the DPPA (Umbrella Agreement) or the Privacy Shield." European Commissioner Věra Jourová said that she was "not worried" but "remained vigilant," the report states. Read More

Daily Dashboard, Europe Data Protection Digest

Breach of smart teddy bear data leaks 800,000 users' info

(Feb 28, 2017) Smart toy manufacturer Spiral Toy's CloudPets database of 800,000 customer credentials and more than two million users messages was stored for a little over two weeks on an unsecured server and discovered by security researchers and potentially hackers, Motherboard reports. Researchers said that the exposed data has been overwritten twice, the report states. However, the company has not yet publicly disclosed the breach or notified victims. "They were very irresponsible because they had to know ... Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

New CDT study examines data-deletion 'disconnect'

(Feb 28, 2017) The Center for Democracy and Technology's new research paper, “Should it stay or should it go? The legal, policy, and technical landscape around data deletion," examines the "disconnect" between how companies delete data and how its consumers understand what deletion means, the CDT's Michelle De Mooy writes. While some companies have viewed data removal in the past as unfathomable, now embracing the practice could improve data quality. "As the novelty of big data wears off, companies are faced w... Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

NY airport's storage device leaked sensitive info on open web

(Feb 28, 2017) A misconfiguration in an internet-connected storage device used by Stewart International Airport resulted in sensitive information leaking onto the open internet for almost a year, ZDNet reports. The sensitive information on the drive included staff email accounts, human resource files, payroll data, and a large financial tracking database. MacKeeper Security Center Lead Security Researcher Chris Vickery discovered the breach and said the drive "was, in essence, acting as a public web server." T... Read More

Daily Dashboard

Privacy pros discuss access to consumer data at KnowledgeNet

(Feb 28, 2017) An IAPP KnowledgeNet co-organized by the “Santa Clara High Tech Law Journal” discussed best practices in digital privacy for law enforcement, privacy professionals and businesses. "The event featured speakers from a cross-section of the privacy profession, including lawyers from corporations, law firms, government," the report states, as well as from civil society and the press. One panel focused on how businesses should design privacy policies and protect consumer privacy rights, touching upon ... Read More

Daily Dashboard, Privacy Bar Section

FTC releases agenda for blockchain, AI forum

(Feb 28, 2017) The Federal Trade Commission released the agenda for its FinTech Forum, focusing on the consumer implications of artificial intelligence and blockchain technology. The forum, taking place March 9, will feature two panel discussions. The opening panel will cover the potential benefits and risks artificial intelligence poses for users in products or services in fields such as personalized financial services. The second panel will discuss the potential applications for blockchain technology, and th... Read More

Daily Dashboard

OCR calls for more information sharing to fight health care threats

(Feb 28, 2017) Within its February Cyber Awareness Newsletter, the U.S. Department of Health & Human Services’ Office for Civil Rights states the government, privacy sector, and international network defense communities should join forces to share more information to fight back against the increasing number of health care cybersecurity threats, Health IT Security reports. The OCR cites the Department of Homeland Security’s National Cybersecurity and Communications Integration Center, and the NCCIC’s United... Read More

Daily Dashboard

Judge: Gun rights advocates allowed to publish lawmakers' private info

(Feb 28, 2017) A federal judge ruled gun owner rights advocates are legally allowed to publish the home addresses and telephone numbers of California state lawmakers who voted in favor of firearm restrictions, CBS News reports. U.S. Chief District Judge Lawrence O’Neill issued a preliminary injunction blocking a state law letting public officials petition to have their private information removed online if they feared for their safety. The judge ruled the state law is too broad, and violates the advocates' rig... Read More

Daily Dashboard, Privacy Bar Section

FCC chairman plans to delay agency's broadband privacy rules

(Feb 27, 2017) Federal Communications Commission Chairman Ajit Pai is planning to delay the implementation of the agency’s broadband privacy rules, Reuters reports. FCC spokesman Mark Wigfield said Pai believes all companies in the "online space should be subject to the same rules, and the federal government should not favor one set of companies over another." The move to delay implementation of the data security rules could come as soon as March 2. Analysts consider a temporary stay as the first step toward p... Read More

Daily Dashboard, United States Government