FBI nabs website for selling breached records

(Jan 17, 2020) Silicon Republic reports the U.S. Federal Bureau of Investigation has shut down WeLeakInfo.com for selling personal records from data breaches over the last three years. According to the FBI, the website collected personal information from more than 10,000 data breaches and then sold access to the records for as little as $2. Types of records collected and sold included names, email addresses, usernames, phone numbers and unencrypted passwords. Meanwhile, the Federal Trade Commission announced f... Read More

NIST unveils first version of privacy framework

(Jan 17, 2020) The National Institute of Standards and Technology announced the release of the "NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management." Following stakeholder feedback on a draft of the framework, NIST's published framework provides "a useful set of privacy protection strategies" and "clarification about privacy risk management concepts." NIST Director Walter Copan said, "Privacy is more important than ever in today’s digital age. The strong support the Privacy ... Read More

EU regulators eyeing clampdown on digital assistants

(Jan 17, 2020) Bloomberg reports EU privacy regulators have their sights set on policing voice assistants following allegations of workers snooping on users. Luxembourg National Data Protection Commission President Tine Larsen has indicated regulators are working toward a unified approach to regulating big tech companies' voice assistant programs. "Because it’s a question of principle, the members of the (European Data Protection Board) should work out a common position in line with the consistency mechanism t... Read More

US financial regulators discuss cloud data obligations

(Jan 16, 2020) The Wall Street Journal reports U.S. financial regulators have reminded banks and brokers they are still responsible for consumer data stored on a third-party cloud. While attending a Financial Industry Regulatory Authority conference, Securities and Exchange Commission Senior Examiner Salvatore Montemarano explained how liability for cloud data breaches falls back on companies that own the data. “Even if you have identified who has responsibility for what controls, you’re still outsourcing your... Read More

Privacy, security among focuses for HHS IT strategy

(Jan 16, 2020) The U.S. Department of Health and Human Services has released its proposed "Federal Health IT Strategic Plan" for 2020 through 2025, HealthITSecurity reports. Drawn up with the Office of the National Coordinator for Health Information Technology, the strategy seeks to improve patient privacy by putting "individuals first" and empowering them more through data- and consent-driven health apps and IT research. "ONC, along with our partners across the federal government, strive to promote a health I... Read More

Report: UK, US to potentially increase personal data sharing

(Jan 15, 2020) Infosecurity Magazine reports leaked trade documents indicate the U.S. and U.K. may explore different mechanisms for increasing their cross-border data transfers. The "Data: UK’s overarching data protection regime, and Free Flow of Data" document reveals the U.K. may seek to avoid adequacy mechanisms, like the current EU-U.S. Privacy Shield, under the notion that adequacy is "a flawed system." The U.K. also indicates in the document it may turn to the APEC Cross-Border Privacy Rules certificatio... Read More

US court approves $1.38B Equifax class-action settlement

(Jan 15, 2020) The U.S. District Court Northern District of Georgia has signed off on Equifax's $1.38 billion class-action settlement over its 2017 data breach, BankInfoSecurity reports. According to Chief Judge Thomas Thrash Jr.'s decision, Equifax will put $1 billion toward improving its data security, while a maximum of $31 million in damages will be distributed among affected consumers. "This settlement is the largest and most comprehensive recovery in a data breach case in U.S. history by several orders o... Read More

A proposal to help resolve federal privacy preemption

(Jan 13, 2020) There are signs that U.S. Congress is getting closer to a bipartisan approach to federal privacy legislation. In the Senate Committee on Commerce, Science, and Transportation, draft bills by Sens. Chairman Roger Wicker, R-Miss., and Ranking Member Maria Cantwell, D-Wash., contain important similarities on a wide range of issues. As Cameron Kerry of the Brookings Institution has explained, the two bills “adopt the same general framework: a set of individual rights combined with boundaries on how ... Read More

Perspective: How Congress can resolve federal privacy preemption

(Jan 13, 2020) There has been some movement from U.S. Congress on federal privacy legislation over the past couple of months. A pair of partisan bills has been proposed on Capitol Hill; however, they differ on key topics, such as state preemption and how the laws will be enforced. In this piece for Privacy Perspectives, Alston & Bird's Peter Swire and Future of Privacy Forum's Pollyanna Sanderson offer a proposal on how Congress can bridge the gap on a federal privacy law. "In our work, we are not seeking ... Read More

South Korean court finds privacy officer liable for data breach

(Jan 10, 2020) According to Hunton Andrews Kurth's Privacy & Information Security Law Blog, the Seoul Eastern District Court has ruled a South Korean privacy officer was negligent in preventing a 2017 data breach that affected 494,000 combined customers and employees. Hana Tour Service's Kim Jin-Hwan was charged with violations of South Korea’s Personal Information Protection Act and the Network Act. The court's decision includes a 10 million won fine for Hwan in addition to a previous 327.25 million won f... Read More