FTC approves final settlement over stalking apps

(Mar 30, 2020) The U.S. Federal Trade Commission announced the approval of its final settlement with Retina-X Studios regarding violations stemming from its three stalking apps. The app developer was alleged to have breached the Children's Online Privacy Protection Act while failing to adopt appropriate information security measures or conduct proper oversight with its service providers. The settlement prohibits Retina-X and its owner from developing and marketing apps that don't have legitimate purpose while ... Read More

A look at potential Zoom privacy concerns

(Mar 27, 2020) According to Consumer Reports, many online users are unaware of the privacy pitfalls that come with using teleconference platform Zoom. The platform's privacy policy permits the collection and storage of personal information from most Zoom activities while allowing that information to be shared with third-party advertisers. Full Story... Read More

Australian government walks back claim MyGov site crashed due to cyberattack

(Mar 26, 2020) The Australian government walked back on a claim that the MyGov website crashed due to a cyberattack, News.com.au reports. Minister for Government Services Stuart Robert said the site was down due to a distributed-denial-of-service attack; however, MyGov had crashed due to an increase in traffic. The website has seen a surge in activity due to the COVID-19 pandemic.Full Story... Read More

COVID-19 updates from EU, Ireland, Netherlands and US

(Mar 26, 2020) As the COVID-19 pandemic continues, here are the latest stories on how the outbreak has affected privacy: The World Health Organization is advising those offering technological aid to combat COVID-19 to be mindful of privacy and human rights, Reuters reports. Euractiv reports the European Commission hopes to use COVID-19 to demonstrate the EU's open data policy and data use for the "common good." The U.S Department of Health and Human Services' Office for Civil Rights issued guidance on how... Read More

NY SHIELD Act takes effect

(Mar 25, 2020) According to Hunton Andrews Kurth's Privacy & Information Security Law Blog, New York's Stop Hacks and Improve Electronic Data Security Act took force March 21. The law calls on covered organizations to implement a data security program with appropriate administrative, technical and physical safeguards for the personal information of New York residents. Companies found to be violating the SHIELD Act will be subject to a $5,000 fine for each violation.Full Story... Read More

CNIL discusses BYOD best practices

(Mar 25, 2020) France's data protection authority, the CNIL, published guidance on best practices for privacy and data security associated with the bring-your-own-device concept. The CNIL noted employers are responsible for the security of company data stored on devices that are not their own, including an employee's personal device. Additionally, the CNIL recommended BYOD issues can be reduced by risk assessment and formalized measures within security policies. (Original post is in French.)Full Story... Read More

Finding encryption's place in privacy law

(Mar 24, 2020) In a piece for CMSWire, Securiti.ai Product Lead Anas Baig provides a breakdown of how encryption meshes with privacy regulations around the world. Baig goes into detail on what privacy laws in the U.S., EU, Canada, Brazil and others say about the deployment of encryption. Additionally, Baig lays out the fines associated with encryption while offering best practices for companies implementing it into their systems. "In this era of data privacy, encryption is no longer an option, but rather a nec... Read More

European Commission puts emphasis on encryption

(Mar 23, 2020) The European Commission is enhancing security efforts by adopting end-to-end encryption app Signal for communications “outside of critical or sensitive exchanges,” Euractiv reports. The European External Action Service also created a secure instant messaging platform to be used to exchange “EU restricted” information. “The EU has demonstrated, through its creation of a new messaging tool and its adoption of Signal, that it is putting an emphasis on encryption,” the article states.Full Story... Read More

Open cloud server exposes 200M user records

(Mar 23, 2020) CyberNews reports researchers discovered an unsecured Google Cloud database containing the personal information of more than 200 million Americans. The server belonged to an unidentified party and contained full names, email addresses, phone numbers and financial information related to mortgage loans. The data was exposed for an unknown period of time before an unidentified party deleted the information March 3. Meanwhile, U.S. District Court Judge Charles Breyer in San Francisco has granted fin... Read More

Podcast: What happens to data privacy in a pandemic?

(Mar 20, 2020) It's a scary time by any standard. There's news every day about the latest number of those infected by an invisible danger that'll make some sick and kill others, and to stay safe, we have to stay away from each other in a time when we most need each other for support. And when we're scared, sometimes we make decisions based on fear. In this episode of The Privacy Advisor Podcast, Michelle De Mooy, of DeMOOY Consulting and former director of privacy and data at the Center for Democracy and Techn... Read More