VA branch exposes personal information to 25K unauthorized personnel

(Oct 21, 2019) A report from the U.S. Veterans Affairs Inspector General has revealed a regional office in Milwaukee, Wisconsin, exposed the personal data of an undisclosed number of patients to more than 25,000 unauthorized users, Nextgov reports. The IG did not classify the data exposure as a breach but did say the information was placed "at unnecessary risk." Medical records and documents were revealed, along with names, addresses, birthdates and phone numbers dating back to 2016. "The inadequate protection... Read More

40 organizations seek Section 702 revisions

(Oct 18, 2019) The American Civil Liberties Union announced it joined a coalition of more than 40 advocacy groups on a letter urging the U.S. House Judiciary and Intelligence committees to consider amending Section 702 of the Foreign Intelligence Surveillance Act before reauthorizing the law. Written in response to FISA documents that "reveal significant privacy violations," the letter asked for lawmakers to strongly and carefully consider ensuring Section 702 prohibits "warrantless 'backdoor' searches" and "'... Read More

US Senate Commerce Committee issues report on CPSC data disclosures

(Oct 18, 2019) The Hill reports the U.S. Senate Committee on Commerce, Science, and Transportation has filed a report that revealed the Consumer Product Safety Commission mishandled and disclosed the personal data of 30,000 consumers. Street addresses, ages and genders were among the information disclosed by the CPSC during failed data purges between December 2017 and March 2019. In its report, the committee recommended CPSC improve measures to protect personal data. Meanwhile, WalletHub published research on ... Read More

US Senate committee to hold hearing on data privacy rights, valuation

(Oct 18, 2019) The U.S. Senate Committee on Banking, Housing, and Urban Affairs has announced the "Data Ownership: Exploring Implications for Data Privacy Rights and Data Valuation" hearing will be held Oct. 24. The hearing will include testimony from American Bar Association Committee on Cyberspace Law Founding Chair Jeffrey Ritter, American Civil Liberties Union Senior Advocacy and Policy Counsel Chad Marlow, American Action Forum Director of Technology and Innovation Policy Will Rinehart, and DrumWave CEO M... Read More

Ransomware attacks on the rise

(Oct 18, 2019) Ransomware attacks targeting Canadian organizations are on the rise, CBC News reports. Experts say the health care field, in particular, as well as some municipalities, has been targeted due to the sensitivity of records kept. A recent survey of Canadian organizations found 88% experienced a data breach over the past year, while 82% reported an “increase in overall attack volume.” Ransomware accounted for 14% of breaches in that survey. It’s unclear why Canadian firms are increasingly being targ... Read More

Op-ed: Does Ireland’s DPC funding breach EU rules?

(Oct 17, 2019) In an op-ed, The Irish Times asks if a recent decision to fund Ireland’s Data Protection Commission at 27% of its requested increase for 2020 is a breach of EU rules. In a complaint filed with the European Commission, Castlebridge Founder and Managing Director Daragh O'Brien argued the state may have breached its obligations under the EU General Data Protection Regulation, Law Enforcement Directive and EU Charter of Fundamental Rights. The commission requested the additional funds due to the “in... Read More

OAIC wants comments on CDR privacy safeguard guidelines

(Oct 17, 2019) ZDNet reports the Office of the Australian Information Commission has asked for public feedback on draft privacy safeguard guidelines for the country's Consumer Data Right. The OAIC is seeking comments that will improve the guidelines' clarity. Specifically, the OAIC hopes to learn if the guidelines overlooked topics and if they effectively help organizations understand their privacy safeguard obligations. "We are looking for business to engage with the draft guidelines, including small business... Read More

Sen. Wyden proposes new federal privacy bill

(Oct 17, 2019) U.S. Sen. Ron Wyden, D-Ore., has introduced legislation that imposes penalties on companies and executives who fail to protect consumer data, CNN reports. The Mind Your Own Business Act would put top executives behind bars for up to 20 years if their companies are caught lying to authorities about having misused Americans’ personal information. The proposed bill includes a "one-click" solution that would give consumers control over how their data is shared and privacy advocacy groups the right t... Read More

Perspective: EU member states comment on GDPR's application

(Oct 16, 2019) In preparation for requirements in Article 97 of the EU General Data Protection Regulation, a host of member state delegations submitted comments to the Council of the European Union on their evaluation and review of the application of the GDPR. In all, 19 member states commented in a 72-page document released Oct. 9. Of course, there's a lot in there to chew on, but IAPP Senior Westin Fellow Müge Fazlioglu, CIPP/E, CIPP/US, has gone through the comments to assess how member states regard the ap... Read More

Facial-recognition database allegedly violates Illinois BIPA

(Oct 11, 2019) The New York Times reports thousands of Illinois residents may have had their photos uploaded to facial-recognition database MegaFace without their permission. “Photos themselves are not covered by the Biometric Information Privacy Act, but the scan of the photos should be. The mere use of biometric data is a violation of the statute,” University of Illinois Law Professor Faye Jones said. The photos were pulled from Flickr, many of which were uploaded more than 10 years ago and set to noncommerc... Read More