OneTrust_Banner-ad-demo
MediaPro_GDPR_Ldbd_07_22_16

PrivacyTraining_ad300x250.Promo1-01
Certification_Ad_300x250final-01

(Jul 25, 2016) The U.S. Federal Aviation Administration's new regulations on drones, or unmanned aerial devices, become effective late next month. The rules, which build on the privacy best practices published at the end of the National Telecommunications and Information Administration's multi-stakeholder effort last month, apply to commercial use of drones weighing less than 55 pounds. In this quick-hit Q&A for The Privacy Advisor, Diana Marina Cooper, senior director of legal and policy affairs at drone manufacturer PrecisionHawk, discusses what you need to know about Part 107 of the Federal Aviation regulations. Read More

Daily Dashboard

Roundup: Singapore, Russia, Pakistan, US and more

(Jul 25, 2016) In this week’s Privacy Tracker legislative roundup, read about plans in Singapore to introduce legislation to safeguard sensitive data used by tech companies, as well as new guidance from the Personal Data Protection Commission on disposing of personal data. A Russian MP has proposed delaying the nation’s data retention law until the year 2023. A roundtable conference discussed Pakistan’s cybercrime bill, saying it needs amendments to protect privacy. In Europe, Advocate General Henrik Saugmandsgaard Øe’s opinions on data retention obligations in Sweden and the U.K. are bringing questions and speculation. And in the U.S., Connecticut prepares for its new student privacy law, Illinois passed a law limiting cellphone surveillance by police, and a court has said it’s legal to “upskirt” in Georgia. (IAPP login required.) Read More

Daily Dashboard

Medical center settles with OCR for $2.75M after 2013 breach

(Jul 25, 2016) The University of Mississippi Medical Center has agreed to pay the Department of Health and Human Services' Office for Civil Rights $2.75 million after a laptop theft in 2013 put data of 10,000 patients at risk, the Hattiesburg American reports. While the information was allegedly not accessed or disclosed, an OCR investigation found the medical center had known about lax security standards since 2005, the report states. “We have learned from this experience and are working hard to ensure that our information security program meets or exceeds the highest standard,” said Vice Chancellor for Health Affairs Dr. LouAnn Woodward in statement. The UMMC will further commit to an OCR-sanctioned three-year HIPAA corrective program, as per the settlement. Read More

Daily Dashboard

FTC’s Ramirez calls for comprehensive data security laws

(Jul 25, 2016) Federal Trade Commission Chairwoman Edith Ramirez is pushing for comprehensive data security laws, BuzzFeed reports. With cyberattacks continuing to be a major issue, Ramirez believes Congress and the tech industry need to do more in order to protect user privacy. The FTC wants to create federal standards for the ways organizations can collect, share and store data, while also seeking greater authority to punish businesses for putting citizens’ data at risk. “So much of the data collection that’... Read More

Daily Dashboard

EDPS publishes ePrivacy Directive opinion

(Jul 25, 2016) European Data Protection Supervisor Giovanni Buttarelli has expressed favor for strong encryption and against the use of backdoors within the revised ePrivacy law in his published opinion on the ePrivacy Directive on July 25, Ars Technica reports. “Decryption, reverse engineering or monitoring of communications protected by encryption should be prohibited,” Buttarelli wrote. “In addition, the use of end-to-end encryption should also be encouraged and when necessary, mandated, in accordance with ... Read More

Daily Dashboard

Microsoft approved 63 percent of revenge-porn takedown requests in six months

(Jul 25, 2016) Within six months of instituting a revenge-porn removal policy, Microsoft received 537 content removal requests from around the world, approving 63 percent of them, Microsoft reports in a blog post. The rest were denied, mainly because the content was not deemed revenge porn. The company added that it wanted to make the process continually easier for victims to report abuse. Meanwhile, Microsoft has announced it will adopt the EU-U.S. Privacy Shield, Out-Law.com reports, while company President ... Read More

Daily Dashboard

DNC hacked; donor information accessible

(Jul 25, 2016) WikiLeaks has obtained and published 19,252 emails from U.S. Democratic National Committee members, some of which contained the Social Security, passport, and credit card numbers of party donors, Gizmodo reports. The organization announced the email dump via a July 22 tweet, allowing the curious to access the unencrypted donor information, the report states. “Exactly why WikiLeaks decided not to redact the private information of unsuspecting Americans remains unclear,” the report adds. Read More

Daily Dashboard

Op-ed: Clinton, DNC’s privacy attitudes mile wide, inch deep?

(Jul 25, 2016) In light of this week’s Democratic National Convention in Philadelphia, Eric Chabrow analyzes both the Democratic party’s and nominee Hillary Clinton’s attitudes on cybersecurity in an op-ed for BankInfoSecurity after similarly examining the GOP’s policies. "Overall, [Clinton's] published plans go further than the plans I've seen from other politicians for privacy and information security," wrote The Privacy Professor & HIPAA Compliance Tools’ Rebecca Herold, CIPM, CIPP/US, CIPT. “Of course,... Read More

Daily Dashboard

Wyndham senior counsel offers cybersecurity advice

(Jul 25, 2016) Coleman Lechner, Wyndham Worldwide’s senior counsel for litigation, recently shared advice on handling data breaches, Corporate Counsel reports. Lechner joined Wyndham in 2013 after the company was sued by the Federal Trade Commission in 2012. Lechner said Wyndham now has a privacy team consisting of legal and information management professionals who interact with the company’s tech and information officers. He said data monitoring is "an ongoing thing" and that part of that process focuses on v... Read More

Daily Dashboard

Millions of accounts compromised in two mobile gaming breaches

(Jul 25, 2016) The official forums of popular mobile strategy game Clash of Kings were hit by a data breach, compromising the accounts of 1.6 million users, VentureBeat reports. The data was found on breach-tracking site LeakedSource, and included usernames, IP addresses, and Facebook data. “Exposing vulnerable applications to the internet is like walking through the hall with a kick-me sign stuck on your back,” said Tripwire Senior Security Researcher Travis Smith. “Attackers can quickly search the internet f... Read More

Daily Dashboard