Looking beyond the fines: Accountability in light of FTC consent orders

(Nov 20, 2019) Over the last few months, a hot topic of privacy enforcement action has undoubtedly been the $5 billion U.S. Federal Trade Commission settlement with Facebook over the company’s alleged violation of a prior 2012 FTC consent order. While the high price tag of noncompliance has been the source of much discussion in privacy circles, the FTC settlement also makes a very strong statement in terms of the possible standard against which all companies’ privacy management programs may be measured going f... Read More

Perspective: Accountability rooted in FTC consent orders

(Nov 20, 2019) Most of the attention paid to recent consent orders from the U.S. Federal Trade Commission falls on the number after the dollar sign in each settlement. However, there are layers to these decrees and common themes among them. One commonality examined in a recent discussion paper from Hunton Andrews Kurth's Centre for Information Policy Leadership is an order's requirements for a comprehensive accountable privacy management program. CIPL Vice President and Senior Policy Counselor Markus Heyder an... Read More

Perspective: Pros, regulators should 'embrace the greater scope for privacy'

(Nov 15, 2019) The International Conference of Data Protection and Privacy Commissioners recently completed its 41st annual meeting in Tirana, Albania, and announced a new name for the organization: the Global Privacy Assembly. “However, I am concerned that the new name doesn’t reflect the complexity of the issues confronting this community so that data serves humanity rather than making people targets,” Information Accountability Foundation Executive Director and Chief Strategist Martin Abrams writes. In this... Read More

Panelists: Social media model should be banned

(Nov 15, 2019) In an op-ed for The Irish Times, technology journalist Karlin Lillington writes about her invitation to speak before the Grand International Committee on Disinformation. She said panelists argued the current social media business model is the foundation of serious problems and should be banned. “If we can better understand, and more adequately address these serious harms — the way they come about, how the platforms are utilised, the worrying support sometimes given by platforms that are intent o... Read More

Privacy and data protection: What's in a name?

(Nov 15, 2019) The International Conference of Data Protection and Privacy Commissioners recently completed its 41st annual meeting in Tirana, Albania, and announced a new name for the organization — the Global Privacy Assembly — and Friday, it officially launched its new name and logo.  These annual meetings are very important for coordinating regulators and giving direction to the whole privacy and data protection community about the way regulators want to drive oversight and enforcement to protect people. ... Read More

Inherently identifiable: Is it possible to anonymize health and genetic data?

(Nov 13, 2019) Nearly 25 million people have taken an at-home DNA testing kit and shared that data with one of four ancestry and health databases. With this proliferation of genetic testing and biometric data collection, there should be an increased scrutiny of the practices used to deidentify this data. Biometric data, namely genetic information and health records, is innately identifiable. This article looks at whether biometric data can ever truly be anonymized, the methods of deidentification and best prac... Read More

Can biometric data truly be anonymized?

(Nov 13, 2019) Nearly 25 million people have taken an at-home DNA testing kit and shared that data with one of four ancestry and health databases. “With this proliferation of genetic testing and biometric data collection, there should be an increased scrutiny of the practices used to deidentify this data,” Santa Clara University Juris Doctor Candidate Justin Banda, CIPP/US, writes in this piece for Privacy Perspectives. Banda looks at whether biometric data can ever truly be anonymized, as well as deidentifica... Read More

It’s 2019, so why are we still talking about opt-in consent?

(Nov 12, 2019) Once again, legislators are touting their opt-in consent bills as the revolutionary solution to all our privacy woes. Once again, they could not be more wrong. At a time when even our toasters are online, opt-in consent is a horse in a self-driving car world.   State Rep. David Santiago, R-Fla., announced in September 2019 that he is introducing a privacy bill that calls for opt-in consent because the “basic framework should always start with the opt-in option. All too often, and somewhere in s... Read More

Perspective: Why opt-in consent does not help consumers

(Nov 12, 2019) "Once again, legislators are touting their opt-in consent bills as the revolutionary solution to all our privacy woes," writes Polina Arsentyeva, CIPP/US. "Once again, they could not be more wrong. At a time when even our toasters are online, opt-in consent is a horse in a self-driving car world." She points out that several federal U.S. and state-based privacy bills include opt-in requirements, but she questions whether opt-in consent "is inherently better for consumers." In this opinion piece ... Read More

Cano: El CEO moderno y el CISO vigilante: del deber ser al poder ser  

(Nov 12, 2019) Los ejecutivos de seguridad y/o ciberseguridad deben desarrollar características claves que les permitan posicionarse como asesores estratégicos de los presidentes de empresas, llamados CEO (Chief Executive Officer), de tal forma que las capacidades de defensa y anticipación se conviertan en los referentes naturales de la estrategia corporativa y que, traducida en el lenguaje de los negocios, se presente bajo la distinción de confianza digital. Esta breve reflexión da cuenta de aquellos aspectos... Read More