Dispatch from OURSA: The need for diversity in design

(Apr 18, 2018) The RSA security conference made news recently after some high profile folks on Twitter pointed out that, of the nearly two dozen keynote speakers lined up for the event — perhaps the biggest security conference in the world — only one was female. It's no secret that the security industry has a male-biased history, but instead of just complaining about it, the OUR Security Advocates Conference was born. This one-day, alternative conference featured a slew of leading female and minority informati... Read More

OURSA conference signals need for diversity in privacy, security design

(Apr 18, 2018) The RSA Security conference made news recently after some high profile folks on Twitter pointed out that, of the nearly two dozen keynote speakers lined up for the event — perhaps the most prominent conference in the world — only one was female. It's no secret that the security industry has a male-biased history, but instead of just complaining about it, Access Now's Amie Stepanovich and Facebook Chief Security Officer Alex Stamos, among others, worked on a solution: A one-day, alternative confe... Read More

IoT security and trust toolkit available

(Apr 17, 2018) AgeLight Advisory Group Managing Director Craig Spiezle has spent a lot of time examining more than 1,500 documents released by hundreds of initiatives that have hoped to develop a way to tackle issues related to internet of things security. The fruit of his efforts has arrived with AgeLight's IoT Safety and Trust Design Architecture and Risk Toolkit. The resource will help guide organizations into self-regulation, as they can examine 45 different principles to see which ones they need to implem... Read More

Study: Majority of kid-targeted Android apps violate COPPA

(Apr 17, 2018) A study conducted by University of California, Berkeley, researchers found a majority of Android apps marketed toward children under the age of 13 may potentially be in violation of the Children’s Online Privacy Protection Act, mainly due to the use of third-party software development kits, The Verge reports. During the examination of 5,855 apps, the researchers found 40 percent shared personal data without proper security protocols, 39 percent did not adhere to “contractual obligations aimed at... Read More

Advisory group releases IoT safety and design risk toolkit

(Apr 17, 2018) Hundreds of initiatives have been launched over the past several years to tackle the issue of internet-of-things security in the design phase for devices. AgeLight Advisory Group Managing Director Craig Spiezle spent the time to review more than 1,500 documents to see what those initiatives hoped to achieve. AgeLight has released the fruits of Spiezle’s work in the form of the IoT Safety and Trust Design Architecture and Risk Toolkit. The toolkit seeks to achieve three primary goals: to guide a... Read More

IAPP updates Privacy Tech Vendor Report

(Apr 16, 2018) Each quarter, the IAPP updates its Privacy Tech Vendor Report, a guide that brings together a directory of vendors, large and small, that are offering various types of privacy technology solutions. This year's report also features an introduction that includes insight from 12 privacy practitioners and consultants who shared their best practices and tips for vetting vendors, making the business case for budget, and implementation of third-party privacy management solutions within the organization... Read More

WP29 releases guidance on transparency, encryption

(Apr 16, 2018) The Article 29 Working Party has released guidance on encryption and transparency. The WP29’s guidance on transparency focuses on the EU General Data Protection Regulation, including elements of transparency under the GDPR and the information to be provided to data subjects under Articles 13 and 14 of the legislation. On encryption, the Working Party’s statement focuses on law enforcement’s legal powers to access data and backdoors and master keys. The WP29 concludes strong encryption is a neces... Read More

EDPS: Smarter approach to data sharing needed in the EU

(Apr 16, 2018) European Data Protection Supervisor Giovanni Buttarelli is calling for a smarter approach to sharing information in order to tackle security and border management challenges. In a recently published opinion on a pair of frameworks, Buttarelli said interoperability has both benefits and faults, as allowing databases to communicate with one another can help with law enforcement investigations but also puts data subjects at risk of data breaches. “The Commission’s Proposals would alter the structur... Read More

Notes from the IAPP Publications Editor, April 13, 2018

(Apr 13, 2018) Greetings from Portsmouth, NH! I write to you on this Friday the 13th after yet another crazy week in privacy news. Of course, much of the media's focus this week has been on the two-day testimony by Facebook CEO Mark Zuckerberg on Capitol Hill. On day one, our own Angelique Carson was on hand to document the super long lines and the relevant takeaways for privacy pros. If you need to catch up, be sure to check it out.  Over the years, I've covered dozens of congressional hearings, and for any... Read More

Exploring the potential privacy implications of a 'web 3.0'

(Apr 13, 2018) "To many privacy professionals, a 'user-centered internet for individuals' would only exist in a perfect utopian world," writes Duff & Phelps Regulatory Consultant Seth Litwack, CIPP/US, CIPM, CIPT. "Yet, as the blockchain ecosystem matures, individual control, trust and security are consistent themes that blockchain and cryptocurrency platforms are attempting to tackle. In the not-too-distant future, a cryptographically secured digital identity may allow us to 'trustlessly' complete transac... Read More