BNA_PA_09_16_Privacy Laws-728x90
OneTrust_Leaderboard Banner _10.14.168x90

(Oct 25, 2016) Timothy Banks, CIPM, CIPP/C, writes for Privacy Tracker about two new bills addressing genetic privacy in Canada. "News reports frequently suggest that Canada is alone amongst G-7 countries in not having a law specifically addressing genetic discrimination." Analyzing these bills and putting them up against laws in the U.K. and U.S., Banks writes that "Canada might be late to the table, but the Canadian anti-discrimination laws, if either were passed, would prohibit the use of genetic testing and genetic characteristics to make distinctions between individuals in far more circumstances than is currently the case in either the U.K. or the U.S." (IAPP member login required.) Read More

Canada Dashboard Digest, Daily Dashboard, Privacy Bar Section

AT&T-Time Warner merger highlights new round of privacy concerns

(Oct 25, 2016) The merger between Verizon and Yahoo and the proposed AT&T-Time Warner deal have ignited a new wave of privacy concerns, AFP reports. Privacy advocates are concerned the deals will allow the companies to use even more data to send targeted ads to consumers without any form of safeguards, while noting the proposed Federal Communications Commission broadband privacy rules would be one way to enforce standards. While some users see the potential benefit for targeted ads, advocates say it’s impo... Read More

Daily Dashboard

US government working to shore up IoT following DDoS attack

(Oct 25, 2016) The U.S. government is developing a new set of “strategic principles” for securing internet-of-things devices following last week’s massive DDoS attack, Reuters reports. The Department of Homeland Security held a conference call with 18 communication service providers to develop the principles shortly after the attack started. The DHS said its National Cybersecurity and Communications Integration Center was working with companies, law enforcement and researchers to manage its way through the inc... Read More

Daily Dashboard

NHTSA releases guidelines for automotive cybersecurity

(Oct 25, 2016) The National Highway Traffic Safety Administration released a set of guidelines to help improve cybersecurity in vehicles, TechCrunch reports. The 22-page set of best practices is designed to help auto manufacturers handle hacking attempts and to encourage car companies to incorporate security protocols into their vehicles. The NHTSA best practices include recommending a “layered approach,” placing critical system security over other safety-specific features, while endorsing information sharing in “as close to real time as possible” in the event of a cybersecurity incident. The NHTSA also encourages revealing any potential vulnerabilities, as well as holding onto any data used for a self-audit. Read More

Daily Dashboard

Article 29 Working Party to release GDPR guidance

(Oct 25, 2016) The Article 29 Working Party plans to release official guidance by the end of the year for companies unsure how regulators will enforce the General Data Protection Regulation, Bloomberg BNA reports. Article 29 Chairwoman Isabelle Falque-Pierrotin said her group’s initial guidelines will cover enforcement, privacy officers, and data portability provisions. Falque-Pierrotin said the guidelines are necessary to clarify ambiguities within the GDPR, and to “transform the text into an operational tool... Read More

Daily Dashboard, Europe Data Protection Digest, Privacy Bar Section

AARP sues EEOC over wellness program rules

(Oct 25, 2016) The AARP is suing the Equal Employment Opportunity Commission over rules regarding the disclosure of health information for employee wellness programs, The New York Times reports. Wellness programs often offer financial incentives for participation, while asking employees to submit personal medical information in order to take part. The AARP claims the wellness programs violate anti-discrimination laws designed to protect workers’ medical information, and questions whether the programs can be co... Read More

Daily Dashboard

Biometric bracelets designed to monitor what interests students

(Oct 25, 2016) The Bill & Melinda Gates Foundation is seeking to begin the development of a biometric bracelet designed to measure what moments interest and excite students in a classroom, Reuters reports. The devices, known as Q Sensors, “send a small current across the skin and then measure subtle changes in electrical charges as the sympathetic nervous system responds to stimuli,” the report said. The Q Sensors have been used in studies to determine consumers’ emotional response to ads. While the device... Read More

Daily Dashboard

Telecom tech company employees resign amid reports it assisted Turkish surveillance

(Oct 25, 2016) Reports that Californian telecom tech company Procera Networks has worked with Turk Telekom to provide the European company with usernames and passwords of Turkish users for surveillance purposes have inspired employees to resign from the company and leak documents illustrating Procera's dealings, Forbes reports. "Procera engineers feared they would in effect be supporting Turkey’s surveillance state, whose actions have come under increased criticism from human rights groups," the report states.... Read More

Daily Dashboard, Europe Data Protection Digest

FCC privacy rules could pass Oct. 27

(Oct 25, 2016) The Federal Communications Commission is expected to pass its new privacy rules on Oct. 27, and broadband providers could push back against them depending on how similar the revised rules are with the current FCC enforcement practices, the Morning Consult states. While a net neutrality rule allows FCC oversight for ISPs, "industry giants ... have argued that the privacy rules still might not align with the FCC’s authority to regulate privacy under the 1996 Telecommunications Act," the report sta... Read More

Daily Dashboard

Report details OPM's 2015 hack

(Oct 25, 2016) A WIRED report covers the 2015 Office of Personnel Management hack, from agency employees' discovery of the breach, their realization that the attack was most likely an advanced persistent threat, and their subsequent investigation. It also looks to the future, exploring the faults of security tools like unpaired encryption and how the agency can best rebuild. To remedy the loss of data in the attack, "a cybersecurity overhaul of this magnitude will, of course, require an abundance of talent," the report states. "And that means much depends on how well government recruiters can convince the best engineers that being locked in a high-stakes competition with supervillain-­esque adversaries is more exciting than working in Silicon Valley." Read More

Daily Dashboard