MediaPro_Ldbd_08_18_16
OneTrust_Banner-ad-demo
BNA_PA_09_16_Privacy Laws-728x90
iapp-privacycore
PrivacyTraining_ad300x250.Promo1-01
OneTrust_GDPRCompliance_square-banner1

(Aug 29, 2016) Until the security and privacy community figures out how to stop them, ransomware infections may be as inevitable as death and taxes. But the better you handle them when they happen, the less chance you will be plagued by them over and over again. In this exclusive for The Privacy Advisor, Doug Pollack, CIPP/US, offers some things you can do to lower the likelihood of a malware attack, and explains how to handle one if it happens, both during the attack and after. This is the third in a four-par... Read More

Daily Dashboard

Roundup: Australia, Germany, UK, US and more

(Aug 29, 2016) The Australian government has released a list of legislation it plans to propose in the spring Parliament sittings, including a mandatory data breach notification bill. Germany is considering loosening its tough privacy laws after a series of terror attacks. The U.K. is considering a plan to sell patient data to privacy companies. And in the U.S., California has two new privacy laws protecting the data of students and applicants to its health insurance exchange, while a bill to protect biometric and geolocation data died in the Senate. Read about all this and more in this week’s Privacy Tracker legislative roundup. (IAPP member login required.) Read More

Daily Dashboard

Online tool allows users to inspect banks’ privacy notices

(Aug 29, 2016) Computer scientists at Carnegie Mellon have developed an online tool designed to help users examine banks’ privacy notices, Motherboard reports. The tool, simply titled “Bank Privacy” inspects the notices of a user’s bank, and other banks within the area, giving the user the opportunity to possibly find a bank with a privacy notice they prefer. "We collected lists of financial institutions in the United States and wrote a computer program that automatically queries Google in search of companies’... Read More

Daily Dashboard

ICO’s Denham issues statement on WhatsApp and Facebook data sharing 

(Aug 29, 2016) U.K. Information Commissioner Elizabeth Denham issued a statement on WhatsApp announcing it will start sharing data with Facebook. “The changes WhatsApp and Facebook are making will affect a lot of people. Some might consider it’ll give them a better service, others may be concerned by the lack of control. Our role is to pull back the curtain on things like this, ensuring that companies are being transparent with the public about how their personal data is being shared, and protecting consumers ... Read More

Daily Dashboard

Jeeves creator Jean Yang named one of 35 Innovators Under 35

(Aug 29, 2016) MIT Technology Review has named Carnegie Mellon’s Jean Yang as one of its 35 Innovators Under 35 for her work on privacy-equipped programming language tool, Jeeves. “Just like there are many ways to sink a boat, there are many ways to leak information,” Yang said. Jeeves works as “a double hull for information leaks,” she added. Yang took the code to open-source libraries for widespread use. “Giving people tools to create technology is incredibly empowering.” Editor’s Note: Jean Yang gave a keynote address at P.S.R. 2015 on Academia, Industry, and Security. Read More

Daily Dashboard

Identity governance red flags identified

(Aug 29, 2016) SecurityIntelligence identifies five of the most common warning signs that a company is struggling with identity governance issues. They include orphaned accounts, poorly defined certification processes, inadequate access request approvals, lack of segregation-of-duty controls, and independent processes across the organization, the report states. The issues are very typical and can lead to employee-catalyzed breaches. “Fortunately, the right identity governance and intelligence solution can solve these issues to minimize your security risks and help you systematically achieve and manage your regulatory compliance,” the report adds. Read More

Daily Dashboard

Trump campaign app’s data access overly invasive, advocates say

(Aug 29, 2016) Privacy advocates are concerned that Donald Trump’s newly released “America First” mobile app goes too far in its data collection procedures, ABC News reports. The app gains access to a user’s contact list during the initial app registration process. Advocates contend the move is problematic because mobile address books “in many cases … can contain notes about health information, snippets of emails, codes for security systems or garage doors, shared passwords, or even Social Security numbers,” the report states. Trump is "basically saying he has the right to pull down the contact list of the donors and supporters [using the app], which is something that is really very controversial,” said the Electronic Privacy Information Center Executive Director Marc Rotenberg. Read More

Daily Dashboard

Industrial IoT groups working together to develop industrywide standards

(Aug 29, 2016) The Organization for Machine Automation and Control, OPC Foundation, and PLCopen have announced plans to band together and create industrial internet of things standards for data sharing and “seamless … interoperability,” AutomationWorld reports. This alliance comes on the heels of each group’s individual IIoT developments, like creating a global taskforce charged with developing a companion specification for industry tools. However, industrywide “standards are needed to support communications from machine-to-machine and from the plant floor to interfaces that will allow large scale data analytics and information transfer,” said OMAC’s John Kowal. “It just makes sense for these organizations which have individually done so much to advance automated manufacturing to collaborate and avoid redundant developments.” Read More

Daily Dashboard

Op-ed: IT pros need to demolish “reality distortion field”

(Aug 29, 2016) IT professionals must acknowledge and abandon the “reality distortion field” that keeps industry leaders from embracing new security techniques as breaches grow, Jason Hart writes in an op-ed for Network World. “Reality distortion field is a term used to describe the belief that wanting and willing something — even the near-impossible — can make it happen,” Hart says. “However, a reality distortion field has overtaken today’s data security mindset when it comes to the effectiveness o... Read More

Daily Dashboard

Data and privacy issues come to car dealerships

(Aug 29, 2016) The automotive industry is taking a closer look at how to best use data to sell cars, according to a new column in Automotive News. “Clearly, seamless digital customer experiences are reversing the historic outsourcing of customer service designed into the franchise system,” writes Automotive News’ J Ferron. “This intensified battleground of new ways to access and create experiences is filled with data seekers and providers whose strategies may or may not have the retailers' best interests in mind.” Therefore, dealerships are on the front lines of protecting consumer data. “Every dealership team must decide whether a prospective data partner's marketing initiatives help or hurt,” Ferron adds. “As cyber risks rise, potential partners should be clear about how they protect dealer data.” Read More

Daily Dashboard